iOS 5.0.1 Released
Apple has released iOS 5.0.1 to address an array of concerns including the battery life issue reported by some users. This update also fixes the unsigned code access to Standard Data Management and Frameworks demonstrated by @0xCharlie (Charlie Miller). His discovery exposed a weakness in Apple's code approval process. There is NO THREAT to the general user population. The logic error discovered by @0xCharlie took advantage of failures in mmap system calls checking of flags. This allowed any application to execute code at a level similar to Mobile Safari. Malicious Applications could use objects/classes such as NSURL, NSURLRequest, NSURLConnection and NSXMLParser to fetch additional code to execute in memory from a remote source. This opened a possible pathway in which a malicious actor can execute unsigned code or possibly launch a more complex exploit. Charlie Miller's application represents no threat to any user. However malicious actors have the capability and technical knowledge to duplicate his findings very easily. Users should update their version of iOS immediately on compatible devices.