Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.

1) An error when handling a validation failure of a AppleID certificate within the IdentityService can be exploited to potentially bypass the certificate-based AppleID authentication via an invalid AppleID certificate.

2) An error exists in International Components for Unicode.

For more information see vulnerability #2 in:
SA48618

3) An input validation error within the kernel can be exploited to bypass the validation check by using a pointer length of less than a page and access the first page of kernel memory.

4) An error when handling the JavaScript preferences of Safari in StoreKit can be exploited to re-enable JavaScript without user notice by visiting a site displaying a Smart App Banner.

5) Multiple vulnerabilities are caused due to a bundled vulnerable version of WebKit.

For more information:
SA49724
SA50105
SA50577

6) An unspecified error within WebKit can be exploited to corrupt memory.

7) Another unspecified error within WebKit can be exploited to corrupt memory.

8) Another unspecified error within WebKit can be exploited to corrupt memory.

9) Another unspecified error within WebKit can be exploited to corrupt memory.

10) Another unspecified error within WebKit can be exploited to corrupt memory.

11) Another unspecified error within WebKit can be exploited to corrupt memory.

12) Another unspecified error within WebKit can be exploited to corrupt memory.

13) Another unspecified error within WebKit can be exploited to corrupt memory.

14) Another unspecified error within WebKit can be exploited to corrupt memory.

15) Another unspecified error within WebKit can be exploited to corrupt memory.

16) Another unspecified error within WebKit can be exploited to corrupt memory.

17) Another unspecified error within WebKit can be exploited to corrupt memory.

Successful exploitation of vulnerabilities #3 and #5 through #17 may allow execution of arbitrary code.

18) Certain input pasted from a different origin is not properly sanitised in WebKit before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

19) Certain unspecified input related to frame handling is not properly sanitised before being returned to the user.

For more information see vulnerability #1 in:
SA50759

NOTE: Additionally a weakness exists within the handling of 802.11i information elements within Broadcom's BCM4325 and BCM4329 firmware, which can be exploited to disable WiFi.

Solution
Apply iOS 6.1 Software Update.

Provided and/or discovered by
1, 9, 13, and 14) Reported by the vendor

The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison, BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53

Original Advisory
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers