With the release of iOS 6.0, Apple not only delivers several new features to the mobile operating system but also closes an impressive number of security vulnerabilities. The major update deals with a list of almost 200 CVE items, some of which each apply to several vulnerabilities.
The problems grant hackers almost free reign: they range from a hole that lets attackers circumvent the passcode on the lock screen, to the ability to fake text message sender information, and to code injection through specially prepared web sites or media files. For many of the exploits, Apple provides short one or two sentence explanations of their outcomes.
However, Apple does not provide information about one important vulnerability, even though it is actually quite dangerous. Caused by an error in the way the operating system parses some configuration files, the hole allows attackers to pretend an important system update is available for the user's device. This update appears to be signed by Apple or the user's mobile carrier, when in fact it is completely fake. If the user installs the so-called "update", the malicious configuration file is able to change critical system settings.
Continued : http://www.h-online.com/security/news/item/Apple-closes-numerous-security-holes-with-iOS-6-1713012.html
See Vulnerabilities & Fixes : Apple iOS Multiple Vulnerabilities