Apple's iOS 6.1 Software Update has introduced a range of security fixes, one of which fixes the ability for hackers to override the Mobile Safari JavaScript Settings.

The bug inside iOS would inadvertently re-enable JacaScript inside Mobile Safari without user interaction after they visited a webpage with one of Apple's new Smart App Banners.

Smart App Banners are used by websites to promote Apps on the app store.

Smart App Banner

A Smart App Banner being used on the Macworld UK website

JavaScript is used by many websites to provide enhanced user interfaces and dynamic features. While it is included in most web browsers, it does present some security issues and many security conscious users prefer to disable JavaScript. Apple used JavaScript, for example, to hide a court-ordered statement relatingt to Samsung on its website.

Users can elect to turn JavaScript off, however, on the iPad. This can be done in iOS by visiting Settings > Safari and tapping Javascript to Off.

Apple's iOS 6.1 update helps ensure that once JavaScript is turned off, it stays off.

JavaScript Off

JavaScript setting set to off. Visiting a website with a Smart App Banner no longer turns the website back on

Apple's release notes state:

"If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner."