Apple closes TIFF hole in iPhone
Apple has released firmware update 1.1.2 for the iPhone and iPod Touch to remedy the flaws discovered in the TIFF library that iPhone owners have used to execute their own program code. Once the update has been installed from iTunes, manipulated TIFF files will no longer execute third-party software on the iPhone; remote attackers had also been able to inject arbitrary malicious code through the hole.
iPhone users who want to execute their own code on their devices will have to wait for the release of the Software Development Kit (SDK), scheduled for February 2008. At the same time, software and instructions on how to install the firmware update without losing the ability to use third-party software are already in circulation on the net, for example at the Unofficial Apple Weblog. Those who surf the internet with their iPhone or iPod Touch should install update 1.1.2 as soon as possible to prevent criminals from injecting malicious code onto their units via manipulated websites or emails.
- About the security content of iPhone v1.1.2 and iPod Touch v1.1.2 Updates, Apple's security advisory