Apple's iOS 4.3 fixes security holes
Apple has released version 4.3 of its iOS mobile operating system, an update that adds several new features to its mobile devices and closes a number of security holes. According to Apple, the iOS update corrects multiple vulnerabilities in the FreeType rendering library for TrueType and PostScript fonts used by CoreGraphics, buffer overflow issues in ImageIO and a remote code execution hole in the libxml library, as well as a bug in iOS networking that could allow a server to identify a device across connections.
Other fixes correct problems in the mobile version of the Safari web browser that could, for example, cause it to exit on launch or prevent cookies from being cleared via the Safari settings. However, most of the vulnerabilities addressed are within the Safari WebKit-based browser engine, which means that victims need only visit a specially crafted web site to be infected with malware in a variety of ways.
Users can update their iOS-based mobile devices via the latest version of iTunes. However, an update for the Verizon Wireless (CDMA) version of the iPhone has yet to be released.
The company has also issued an update for its Apple TV product, version 4.2. Apple TV is based on iOS and, as such, addresses a number of the same vulnerabilities noted above.
See also:
- About the security content of iOS 4.3, security advisory from Apple.
- About the security content of Apple TV 4.2, security advisory from Apple.
(crve)