Apple's iOS 4 update fixes 65 vulnerabilities
Apple has released version 4.0 of its iOS mobile operating system, formerly know as the iPhone OS, closing a total of 65 vulnerabilities, some of which could be used by an attacker to take remote control of the device. According to Apple, several of the vulnerabilities could, for example, lead to the execution of arbitrary code on a user's device or to a cross-site scripting (XSS) attack. For an attack to be successful, a victim would first have to open a maliciously crafted TIFF image, JPEG image or website. Fifty of the security issues addressed – several of which were reported to Apple by TippingPoint's Zero Day Initiative – are related to WebKit, the browser engine upon which the iOS version of the Safari web browser is based.
The iOS 4 update is only available for iPhone 3G and 3GS and second and third generation iPod Touch devices. Apple's latest iPhone 4, which comes out on Thursday, will ship with iOS 4 by default. The company has yet to confirm if it will issue a separate security update for first generation iPhone and iPod Touch devices. The most recent update for the first generation devices is iPhone OS 3.1.3 from early February.
More details about the vulnerabilities fixed in the update can be found in the security advisory from Apple linked below. Users can upgrade to iOS 4 via iTunes 9.2, which was released last week. All users are advised to update as soon as possible.
- About the security content of iOS 4, security advisory from Apple.
- Apple's iTunes 9.2 fixes security vulnerabilities, a report from The H.
- iPhone leak is getting bigger, a report from The H.
- Vulnerability in iPhone data encryption, a report from The H.