Update for iPhone and iPod touch
Apple has released updated firmware for the iPhone and iPod touch. The update, version 1.1.3, fixes three vulnerabilities in the iPhone and two in the iPod. One of these is classified by Apple as critical, as it allows an attacker to execute arbitrary code on a device. The bug is exploited by calling specially formed URLs. It's also possible to bypass the Passcode Lock on the iPhone to launch protected applications using a bug in the device's emergency call function. Apple has also fixed a cross-site scripting vulnerability in the mobile version of their Safari browser. This could be used to capture confidential information.
The update also adds new functionality, including the ability to show the user's current position on Google Maps, the ablity to design your own home screen and sending texts to multiple recipients. The update is installed automatically by iTunes.
- About the security content of iPhone v1.1.3 and iPod touch v1.1.3, security advisory from Apple
(mba)