iPhone update closes critical security holes
Firmware update 2.1 for Apple's iPhone closes a number of security holes, some of which are critical. The vendor says that attackers can exploit vulnerabilities to get around security restrictions in the application sandbox. This allows them to modify the DNS cache, limit the functionality of the device, and execute arbitrary malicious code. In short, you are in danger if you install untrustworthy applications or surf the net with older firmware. The developers have also closed the hole in the passcode lock.
Users are therefore advised to install the update immediately. Even those using a cracked iPhone in combination with Mac OS X should not wait. As the iPhone Dev Blog reports, PwnageTool 2.1 and QuickPwn 1.1 now support the new firmware. Unfortunately, so far the Windows tools do not. Windows users therefore currently face a tough decision – stop using the iPhone or accept the risks.
- About the security content of iPhone v2.1, Safety instructions from Apple.