Holy iPhone handset holed, Sophos says

IT insecurity outfit Sophos is warning that Apple has left a number of more elderly iPhones and iPads open to malicious attack.

While new iOS 4.3 update includes a number of critical security patches, these are not being offered for older models of the iPhone and iPod Touch, leaving some of these with their virtual trousers round their milky-white ankles.

The extra security features are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on the Apple devices, Sophos warns.

The iOS 4.3 update is only compatible with the iPhone 3GS and later, the iPod touch 3rd generation and later, in addition to both the iPad and the imminent iPad 2.

"If you have an earlier iPhone or iPod Touch, your device is potentially vulnerable to attacks which could exploit these known security holes, and there is no official patch available for you to protect yourself," said Graham Cluley, senior technology consultant at Sophos. "That's bad news for the very many people who still have an iPhone 3G, for instance. If you were looking for an excuse to upgrade your iPhone or iPod Touch - maybe you've just been given a good one by Apple. But if you were happy with your iPhone 3G, I doubt you're feeling too good about having to reach into your pocket."

Security fixes in the iOS update include protecting against maliciously-crafted TIFF image files that could be used to run malicious code, and multiple memory corruption issues in 'WebKit', which could mean that visiting a booby-trapped website could lead to the execution of unauthorised code. Earlier iDevices remain vulnerable to such attacks.