Skip to main content

Apple iPhone OS 3.0 Software Closes 46 Security Holes

According to a document posted yesterday on Apple's website, the latest iPhone OS 3.0 Software Update has managed to close a total of 46 documented vulnerabilities in one swoop.

Apple says that it does not disclose, discuss or confirm security issues for the protection of its customers "until a full investigation has occurred and necessary patches are available". The vulnerabilities affect all versions of iPhone and iPod Touch.

Around half of the security vulnerabilities concern Safari and Webkit which are essential for internet access. One concerns the prospect of remote code execution that can take place simply if a user visit a compromised website or views a booby-trapped picture.

Six security fixes target the iPhone's CoreGraphics with changes to the PDF file management as well as FreeType v2.3.8, the font engine used by the iPhone OS.

Other security fixes relate to ICMP echo requests, JavaScript, page transitions, color strings, cross-site scripting, memory corruption, HTMLSelectElement objects, SVG images, random number generation, XMLHttpRequest headers, CSS elements, document transformations, and Location or History objects.

and join more than 1550 other followers.

Our Comments

There are more than 40 million iPhone and iPod Touch worldwide, this makes them a rather tasty target for potential hackers who would count on the relatively relaxed approach to security that apparently characterises mobile device users. Good thing Apple closed those gaps but then, how many more remain in the 250MB worth of code.

Related Links

About the security content of iPhone OS 3.0 Software Update

http://bit.ly/KB5QH

iPhone OS 3.0 Has a Huge Security Side

http://bit.ly/3wYWC

iPhone 3.0 firmware fixes security vulnerabilities

http://bit.ly/14waLa

Apple iPhone 3.0 software update patches security holes

http://bit.ly/PheOL

Security Improvements Punctuate IPhone 3.0

http://bit.ly/OjnlF

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.