Apple iPhone OS 3.0 Software Closes 46 Security Holes

According to a document posted yesterday on Apple's website, the latest iPhone OS 3.0 Software Update has managed to close a total of 46 documented vulnerabilities in one swoop.

Apple says that it does not disclose, discuss or confirm security issues for the protection of its customers "until a full investigation has occurred and necessary patches are available". The vulnerabilities affect all versions of iPhone and iPod Touch.

Around half of the security vulnerabilities concern Safari and Webkit which are essential for internet access. One concerns the prospect of remote code execution that can take place simply if a user visit a compromised website or views a booby-trapped picture.

Six security fixes target the iPhone's CoreGraphics with changes to the PDF file management as well as FreeType v2.3.8, the font engine used by the iPhone OS.

Other security fixes relate to ICMP echo requests, JavaScript, page transitions, color strings, cross-site scripting, memory corruption, HTMLSelectElement objects, SVG images, random number generation, XMLHttpRequest headers, CSS elements, document transformations, and Location or History objects.

and join more than 1550 other followers.

Our Comments

There are more than 40 million iPhone and iPod Touch worldwide, this makes them a rather tasty target for potential hackers who would count on the relatively relaxed approach to security that apparently characterises mobile device users. Good thing Apple closed those gaps but then, how many more remain in the 250MB worth of code.

Related Links

About the security content of iPhone OS 3.0 Software Update

iPhone OS 3.0 Has a Huge Security Side

iPhone 3.0 firmware fixes security vulnerabilities

Apple iPhone 3.0 software update patches security holes

Security Improvements Punctuate IPhone 3.0