iPhone iOS4 update plugs 60 security holes

Yesterday's iOS4 update to Apple's iDevices didn't only add lots of new toys for iPhone users to play with, it also plugged more than 60 security holes found in previous versions of the mobile OS.

The flaws include problems with the Application Sandbox which could allow unauthorised access to a user's iPhoto library, a hole in the CF Network which could cause allow execution of arbitrary code, and a whole host of other security bugs relating to ImageIO, Passcode Lock, Safari and a list of WebKit weaknesses as long as your arm.

Nearly every one of the listed flaws requires users to physically interact with a maliciously-crafted web site, so be careful out there, kids.

You can see a full list of the patches along with descriptions of the potential risks here.

Apple says: "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."

It also likes to keep thing quiet when it does find "security issues", to maintain the pretence that all is happy and secure in its walled iGarden, apparently.