updated 06:35 pm EST, Mon November 12, 2007
iPhone, iPod touch v1.1.2
Apple today officially released the iPhone v1.1.2 and iPod touch v1.1.2 firmware and software updates via its iTunes software. The software, which was found on Apple's own servers last Thursday and shipped with iPhones in the UK and Germany this past weekend, will not appear in the computer's Software Update application, or in the Apple Downloads site, the Cupertino-based company noted. Apple officially acknowledged that the update closed a critical security flaw that affected previous versions and has been exploited to allow users to "jailbreak" the devices to gain access to the file system and install third-party applications. Over the weekend, however, hackers found yet another method to hack the OS software to install third-party applications, offering both a tutorial and software to help users "jailbreak" the devices.
In addition, users also found ways to unlock iPhone v1.1.2 for use on third-party GSM mobile networks.
Apple's documentation confirmed that viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. ImageIO, the company said, contains a version of libtiff that is vulnerable to multiple buffer overflows.
"By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issues by performing additional validation of TIFF
images," the company notes in its documentation. The issues, however, do not affect Mac OS X v10.3.9 systems with Security Update 2006-004, Mac OS X v10.4.7 systems with Security Update 2006-004, or systems running Mac OS X v10.4.8 or later.
Despite a widespread call for fixes and minor feature enhancements for usability, Apple did not provide any other details on the release or other bug fixes. The report did bring international keyboards and region-specific formatting to the device.
Earlier in the day, however, it began telling press outlets that it plans future updates for the iPhone, but only after the company ensured adequate testing.