iPhone 2.0 security fixes

Apple on Friday released security documentation for the iPhone and iPod touch 2.0 operating system, citing various fixes to Safari, Webkit, Kernel, and CFNetwork that prevent a number of malicious activities. CFNetwork was tweaked to increase security regarding malicious proxy servers delivering arbitrary data in the form of a 502 Bad Gateway error, allowing for website spoofing. The Kernel was fixed as well, to prevent unexpected device resets from remote sources.

Safari was the recipient of seven fixes, which have been resident in every prior iPhone operating system version. The update resolves vulnerabilities regarding Unicode formatting, malicious code susceptibility, remote operation or code termination, and XML document handling.

Webkit saw three fixes, again present in the iPhone's operating system from v1.0 to v1.1.4, targeted at maliciously crafted webpages or URLs, which could result in arbitrary code execution, or other remote hostile actions.

by MacNN Staff