Along with offering a variety of new features and capabilities, the Version 3.0 firmware for the iPhone and iPod touch also addresses a long list of security vulnerabilities. CoreGraphics bounds and error checking have been improved to prevent maliciously crafted images or PDF files from terminating applications or executing arbitrary code. Bounds checking in FreeType v2.3.8 has also been reworked to prevent integer overflows.

To fix an issue with Exchange server certificates, the update correctly handles untrusted certificate exceptions. Vulnerabilities were also addressed with PNG image validation, invalid byte sequence handling, memory leaks in the raccoon daemon and libxml2 V2.6.16. Mail improvements include remote image loading in HTML messages, and retaining the call approval dialog to prevent placing a call without the user's interaction.

A number of other security fixes relate to Safari, ICMP echo requests, JavaScript, page transitions, color strings, cross-site scripting, memory corruption, HTMLSelectElement objects, SVG images, random number generation, XMLHttpRequest headers, CSS elements, document transformations, and Location or History objects.

The iPhone 3.0 firmware is available from iTunes as a free download for iPhone users, while iPod touch owners must pay $10.