Text Size

iPhone 3.0 firmware fixes security vulnerabilities

updated 03:10 pm EDT, Wed June 17, 2009

iPhonr security fixes

Along with offering a variety of new features and capabilities, the Version 3.0 firmware for the iPhone and iPod touch also addresses a long list of security vulnerabilities. CoreGraphics bounds and error checking have been improved to prevent maliciously crafted images or PDF files from terminating applications or executing arbitrary code. Bounds checking in FreeType v2.3.8 has also been reworked to prevent integer overflows.

To fix an issue with Exchange server certificates, the update correctly handles untrusted certificate exceptions. Vulnerabilities were also addressed with PNG image validation, invalid byte sequence handling, memory leaks in the raccoon daemon and libxml2 V2.6.16. Mail improvements include remote image loading in HTML messages, and retaining the call approval dialog to prevent placing a call without the user's interaction.

A number of other security fixes relate to Safari, ICMP echo requests, JavaScript, page transitions, color strings, cross-site scripting, memory corruption, HTMLSelectElement objects, SVG images, random number generation, XMLHttpRequest headers, CSS elements, document transformations, and Location or History objects.

The iPhone 3.0 firmware is available from iTunes as a free download for iPhone users, while iPod touch owners must pay $10.

 
Previous Comments

Fix for error post d/l

06/17, 04:18pm reply

If you get a server error after you download the update--something about authentication--just turn your network connection off as it's preparing to install the update and it should work.

rlorenc

Dedicated MacNNer

Joined: Jan 2001

0

yeah

06/18, 06:43pm reply

And will they never fix this for the 2.0 OS? Oh, right. It's Apple. It's OK if they charge for updates, or just never update the previous OS. Just get the latest version, with all the other stuff you may not want or breaks your apps.

testudo

Fresh-Faced Recruit

Joined: Aug 2001

0

Popular News