iPhone 3.0 firmware fixes security vulnerabilities
updated 03:10 pm EDT, Wed June 17, 2009
iPhonr security fixes
Along with offering a variety of new features and capabilities, the Version 3.0 firmware for the iPhone and iPod touch also addresses a long list of security vulnerabilities. CoreGraphics bounds and error checking have been improved to prevent maliciously crafted images or PDF files from terminating applications or executing arbitrary code. Bounds checking in FreeType v2.3.8 has also been reworked to prevent integer overflows.
To fix an issue with Exchange server certificates, the update correctly handles untrusted certificate exceptions. Vulnerabilities were also addressed with PNG image validation, invalid byte sequence handling, memory leaks in the raccoon daemon and libxml2 V2.6.16. Mail improvements include remote image loading in HTML messages, and retaining the call approval dialog to prevent placing a call without the user's interaction.
A number of other security fixes relate to Safari, ICMP echo requests, JavaScript, page transitions, color strings, cross-site scripting, memory corruption, HTMLSelectElement objects, SVG images, random number generation, XMLHttpRequest headers, CSS elements, document transformations, and Location or History objects.
The iPhone 3.0 firmware is available from iTunes as a free download for iPhone users, while iPod touch owners must pay $10.
Dedicated MacNNer
Joined: Jan 2001
Fix for error post d/l
If you get a server error after you download the update--something about authentication--just turn your network connection off as it's preparing to install the update and it should work.