Mobile, DDOS, Patch Management

iPhone and iPod touch 2.2 update addresses flaws

November 24, 2008

Apple has issued software update 2.2 for its iPhone and iPod Touch devices to fix multiple vulnerabilities which could lead to disclosure of sensitive information and a number of other issues.

Secunia rated the 12 flaws "highly critical" and said the vulnerabilities could be maliciously exploited to bypass certain security restrictions, disclose sensitive information, conduct spoofing attacks, cause a denial-of-serve condition or potentially compromise a user's system.

A flaw in WebKit, the open-source application framework, could be exploited to disclose sensitive information to a person with physical access to an unlocked device.

Vulnerabilities in CoreGraphics, ImagelO, Safari and Office Viewer all could lead to unexpected application termination or arbitrary code execution if a user views a maliciously crafted website, Microsoft Excel file, or TIFF image.

Other vulnerabilities in Safari may lead to interface spoofing exploits or initiation of a phone call without user interaction. Meanwhile, flaws in ImagelO may lead to unexpected device reset through viewing a maliciously crafted TIFF image.

A vulnerability in Networking, a feature of iPhone, could lead to encryption reverting to a lower setting.

The update also fixes two vulnerabilities in Passcode Lock — one that could have allowed users to make emergency calls to any number, and another that could have allowed a person to launch applications without a passcode.

prestitial ad