Secunia rated the 12 flaws "highly critical" and said the vulnerabilities could be maliciously exploited to bypass certain security restrictions, disclose sensitive information, conduct spoofing attacks, cause a denial-of-serve condition or potentially compromise a user's system.
A flaw in WebKit, the open-source application framework, could be exploited to disclose sensitive information to a person with physical access to an unlocked device.
Vulnerabilities in CoreGraphics, ImagelO, Safari and Office Viewer all could lead to unexpected application termination or arbitrary code execution if a user views a maliciously crafted website, Microsoft Excel file, or TIFF image.
Other vulnerabilities in Safari may lead to interface spoofing exploits or initiation of a phone call without user interaction. Meanwhile, flaws in ImagelO may lead to unexpected device reset through viewing a maliciously crafted TIFF image.
A vulnerability in Networking, a feature of iPhone, could lead to encryption reverting to a lower setting.
The update also fixes two vulnerabilities in Passcode Lock — one that could have allowed users to make emergency calls to any number, and another that could have allowed a person to launch applications without a passcode.