[NPMUG] Apple update fixes 46 iPhone security vulnerabilities

[Dave Sevick]

http://www.sophos.com/blogs/gc/g/2009/06/18/apple-update-fixes-46-iphone-security-vulnerabilities/

Apple update fixes 46 iPhone security vulnerabilities

To some fanfare, Apple has released the latest version of its iPhone  
operating system to an eagerly-awaiting world.

Existing iPhone users can update their operating system via iTunes to  
version 3.0, and take advantage of a number of longed-for new features  
such as cut-and-paste, and a landscape virtual keyboard.

What's most interesting to us, however, is that Apple has also  
included a number of important security patches inside this update,  
making it important for users to patch as quickly as possible.

According to an advisory on Apple's website, iPhone OS 3.0 patches 46  
vulnerabilities, including some that could potentially allow hackers  
to run malicious code on a user's iPhone if they visited a booby- 
trapped website or viewed a specially-crafted image file.

Fortunately we haven't come across any examples of hackers creating  
malware to exploit these vulnerabilities so far.

iPod Touch customers are also vulnerable to some of these security  
issues, and are being offered the update to version 3.0 of the  
operating system. However, unlike their iPhone-owning friends, they  
are required to pay $9.95 (£5.99 in the UK) for the privilege.

There's no doubt that some iPod Touch users will be unhappy that they  
have to pay for their devices to be fixed, and it's certainly unusual  
for a company to charge for important security patches like this. In  
an ideal world Apple would make free fixes available for iPod Touch  
users who don't feel they need cut-and-paste and other new features,  
but do want to be able to use the internet securely.

Posted on June 18th, 2009 by Graham Cluley, Sophos



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://davesevick.com/pipermail/npmug/attachments/20090619/1a6829a6/attachment.htm