Apple’s iOS 4 update fixes 65 vulnerabilities

Apple has released version 4.0 of its iOS mobile operating system, formerly know as the iPhone OS, closing a total of 65 vulnerabilities, some of which could be used by an attacker to take remote control of the device. According to Apple, several of the vulnerabilities could, for example, lead to the execution of arbitrary code on a user’s device or to a cross-site scripting (XSS) attack. For an attack to be successful, a victim would first have to open a maliciously crafted TIFF image, JPEG image or website. Fifty of the security issues addressed – several of which were reported to Apple by TippingPoint’sZero Day Initiative – are related to WebKit, the browser engine upon which the iOS version of the Safari web browser is based.

The iOS 4 update is only available for iPhone 3G and 3GS and second and third generation iPod Touch devices. Apple’s latest iPhone 4, which comes out on Thursday, will ship with iOS 4 by default. The company has yet to confirm if it will issue a separate security update for first generation iPhone and iPod Touch devices. The most recent update for the first generation devices is iPhone OS 3.1.3 from early February.

More details about the vulnerabilities fixed in the update can be found in the security advisory from Apple linked below. Users can upgrade to iOS 4 via iTunes 9.2, which was released last week. All users are advised to update as soon as possible.

Source.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: