Apple released an update for its popular iPhone on Thursday, fixing a dozen security flaws in the device's software, including the browser, the code for handling images and graphics, and its utility for viewing Office files.
The patch, which updates the iPhone's firmware to version 2.2, includes four critical vulnerabilities that could allow an attacker to exploit the device and run their own program. Those most severe issues include a memory handling issue in Safari and two image processing issues that could allow a Web site to run an untrusted program on the iPhone. The fourth critical vulnerability occurs in the way the OfficeViewer handles Microsoft Excel files, the company stated in its advisory.
The company closed security holes in the iPhone in September, upgrading the software to version 2.1. In July, Apple upgraded its iPhone and iPod Touch firmware to version 2.0, fixing at least thirteen security holes.
Three of the issues patched in the current update affect the iPhone's screen lock feature that forces the user to enter a password before using the phone. The company found that, after the device is updated, the password locking feature may not be turned on. The update also limits calls using the "emergency" feature, which bypasses the iPhone's passcode, to only go to a limited set of numbers and prevents SMS messages from displaying their content during emergency calls.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos