Apple released six updates for its products on Thursday, fixing ten security issues in its three-month-old mobile phone and a number of performance and stability problems in its iWork productivity applications, iTunes for Windows and iWeb.
The update to the iPhone, which brings the device's firmware up to version 1.1.1, fixes seven flaws in the MobileSafari Web browser that ships with the device as well as two Mail vulnerabilities and a Bluetooth security issue. Only the Bluetooth issue appears to allow a remote compromise; the other flaws could lead to information disclosure or allow cross-site scripting attacks.
Apple stressed that the update is only available through iTunes, which is normally set to check for updates on a weekly schedule.
"The automatic update process may take up to a week depending on the day that iTunes checks for updates," the company stated in its advisory. "You may manually obtain the update via the 'Check for Update' button within iTunes. After doing this, the update can be applied when your iPhone is docked to your computer."
Hardware hackers worldwide have kept up a sustained effort this summer to crack the iPhone. Several serious vulnerabilities have been found in software included with the device, and hackers have discovered ways to get non-Apple software to install and run on the iPhone. In August, a college student and a group of hackers announced separate ways of modifying the iPhone to allow other cellular carriers to be used, rather than AT&T.
Apple warned in the click-wrap agreement accompanying Thursday's patch that the software fix would likely break phones that had been modified. It's not clear if the anti-modification measure is an intentional feature of the patch.
The updates for iWork correct performance issues in the three applications that make up Apple's productivity suite: Pages, Numbers, and Keynote. The company also released firmware fixes for its Intel systems.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos