Technology news and Jobs 
VIRTUALISATION Laundry list of security fixes in iPhone 3.0
VIRTUALISATION Laundry list of security fixes in iPhone 3.0 | Laundry list of security fixes in iPhone 3.0 |
|
| by Stephen Withers | |
| Thursday, 18 June 2009 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
Not surprisingly, some of the issues are familiar from previous Mac OS X updates. Examples include the handling of malicious PDF and other files, the processing of certain Unicode strings, and clickjacking. iPhone 3.0 also includes updated versions of FreeType and libxml2, as recently seen in Mac OS X. Other issuess appear to be iPhone OS specific. The way untrusted Exchange server certificates are handled has been tightened up, Mail now has a preference to turn off the automatic loading of remote images, and a trick that could allow calls to be placed without user approval has been thwarted. MPEG-4 playback has been tweaked to prevent maliciously crafted videos causing the device to reset, installing a configuration profile no longer allows the overriding of a passcode policy set through ActiveSync, and clearing Safari's search history with the Settings application now really does remove the history. Multiple JavaScript and other WebKit-related issues have also been fixed to avoid information disclosure, cross-site scripting, crashing or arbitrary code execution. Some appear to be generic, other iPhone-specific. All told, the update addresses more than three dozen issues, some of them involving multiple vulnerabilities. iPhone 3.0 is also applicable to the iPod touch, though owners of that device have to pay $US9.95 for the new software where iPhone owners receive it free of charge, ostensibly due to Apple's use of a subscription model for accounting for iPhone revenue. |
Tags
| < Next story in category | Previous story in the category > |
|---|
