iTWire - Apple plugs iPhone, iPod touch, QuickTime security holes

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Apple plugs iPhone, iPod touch, QuickTime security holes

Apple plugs iPhone, iPod touch, QuickTime security holes

E-mail

by Stephen Withers
Thursday, 10 September 2009
Along with the iTunes and iPod announcements, Apple pushed out a new release of iPhone OS with varied security fixes. Multiple security issues concerning its QuickTime media software for Mac OS X and Windows were also fixed. Featured Whitepaper 5 Best Practices for Smartphone Support Much of the attention to iPhone OS 3.1 and iPhone OS 3.1.1 for the iPod touch will concern the new features such as Genius recommendations for apps. But the new versions of the system software also incorporate several security fixes. One group of fixes relates to external attacks. These include changes to the handling of maliciously crafted AAC and MP3 files to avoid crashing or arbitrary code execution, and improvements to SMS handling to avoid the SMS attack publicly revealed by Charlie Miller at this year's Black Hat security conference. Also fixed are various WebKit flaws that allow crashing, arbitrary code execution, cross-site scripting, and the disclosure of user names and passwords. A wider range of Unicode characters are flagged in the address bar to reduce the risk of URL spoofing. Another group of issues concerns issues requiring physical access. An Exchange Server inactivity time lock can no longer be overridden by extending the iPhone OS's Require Password setting. When characters in a password are deleted, they no longer made briefly visible. Deleted messages no longer appear in Spotlight search results. A hole in Recovery Mode that made it possible to bypass the device's passcode in order to access data has been plugged. The updates are available via iTunes. iPhone OS 3.1 is a free download; iPhone OS 3.1.1 costs $A5.99/$US4.95. The reason for the difference is that Apple accounts for iPhone sales revenue across the expected life of the devices, so the cost of any upgrades can be recognised along with the income. But as iPod touch revenue is booked immediately, Apple would have to restate past results if it delivered free updates for that device - so it doesn't. QuickTime 7.6.4 (for Mac OS X 10.4.11, 10.5.8, and Windows XP, Vista and 7) fixes various memory corruption and overflow conditions that could lead to crashing or arbitrary code execution when playing H.264, MPEG-4 or FlashPix content. The update is available via Software Update (Apple Software Update on Windows) or the QuickTime Downloads site. Tags See All Tags Apple Leopard Mac OS X QuickTime Security Software Stephen Withers Tiger Vulnerability Windows Windows 7 Windows Vista Windows XP iPhone iPhone 3.1 iPhone OS iPod Touch Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking