iPhone, iPod touch updates delivered

Stephen Withers
Wednesday, 14 November 2007 01:19

Your IT - Mobility

Apple has begun pushing the iPhone and iPod touch 1.1.2 firmware to owners' devices via iTunes.

The most significant change is a fix for the TIFF vulnerability that - through the old favourite of buffer overflows - allows the execution of arbitrary code contained within a maliciously crafted image.

Corresponding vulnerabilities in Mac OS X were fixed last year, so the fact that they were present in the variant of OS X used in the iPhone and iPod touch does call Apple's security practices into question.

The downside is that this vulnerability has been exploited to 'jailbreak' the iPhone so that third-party applications can be installed on it ahead of the release of Apple's official SDK, due in February 2008.

But there are ways and means... tools are available that allow the jailbreak on a device running 1.1.1 to survive the 1.1.2 upgrade. If you've already installed 1.1.2 or purchased a new device with that firmware, a temporary downgrade is said to do the trick.

Other changes in the new firmware include the ability to add and edit Diary entries on the device, which can then be synchronised with iCal, and the iPod touch's battery indicator shows up in iTunes.

iTunes only checks for new firmware once a week, so it may be a few days before the update is presented to all users.