iOS 4.2 delivers security fixes as well as new features

Stephen Withers
Tuesday, 23 November 2010 11:22

Your IT - Mobility

Much of the excitement around iOS 4.2 concerns the arrival of new functionality. But the update also includes a shed-full of security fixes, especially for the iPad. Apple has also updated the software for the current-model Apple TV.

As previously reported, iOS 4.2 delivers a range of new features including AirPrint (printing directly from iDevice without third-party software) and AirPlay (wireless streaming of audio and video to an Apple TV).

But the new version of the system software for iPad, iPhone and iPod touch also contains more than 40 security fixes for a variety of components in iOS 4.1.

Some of the issues addressed had the potential to allow arbitrary code execution. These include vulnerabilities in FreeType, ImageIO (more specifically, in the libpng open source library), libxml, and OfficeImport. Freetype and libpng issues have also been fixed in Apple TV 4.1, which was released alongside iOS 4.2.

Most of the bugs in this category were in WebKit, and were found in the handling of strings, floating-point data, scrollbars, inline styles, run-in styling, WebSprockets, geolocation, text, editing commands, SVG, element attributes, CSS 3D transforms, CSS boxes, CSS ':first-letter' pseudo-elements, CSS counter styles, inline text boxes, and JavaScript string objects.

Some of the fixes parallel those in the recently released version of Safari for Mac OS X, such as the improvement to the random number generator to reduce the risk of surreptitious tracking.

More iOS vulnerabilities fixed in 4.2 are cataloged on page 2.