Apple's latest firmware update for the iPhone and iPod touch addresses some pretty serious remotely exploitable security holes.
Apple has released the iPhone OS 3.1.3, which fixes a series of major security vulnerabilities in the mobile platform - and is a must-have for iPhone and iPod Touch users.
According to a Knowledge Base article
on Apple's website - via ComputerActive
- the latest patch for the OS fixes five flaws, three of which could result in the device being remotely cracked.
While one of the other vulnerabilities - a flaw in the in-built recovery mode functionality, which allows for a certain section of memory to be forcibly corrupted on receipt of a certain USB control message and allow full access to data on the iPhone or iPod Touch without needing the pass code - requires physical access to the handset to exploit, the other critical issues can be remotely exploited.
The first is an issue with the handling of maliciously crafted MP4 files in the software's CoreAudio libraries - initially thought to merely represent a crash risk, but later discovered to allow third-party code execution. The MP4 file can be either attached to an e-mail or included in a web page for download, and potentially allows for full remote access to the data on the handset.
The second major issue fixed by the update lies in the ImageIO libraries, which have a similar issue with parsing malicious TIFF image files - again allowing for remote code execution in correctly exploited.
The third flaw allowing for remote code execution lies, rather more seriously, in the WebKit engine for the browser itself: when presented with a maliciously-crafted FTP directory listing, the browser can overflow and - again - potentially execute arbitrary code.
With these three flaws representing serious security concerns - especially with the potential to have all your contacts, e-mails, and photos sent off to a third party, or your handset being made to silently call a premium-rate chat line without your knowledge - all iPhone users are advised to upgrade at their earliest convenience.
Are you pleased to see such major security flaws patched by Apple, or does it clash with the company's image of 'it just works?' Share your thoughts over in the forums