Apple patches image buffer overflow in iPhone, iPod Touch

Applying the patch, however, disables Jailbreak and third-party applications for the iPhone.

Apple on Monday released a patch for the iPhone and iPod Touch. The TIFF vulnerabilities associated with the patch are serious. However, in fixing the security flaws, users will no longer be able to apply Jailbreak, software that allows for third-party applications on the iPhone. Further, Apple says the update is only available through iTunes, and will not appear in the Mac OS software update application, or on the Apple downloads site, and requires the latest version of iTunes to receive this update.

Image IO
This patch affects users of iPhone v1.0 through v1.1.1, iPod Touch v1.1, and v1.1.1 and does not not affect Mac OS X v10.3.9 systems with Security Update 2006-004, Mac OS X v10.4.7 systems with Security Update 2006-004, or systems running Mac OS X v10.4.8 or later. The patch addresses vulnerabilities found in CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, and CVE-2006-3465. According to Apple, "Image IO contains a version of libtiff that is vulnerable to multiple buffer overflows. By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issues by performing additional validation of TIFF images."

Apple credits Tavis Ormandy of Google's security team for reporting this vulnerability.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

As Xbox One gets a little sweeter, HoloLens gets Xbox Live

Microsoft announces new features coming to Xbox One, including the ability to record TV shows. Also, the company opens up Xbox Live to HoloLens programmers.

by Bridget Carey