'Hocus Pocus 2' Review Wi-Fi 6 Router With Built-In VPN Sleep Trackers Capital One Claim Deadline Watch Tesla AI Day Student Loan Forgiveness Best Meal Delivery Services Vitamins for Flu Season
Want CNET to notify you of price drops and the latest stories?
No, thank you

Apple patches image buffer overflow in iPhone, iPod Touch

Applying the patch, however, disables Jailbreak and third-party applications for the iPhone.

Apple on Monday released a patch for the iPhone and iPod Touch. The TIFF vulnerabilities associated with the patch are serious. However, in fixing the security flaws, users will no longer be able to apply Jailbreak, software that allows for third-party applications on the iPhone. Further, Apple says the update is only available through iTunes, and will not appear in the Mac OS software update application, or on the Apple downloads site, and requires the latest version of iTunes to receive this update.

Image IO
This patch affects users of iPhone v1.0 through v1.1.1, iPod Touch v1.1, and v1.1.1 and does not not affect Mac OS X v10.3.9 systems with Security Update 2006-004, Mac OS X v10.4.7 systems with Security Update 2006-004, or systems running Mac OS X v10.4.8 or later. The patch addresses vulnerabilities found in CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, and CVE-2006-3465. According to Apple, "Image IO contains a version of libtiff that is vulnerable to multiple buffer overflows. By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issues by performing additional validation of TIFF images."

Apple credits Tavis Ormandy of Google's security team for reporting this vulnerability.