Apple: iPhone OS 3.1 plugs 10 security bugs
Patches address flaws that could let someone bypass security restrictions, shut down an app, disclose sensitive info, conduct attacks, or take over the device.
Apple has issued an advisory regarding security enhancements included in iPhone OS 3.1 and iPod Touch OS 3.1.1.
Here is a synopsis of the 10 iPhone security vulnerabilities addressed by the latest operating-system update for the iPhone and iPod Touch. As expected, many of these security patches focus on the Web-browsing framework WebKit.
CoreAudio Changes to CoreAudio prevent maliciously crafted AAC or MP3 files from causing unexpected application termination or arbitrary code execution.
Exchange support Changes were made to prevent a person with physical access to a device from being able to use it. Previously, if the user has "Require Passcode" set to a value higher than the "Maximum inactivity time lock" setting, this would allow a window of time for a person with physical access to use the device, including Exchange services. This update addresses the issue by disabling user choices for "Require Passcode" values greater than the "Maximum inactivity time lock" setting configured by the Exchange administrator. (Read more about thecomplexities of Exchange security in OS 3.1.)
Mobile Mail Changes to Mobile Mail prevent a person from using Spotlight search to view deleted e-mails.
Recovery Mode Changes to Recovery Mode command parsing prevents another person with physical access to a locked device from bypassing the passcode and accessing the user's data.
Telephony Changes made to improve the handling of incoming SMS messages prevent the receipt of a maliciously crafted SMS message that may lead to an unexpected service interruption.
UIKit Changes to UIKit fixed a problem wherein passwords may be made visible when a person with physical access to the device deleted a character (i.e. backspace) to make that character briefly visable.
WebKit--disclosed user names and password in URLs Changes were made to prevent the disclosure of user name and password via referrer headers for Web site linking; the user name and password are no longer included in the URL in the referrer header.
WebKit--numeric character references Changes were made to prevent an unexpected application termination or arbitrary code execution after visiting a maliciously crafted Web site; a memory corruption issue was to blame for this and it was fixed through improved handling of numeric character references.
WebKit--cross-site scripting attack Changes to WebKit improved the handling of parent and top objects, thus preventing a cross-site scripting attack when visiting a maliciously crafted Web site.
WebKit--lookalike characters in a URL Lookalike characters in a URL could be used to masquerade a Web site; International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains lookalike characters; users could then be directed to a malicious Web site that is a spoofed site visually appearing to be legitimate domain. WebKit will now replace those characters with its own characters rendered in Punycode in the address bar of Mobile Safari.
Previous coverage: Security updates in iPhone OS 3.0 and Security updates in iPhone OS 2.2.