Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

iPhone and iPod touch 2.2 update addresses flaws

Share

Apple has issued software update 2.2 for its iPhone and iPod Touch devices to fix multiple vulnerabilities which could lead to disclosure of sensitive information and a number of other issues.

Secunia rated the 12 flaws "highly critical" and said the vulnerabilities could be maliciously exploited to bypass certain security restrictions, disclose sensitive information, conduct spoofing attacks, cause a denial-of-serve condition or potentially compromise a user's system.

A flaw in WebKit, the open-source application framework, could be exploited to disclose sensitive information to a person with physical access to an unlocked device.

Vulnerabilities in CoreGraphics, ImagelO, Safari and Office Viewer all could lead to unexpected application termination or arbitrary code execution if a user views a maliciously crafted website, Microsoft Excel file, or TIFF image.

Other vulnerabilities in Safari may lead to interface spoofing exploits or initiation of a phone call without user interaction. Meanwhile, flaws in ImagelO may lead to unexpected device reset through viewing a maliciously crafted TIFF image.

A vulnerability in Networking, a feature of iPhone, could lead to encryption reverting to a lower setting.

The update also fixes two vulnerabilities in Passcode Lock — one that could have allowed users to make emergency calls to any number, and another that could have allowed a person to launch applications without a passcode.

iPhone and iPod touch 2.2 update addresses flaws

The vulnerabilities can be maliciously exploited to bypass certain security restrictions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.