Apple patches FaceTime redirect security hole in iPhone

The iOS 4.1 update includes fixes for a total of 24 documented security holes, most in the open-source WebKit rendering engine.

Apple's iPhone 4 contains a security hole that allows hackers in a privileged network position to redirect FaceTime video calls.

The security vulnerability, just patched with the latest iOS 4.1 for iPhone and iPod touch, occurs because of an issue in the handling of invalid certificates, Apple said in an advisory.

The iOS 4.1 update includes fixes for a total of 24 documented security holes, most in the open-source WebKit rendering engine.

The WebKit flaws could be exploited to take complete control of iPhones or iPod touch devices that are lured to maliciously rigged Web pages.

The patch also fixes a user interface accessibility vulnerability in the  settings panel for Location Services. This may cause the VoiceOver feature to not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours.

It also fixes a memory corruption issue in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution, Apple said.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All