Apple patches FaceTime redirect security hole in iPhone

Summary:The iOS 4.1 update includes fixes for a total of 24 documented security holes, most in the open-source WebKit rendering engine.

Apple's iPhone 4 contains a security hole that allows hackers in a privileged network position to redirect FaceTime video calls.

The security vulnerability, just patched with the latest iOS 4.1 for iPhone and iPod touch, occurs because of an issue in the handling of invalid certificates, Apple said in an advisory.

The iOS 4.1 update includes fixes for a total of 24 documented security holes, most in the open-source WebKit rendering engine.

The WebKit flaws could be exploited to take complete control of iPhones or iPod touch devices that are lured to maliciously rigged Web pages.

The patch also fixes a user interface accessibility vulnerability in the  settings panel for Location Services. This may cause the VoiceOver feature to not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours.

It also fixes a memory corruption issue in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution, Apple said.

Topics: Apple, Browser, Hardware, iPhone, Mobility, Software Development

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.