Apple delivers iPhone, iPod touch and QuickTime fixes with Macworld updates

Apple delivers iPhone, iPod touch and QuickTime fixes with Macworld updates

Summary: Apple's software updates for the iPhone and iPod touch contain a few security fixes. Apple also patched QuickTime while it was at it.

SHARE:

Apple's software updates for the iPhone and iPod touch contain a few security fixes. Apple also patched QuickTime while it was at it.

On the heels of Apple CEO Steve Jobs' big Macworld performance Tuesday, the company slipped out a few security fixes. In an email alert, Apple noted that the iPhone v.1.1.3 software and the iPod touch v.1.13 include the following fixes.

CVE-2008-0035: This remedy plugs holes in iPhone software versions 1.0 through 1.1.2 and iPod touch v.1.1 and 1.1.2. The flaw allows a "maliciously crafted URL" to terminate an application or lead to an arbitrary code execution. The problem is largely related to Safari's handling of URLs.

CVE-2008-0034: Here Apple is plugging a flaw in iPhone software v.1.0 through v. 1.1.2 that allows an unauthorized user to bypass the passcode lock.

Apple says in its email alert:

The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode. This update addresses the issue through an improved check on the state of the Passcode Lock.

CVE-2007-5858: This patch fixes a Safari vulnerability that allows the disclosure of sensitive information when you visit a malicious Web site.

Meanwhile, Apple released QuickTime 7.4, which addresses three security vulnerabilities. Here's the list:

CVE-2008-0031: This patch is available for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista and XP SP2. The problem: Vistiting a malicious movie file may lead to a crash or arbitrary code execution. The flaw was discovered by Jun Mao of VeriSign iDefense Labs.

CVE-2008-0032: Covers QuickTime on all of the aforementioned operating systems. Apple says the patch addresses a memory corruption issue that leads to the same problem as the previous flaw above. CVE-2008-0033 also is along the same lines.

CVE-2008-0036: Affects all operating systems. Apple says:

Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow may occur while processing a compressed PICT image. Opening a maliciously crafted compressed PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by terminating decoding when the result would extend beyond the end of the destination buffer.

If Apple stays true to form Leopard fixes can't be too far behind.

Topics: Security, Apple, Hardware, iPhone, Mobility, Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • QuickTime=QUITtime

    Well, the new QuickTime may have pached security flaws, but if you work with Adobe AfterEffects, you are buggered royally. 7.4 apparently has a problem that causes renders to fail repeatedly no matter what you do. The only fix is to obliterate all traces of the new QuickTime, and fall back to the older 7.3.x version if you can. Since Apple competes in the same space with AfterEffects, it will be interesting to see if/when they address this. For info see the AfterEffects Forum at www.creativecow.net.
    improviz
  • RE: Apple delivers iPhone, iPod touch and QuickTime fixes with Macworld upd

    I have found a work around for java and flash called Tranmogrify!
    as well as many web based apps including apples own
    unfortunately my quicktime still does not work
    only gets question marks in place holder of videos
    On my desktop computer I simply erase quicktime plugin.plugin
    haven't figured it out on the ipod touch
    dugurama2