iPhone update kills 12 security bugs

iPhone update kills 12 security bugs

Summary: Apple has released iPhone OS 2.2 with patches for 12 documented security flaws, some very serious.

SHARE:

iPhone update kills 12 security bugsApple has released iPhone OS 2.2 with patches for 12 documented security flaws, some very serious.

The vulnerabilities covered by the patch (which also affect iPod Touch) could allow remote code execution, information theft, software crashes and weakened encryption settings.

The skinny on this batch of updates:

  • CVE-2008-2321: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution.  Credit to Michal Zalewski of Google for reporting this issue.
  • CVE-2008-2327: Multiple uninitialized memory access issues exist in libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2008-1586: A memory exhaustion issue exists in the handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected device reset.  Credit to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.
  • CVE-2008-4227: The encryption level for PPTP VPN connections may revert to a previous lower setting. This update addresses the issue by properly setting the encryption preferences. Credit to Stephen Butler of the University of Illinois of Urbana-Champaign for reporting this issue.
  • CVE-2008-4211:  A signedness issue in Office Viewer's handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution. Apple discovered this bug internally.
  • CVE-2008-4228:  iPhone provides the ability to make an emergency call when locked. Currently, an emergency call may be placed to any number. A person with physical access to an iPhone may take advantage of this feature to place arbitrary calls which are charged to the iPhone owner.
  • CVE-2008-4229: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. A race condition in the handling of device settings may cause the Passcode Lock to be removed when the device is restored from backup. This may allow a person with physical access to the device to launch applications without the passcode.  Credit to Nolen Scaife for reporting this issue.
  • CVE-2008-4230: If an SMS message arrives while the emergency call screen is visible, the entire SMS message is displayed, even if the "Show SMS Preview" preference was set to "OFF". This update addresses the issue by, in this situation, displaying only a notification that a SMS message has arrived, and not its content.
  • CVE-2008-4231: A memory corruption issue exists in the handling of HTML table elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Credit to Haifei Li of Fortinet's FortiGuard Global Security Research Team for reporting this issue.
  • CVE-2008-4232: Safari allows an iframe element to display content outside its boundaries, which may lead to user interface spoofing. Credit to John Resig of Mozilla Corporation for reporting this issue.
  • CVE-2008-4233: If an application is launched via Safari while a call approval dialog is shown, the call will be placed. This may allow a maliciously crafted website to initiate a phone call without user interaction. Additionally, under certain circumstances it may be possible for a maliciously crafted website to block the user's ability to cancel dialing for a short period of time.  Credit to Collin Mulliner of Fraunhofer SIT for reporting this issue.
  • CVE-2008-3644: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a person with physical access to an unlocked device.

It should be mentioned that several known phishing and spamming flaws in iPhone are not yet addressed.

Topics: Networking, Collaboration, Hardware, iPhone, Mobility, Security, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • doesn't the iphone run a a very similar

    system has macs do? cocoa isn't it? a watered down verison i think. well why 12 security bugs i thought mac's system was suppose to be perfect with nothing wrong with the system. i guess ifans should shut up and not talk so holy of their systems.
    blackhawk556
    • There's no such thing

      as a system that doesn't need security updates. Anyone who thinks otherwise is just being ignorant.

      Mac OS X gets regular security updates, too.

      Some systems just have more security issues from the beginning-- e.g. a clean Windows XP install with access to the Internet will get hacked and owned within about 20 minutes.
      Lun_Esex
    • Depends on what you call similar

      It is "based on OS X", yes, and OS X is based on FreeBSD. To say that flaws in the iPhone OS must affect Mac OS X makes as much sense as saying they must also affect FreeBSD. It is possible that bugs in one are in the other, but very unlikely - it depends on the bug.

      To answer your second question, Cocoa[1] is a development framework, it is not an operating system.

      It seems your keyboard is defective, the lack of capital letters in your post indicates that shift key isn't functioning reliably. The absence of paragraphs might indicate that the return key is faulty too.

      Finally your logic is seriously flawed - the fact that Apple has decided to fix some bugs in their software does not indicate that the users of their products should have their right to free speech curtailed.

      1. <URL: http://developer.apple.com/cocoa/ >
      Fred Fredrickson
  • RE: iPhone update kills 12 security bugs

    great to see them get this out as well as credit those
    who found the problems. Bravo to Apple. Downloading it
    right now to get things moving. Also thanks to Google
    for the voice search implementation. Very cool to see.

    Michael Murdock
    ceo@...
  • RE: iPhone update kills 12 security bugs

    So when does the iPhone camera get video recording, and
    when does MMS come into play?
    nix_hed
    • Re:RE: iPhone update kills 12 security bugs

      Oh, and Cut and Paste?
      nix_hed
  • RE: iPhone update kills 12 security bugs

    This new update has effectively killed my iPhone - have had to restore from backup 4 times so far - my valid pincode becomes invalid and then resets the phone!! :-(
    gfossella@...
  • RE: iPhone update kills 12 security bugs

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut