Code execution holes in iPhone OS, iPod Touch

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks.

The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files. Here's the skinny on the vulnerabilities being patched with this iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod Touch update:

• CoreAudio (CVE-2010-0036) -- A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution.
• ImageIO (CVE-2009-2285) --  A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
• Recovery Mode (CVE-2010-0038) -- A memory corruption issue exists in the handling of a certain USB control message. A person with physical access to the device could use this to bypass the passcode and access the user's data.
• WebKit (CVE-2009-3384) -- Multiple input validation issues exist in WebKit's handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code.
• WebKit (CVE-2009-2841) -- When WebKit encounters an HTML 5 Media Element pointingto an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read.

This iPhone/iPod Touch update is only available through iTunes and will not appear in the software update utility available in Mac and Windows systems.