Apple has released 45 patches to fix security flaws in its
iPhone smartphone and iPod Touch handheld computer. The patches fix
problems with buffer overflow issues, cross-site scripting and
security protocols.
The patches have also been incorporated into
iPhone OS 3.0, the new version of Apple's smartphone operating
system.
The
advisory notice on Cert, stated that iPhone OS 3.0 addresses
"multiple vulnerabilities across many packages". According to the
notice on Cert, exploitation of these vulnerabilities may allow an
attacker to execute arbitrary code, cause a denial-of-service
condition, obtain sensitive information, bypass security
restrictions, or conduct cross-site scripting attacks.
Apple has put together an
article covering the
flaws, many of which affect the image processing engine. One of
the flaws could be exploited by a hacker to send a virus embedded
in a PDF document to an iPod Touch or iPhone. Another involves
users who connect to a malicious Exchange server, which Apple said
may lead to the disclosure of sensitive information. Apple said its
implementation of IPSec may cause a denial of service on the iPhone
and iPod Touch.