Apple has released 45 patches to fix security flaws in its iPhone smartphone and iPod Touch handheld computer. The patches fix problems with buffer overflow issues, cross-site scripting and security protocols.
The patches have also been incorporated into iPhone OS 3.0, the new version of Apple's smartphone operating system.
The advisory notice on Cert, stated that iPhone OS 3.0 addresses "multiple vulnerabilities across many packages". According to the notice on Cert, exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.
Apple has put together an article covering the flaws, many of which affect the image processing engine. One of the flaws could be exploited by a hacker to send a virus embedded in a PDF document to an iPod Touch or iPhone. Another involves users who connect to a malicious Exchange server, which Apple said may lead to the disclosure of sensitive information. Apple said its implementation of IPSec may cause a denial of service on the iPhone and iPod Touch.