Home > News > Technology > Security > Apple releases 'critical' iPhone patches

Security

Apple releases 'critical' iPhone patches

By Phil Muncaster
Feb 4, 2010 9:11 AM
Tags: arbitrary | code | execution | flaws | iphone | access

Three of five new flaws could allow arbitrary code execution.

Apple has been forced to patch five more flaws in its popular iPhone and iPod Touch devices, three of which allow "arbitrary code execution" and could be described as 'critical'.

The firm released the iPhone OS 3.1.3 in a security notice yesterday, the first update for the device in a few months.

Apple does not rate vulnerabilities in its products in the same way as vendors like Oracle and Microsoft, but the most critical flaws affect the products' CoreAudio and ImageIO and WebKit technologies.

The flaw in CoreAudio means that playing a maliciously crafted mp4 audio file could lead to "unexpected application termination or arbitrary code execution", while viewing a maliciously crafted TIFF image could do the same owing to the ImageIO vulnerability.

Also noted is a problem with the devices' recovery mode, a feature which usually kicks in to restart the units when they are not responding.

"A memory corruption issue exists in the handling of a certain USB control message," the advisory reads. "A person with physical access to the device could use this to bypass the passcode and access the user's data."

Apple releases 'critical' iPhone patches

Related Articles

Open Office patches six flaws

Report: Apple to add multi-tasking in iPhone 4.0

iPad paves way for Skype on iPhone

Survey shows iPhone churn a major issue

Breaking Stories

Exetel, Netspace press case to become Tassie NBN ISPs

Mwave offers free shipping

HP settles spat over counterfeit printer ink

Microsoft makes new push for virtual desktops

Interview: Cloud to be enterprise ready by 2020, says RSA President

Copyright ©v3.co.uk

Send us your tips

Comments

Be the first to comment on this article.

Thoughts on this article? Add a comment below.

Comment:

Want to participate in the discussion?

Register for FREE

Or log in now to comment

Top Stories

A guided tour of Cisco's proof-of-concept centre

A data centre to test your customers' rigs.

Interview: Peter Kazacos and the "wild west" of IT

CRN talks to Hostech chairman and industry veteran, Peter Kazacos.

On the Move: March

Updated: Appointments and promotions.

Most Read
|
Most Discussed

Shortcutsall you need to know on...

Latest Comments

"Informative post. thanks for the info shared here about the Cloud computing conference. Recently ..."

on SNIA ANZ announces Cloud Computing Conference

by shruthihr_80 Mar 20, 2010 10:37 PM

"Haha...What a sad little man JL must be. Whinges about the NBN now wants in on it, We don't want ..."

on Exetel, Netspace press case to become Tassie NBN ISPs

by firey1 Mar 20, 2010 4:56 PM

"Thanks Glen, I've made those corrections."

on Case study: Cisco's first UCS customer Catholic Education

by sholtomacpherson Mar 19, 2010 10:33 AM

"This result is the law! It even applies to the small telco sellers in the mall of a shopping ..."

on Online retailer's 'reseller only' claims rejected

by peter Mar 18, 2010 9:10 PM

"Additionally, any small business with growth (and competition) on their mind would do well to ..."

on Opinion: “Myopic” Microsoft lost in the cloud

by bld Mar 16, 2010 9:54 PM

Polls

Have you experienced a problem when returning faulty goods to online retailers?

Never
Only once
All the time

| View results

Never

33%

Only once

25%

All the time

42%

TOTAL VOTES: 12

Vote now

view previous polls »

CRN Magazine

Issue: 277 | March, 2010

CRN Magazine looks in-depth at the emerging issues and developments for the Channel, and provides insight, analysis and strategic information to help resellers better run their businesses.

What's in this issue?

CRN Magazine

Subscribe Now!