Skip the navigation

Apple patches 12 iPhone bugs, adds Street View, podcast downloads

The 2.2 update fixes flaws that left it open to attack, hijack, calls to 900 numbers

November 21, 2008 12:00 PM ET

Computerworld - Apple Inc. early today released iPhone 2.2, the first update to the phone's firmware in more than two months, patching a dozen security vulnerabilities and adding several new features, including Google Street Views to the device's mapping tool.

The additions to Maps were the most-touted by Apple, which said the Google-based feature now sports street-level views, where available, as well as walking and public-transit directions, and location-sharing via e-mail.

Other changes to the iPhone's software included reliability and stability fixes for Mail and Safari, sound-quality improvements for voice-mail playback and, in a terse notice, changes aimed at a "decrease in call setup failures and dropped calls."

In September, Apple first responded to months of complaints by iPhone 3G owners of weak signal strength -- even in areas supposedly covered by AT&T Inc.'s 3G network -- slow download speeds and frequently dropped calls by issuing iPhone 2.1.

Today's update also added the ability to download podcasts directly to the iPhone, a move that's notable because Apple two months ago rejected a third-party application that did the same thing and blocked the developer's attempt to sidestep the App Store. Alex Sokirynsky then took his Podcaster application to the hacked-iPhone market.

Apple's podcast addition lets users download podcasts via iTunes either over the phone's cellular data network or using Wi-Fi.

Also included in the iPhone 2.2 update are patches for 12 vulnerabilities, four of which Apple tagged with its usual "arbitrary code execution" line, a phrase that essentially means that the bug is critical and could be used to compromise the phone.

Three of the patches address flaws in the iPhone's password protection, a feature that was broken after Apple forgot to fix it in iPhone 2.0 last summer, even though it had quashed the bug in a January 2008 update. Today's fixes restrict emergency numbers -- which are the only numbers designed to be accessible when someone doesn't know the password to unlock the phone -- to actual emergency numbers, and prevent people without the password from viewing text messages.

Other fixes secure the phone from attacks using TIFF images, patch three vulnerabilities in Safari and plug a hole that could be exploited by hackers to trick users into visiting a malicious Web site. One of the TIFF flaws -- there are actually two -- could be used to reboot the iPhone simply by getting the user to view a malformed image.

One of the Safari bugs was publicly reported only yesterday, when German security researchers said that criminals could use the flaw to force the iPhone to call any number, including premium-pay numbers, such as 900 numbers.

The 12 patches also all apply to the iPod Touch, which received its own 2.2 update today as well.

IPhone owners can upgrade their devices to Version 2.2 by connecting to their Macs or Windows PCs and launching iTunes. The updates weigh in at approximately 245MB.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies