Apple patches 12 iPhone bugs, adds Street View, podcast downloads
The 2.2 update fixes flaws that left it open to attack, hijack, calls to 900 numbers
Computerworld - Apple Inc. early today released iPhone 2.2, the first update to the phone's firmware in more than two months, patching a dozen security vulnerabilities and adding several new features, including Google Street Views to the device's mapping tool.
The additions to Maps were the most-touted by Apple, which said the Google-based feature now sports street-level views, where available, as well as walking and public-transit directions, and location-sharing via e-mail.
Other changes to the iPhone's software included reliability and stability fixes for Mail and Safari, sound-quality improvements for voice-mail playback and, in a terse notice, changes aimed at a "decrease in call setup failures and dropped calls."
In September, Apple first responded to months of complaints by iPhone 3G owners of weak signal strength -- even in areas supposedly covered by AT&T Inc.'s 3G network -- slow download speeds and frequently dropped calls by issuing iPhone 2.1.
Today's update also added the ability to download podcasts directly to the iPhone, a move that's notable because Apple two months ago rejected a third-party application that did the same thing and blocked the developer's attempt to sidestep the App Store. Alex Sokirynsky then took his Podcaster application to the hacked-iPhone market.
Apple's podcast addition lets users download podcasts via iTunes either over the phone's cellular data network or using Wi-Fi.
Also included in the iPhone 2.2 update are patches for 12 vulnerabilities, four of which Apple tagged with its usual "arbitrary code execution" line, a phrase that essentially means that the bug is critical and could be used to compromise the phone.
Three of the patches address flaws in the iPhone's password protection, a feature that was broken after Apple forgot to fix it in iPhone 2.0 last summer, even though it had quashed the bug in a January 2008 update. Today's fixes restrict emergency numbers -- which are the only numbers designed to be accessible when someone doesn't know the password to unlock the phone -- to actual emergency numbers, and prevent people without the password from viewing text messages.
Other fixes secure the phone from attacks using TIFF images, patch three vulnerabilities in Safari and plug a hole that could be exploited by hackers to trick users into visiting a malicious Web site. One of the TIFF flaws -- there are actually two -- could be used to reboot the iPhone simply by getting the user to view a malformed image.
One of the Safari bugs was publicly reported only yesterday, when German security researchers said that criminals could use the flaw to force the iPhone to call any number, including premium-pay numbers, such as 900 numbers.
The 12 patches also all apply to the iPod Touch, which received its own 2.2 update today as well.
IPhone owners can upgrade their devices to Version 2.2 by connecting to their Macs or Windows PCs and launching iTunes. The updates weigh in at approximately 245MB.
Read more about Security in Computerworld's Security Topic Center.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!