Apple patches 12 iPhone bugs, adds Street View, podcast downloads
The 2.2 update fixes flaws that left it open to attack, hijack, calls to 900 numbers
Computerworld - Apple Inc. early today released iPhone 2.2, the first update to the phone's firmware in more than two months, patching a dozen security vulnerabilities and adding several new features, including Google Street Views to the device's mapping tool.
The additions to Maps were the most-touted by Apple, which said the Google-based feature now sports street-level views, where available, as well as walking and public-transit directions, and location-sharing via e-mail.
Other changes to the iPhone's software included reliability and stability fixes for Mail and Safari, sound-quality improvements for voice-mail playback and, in a terse notice, changes aimed at a "decrease in call setup failures and dropped calls."
In September, Apple first responded to months of complaints by iPhone 3G owners of weak signal strength -- even in areas supposedly covered by AT&T Inc.'s 3G network -- slow download speeds and frequently dropped calls by issuing iPhone 2.1.
Today's update also added the ability to download podcasts directly to the iPhone, a move that's notable because Apple two months ago rejected a third-party application that did the same thing and blocked the developer's attempt to sidestep the App Store. Alex Sokirynsky then took his Podcaster application to the hacked-iPhone market.
Apple's podcast addition lets users download podcasts via iTunes either over the phone's cellular data network or using Wi-Fi.
Also included in the iPhone 2.2 update are patches for 12 vulnerabilities, four of which Apple tagged with its usual "arbitrary code execution" line, a phrase that essentially means that the bug is critical and could be used to compromise the phone.
Three of the patches address flaws in the iPhone's password protection, a feature that was broken after Apple forgot to fix it in iPhone 2.0 last summer, even though it had quashed the bug in a January 2008 update. Today's fixes restrict emergency numbers -- which are the only numbers designed to be accessible when someone doesn't know the password to unlock the phone -- to actual emergency numbers, and prevent people without the password from viewing text messages.
Other fixes secure the phone from attacks using TIFF images, patch three vulnerabilities in Safari and plug a hole that could be exploited by hackers to trick users into visiting a malicious Web site. One of the TIFF flaws -- there are actually two -- could be used to reboot the iPhone simply by getting the user to view a malformed image.
One of the Safari bugs was publicly reported only yesterday, when German security researchers said that criminals could use the flaw to force the iPhone to call any number, including premium-pay numbers, such as 900 numbers.
The 12 patches also all apply to the iPod Touch, which received its own 2.2 update today as well.
IPhone owners can upgrade their devices to Version 2.2 by connecting to their Macs or Windows PCs and launching iTunes. The updates weigh in at approximately 245MB.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts