Apple patches 12 iPhone bugs, adds Street View, podcast downloads
The 2.2 update fixes flaws that left it open to attack, hijack, calls to 900 numbers
November 21, 2008 12:00 PM ETComputerworld - Apple Inc. early today released iPhone 2.2, the first update to the phone's firmware in more than two months, patching a dozen security vulnerabilities and adding several new features, including Google Street Views to the device's mapping tool.
The additions to Maps were the most-touted by Apple, which said the Google-based feature now sports street-level views, where available, as well as walking and public-transit directions, and location-sharing via e-mail.
Other changes to the iPhone's software included reliability and stability fixes for Mail and Safari, sound-quality improvements for voice-mail playback and, in a terse notice, changes aimed at a "decrease in call setup failures and dropped calls."
In September, Apple first responded to months of complaints by iPhone 3G owners of weak signal strength -- even in areas supposedly covered by AT&T Inc.'s 3G network -- slow download speeds and frequently dropped calls by issuing iPhone 2.1.
Today's update also added the ability to download podcasts directly to the iPhone, a move that's notable because Apple two months ago rejected a third-party application that did the same thing and blocked the developer's attempt to sidestep the App Store. Alex Sokirynsky then took his Podcaster application to the hacked-iPhone market.
Apple's podcast addition lets users download podcasts via iTunes either over the phone's cellular data network or using Wi-Fi.
Also included in the iPhone 2.2 update are patches for 12 vulnerabilities, four of which Apple tagged with its usual "arbitrary code execution" line, a phrase that essentially means that the bug is critical and could be used to compromise the phone.
Three of the patches address flaws in the iPhone's password protection, a feature that was broken after Apple forgot to fix it in iPhone 2.0 last summer, even though it had quashed the bug in a January 2008 update. Today's fixes restrict emergency numbers -- which are the only numbers designed to be accessible when someone doesn't know the password to unlock the phone -- to actual emergency numbers, and prevent people without the password from viewing text messages.
Other fixes secure the phone from attacks using TIFF images, patch three vulnerabilities in Safari and plug a hole that could be exploited by hackers to trick users into visiting a malicious Web site. One of the TIFF flaws -- there are actually two -- could be used to reboot the iPhone simply by getting the user to view a malformed image.
One of the Safari bugs was publicly reported only yesterday, when German security researchers said that criminals could use the flaw to force the iPhone to call any number, including premium-pay numbers, such as 900 numbers.
The 12 patches also all apply to the iPod Touch, which received its own 2.2 update today as well.
IPhone owners can upgrade their devices to Version 2.2 by connecting to their Macs or Windows PCs and launching iTunes. The updates weigh in at approximately 245MB.
Apple
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
