Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Apple patches 12 iPhone bugs, adds Street View, podcast downloads

The 2.2 update fixes flaws that left it open to attack, hijack, calls to 900 numbers

November 21, 2008 12:00 PM ET

Active Comments
Sleeping-on-the-couch says: Everytime the wife goes to the Apple store to complain about dropped calls, they exchange her iphone for a new...
Anonymous says: I could be wrong but I believe that the patches are full fireware images. They don't accumulate as newer patches...


Computerworld - Apple Inc. early today released iPhone 2.2, the first update to the phone's firmware in more than two months, patching a dozen security vulnerabilities and adding several new features, including Google Street Views to the device's mapping tool.

The additions to Maps were the most-touted by Apple, which said the Google-based feature now sports street-level views, where available, as well as walking and public-transit directions, and location-sharing via e-mail.

Other changes to the iPhone's software included reliability and stability fixes for Mail and Safari, sound-quality improvements for voice-mail playback and, in a terse notice, changes aimed at a "decrease in call setup failures and dropped calls."

In September, Apple first responded to months of complaints by iPhone 3G owners of weak signal strength -- even in areas supposedly covered by AT&T Inc.'s 3G network -- slow download speeds and frequently dropped calls by issuing iPhone 2.1.

Today's update also added the ability to download podcasts directly to the iPhone, a move that's notable because Apple two months ago rejected a third-party application that did the same thing and blocked the developer's attempt to sidestep the App Store. Alex Sokirynsky then took his Podcaster application to the hacked-iPhone market.

Apple's podcast addition lets users download podcasts via iTunes either over the phone's cellular data network or using Wi-Fi.

Also included in the iPhone 2.2 update are patches for 12 vulnerabilities, four of which Apple tagged with its usual "arbitrary code execution" line, a phrase that essentially means that the bug is critical and could be used to compromise the phone.

Three of the patches address flaws in the iPhone's password protection, a feature that was broken after Apple forgot to fix it in iPhone 2.0 last summer, even though it had quashed the bug in a January 2008 update. Today's fixes restrict emergency numbers -- which are the only numbers designed to be accessible when someone doesn't know the password to unlock the phone -- to actual emergency numbers, and prevent people without the password from viewing text messages.

Other fixes secure the phone from attacks using TIFF images, patch three vulnerabilities in Safari and plug a hole that could be exploited by hackers to trick users into visiting a malicious Web site. One of the TIFF flaws -- there are actually two -- could be used to reboot the iPhone simply by getting the user to view a malformed image.

One of the Safari bugs was publicly reported only yesterday, when German security researchers said that criminals could use the flaw to force the iPhone to call any number, including premium-pay numbers, such as 900 numbers.

The 12 patches also all apply to the iPod Touch, which received its own 2.2 update today as well.

IPhone owners can upgrade their devices to Version 2.2 by connecting to their Macs or Windows PCs and launching iTunes. The updates weigh in at approximately 245MB.

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

Apple

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs