Skip the navigation
News

Apple ships iOS 4.1, patches FaceTime flaw

Quashes 24 security bugs, targets problems with proximity sensor, Bluetooth and degraded iPhone 3G performance

By Gregg Keizer
September 8, 2010 03:16 PM ET

Computerworld - As expected, Apple today released the iOS 4.1 update for its iPhone and iPod Touch.

Apple also patched two dozen security vulnerabilities in its mobile operating system, most of them rated "critical," including the first ever in the firm's new FaceTime video calling software.

The update, which weighed in at between 308MB and 590MB in size depending on the destination device, hit Apple's download servers shortly after 1 p.m. ET on Wednesday.

Computerworld confirmed that the update was available, and downloaded iOS 4.1 without problems.

Last weekend, Apple's U.K. site briefly indicated that the update, which CEO Steve Jobs said would be released this week, would be available today. The site was quickly revised to show only the notice "Coming soon," however.

Along with new functionality included with iOS 4.1 -- ranging from "high dynamic range" (HDR) photography that produces more detail in over- and under-exposed areas, to the launch of Apple's Game Center multi-player online network -- Jobs also promised that the update would fix some of the bugs in iOS 4.0 that users have been complaining about since that version's June 21 debut.

Owners of older iPhones, especially 2008's iPhone 3G, have flooded Apple's support forum with reports of degraded performance since they upgraded to iOS 4.0.

Other parts of the upgrade kicked off Game Center, the company's multi-player online gaming network, and are supposed to fix problems with Bluetooth connectivity and the iPhone's proximity sensor. Customers have hammered Apple over the proximity issue, saying that the sensor didn't deactivate the touchscreen when the smartphone was held up to their faces, causing dropped calls, muted calls and "face-dialed" numbers.

Apple also patched 24 vulnerabilities in iOS with the update, including 19 tagged with the phrase "arbitrary code execution," Apple-speak for a critical vulnerability. Unlike other operating system makers, like Microsoft, Apple does not rank flaws with a threat-scoring system.

Over 80% of the bugs were in WebKit, the open-source browser engine that powers the mobile version of Safari integrated in iOS, as well as Safari on the desktop and Google's Chrome browser.

One of the four non-WebKit vulnerabilities was in FaceTime, Apple's new video chat application that debuted in June on the iPhone 4, and is also included on the new fourth-generation iPod Touch, which went on sale today in the company's retail stores.

The bug could let others redirect FaceTime calls, Apple said.

"An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls," said Apple's advisory. "This issue is addressed through improved handling of certificates."

Apple credited Aaron Sigel, who used to work in the company's security group, for reporting the bug. Sigel confirmed today that Apple's patch did the job.

The iOS 4.1 update is available for the iPhone 4, 3GS and 3G, as well as the iPod Touches introduced in 2008, 2009 and on Sept. 1, 2010. The oldest of Apple's iPhone and iPod Touch do not support iOS 4, and so will not receive today's upgrade.

Apple requires users to download iOS 4.1 to their Windows PC or Mac using iTunes, then sync their iPod Touches or iPhones to the machine to install the upgrade.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

Read more about Mobile OSes in Computerworld's Mobile OSes Topic Center.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile OSes White Papers
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
All Mobile OSes White Papers
Mobile OSes Webcasts
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
Virtualize Business-Critical Applications with Confidence
Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®...
All Mobile OSes Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs