Apple ships iOS 4.1, patches FaceTime flaw

Computerworld - As expected, Apple today released the iOS 4.1 update for its iPhone and iPod Touch.

Apple also patched two dozen security vulnerabilities in its mobile operating system, most of them rated "critical," including the first ever in the firm's new FaceTime video calling software.

The update, which weighed in at between 308MB and 590MB in size depending on the destination device, hit Apple's download servers shortly after 1 p.m. ET on Wednesday.

Computerworld confirmed that the update was available, and downloaded iOS 4.1 without problems.

Last weekend, Apple's U.K. site briefly indicated that the update, which CEO Steve Jobs said would be released this week, would be available today. The site was quickly revised to show only the notice "Coming soon," however.

Along with new functionality included with iOS 4.1 -- ranging from "high dynamic range" (HDR) photography that produces more detail in over- and under-exposed areas, to the launch of Apple's Game Center multi-player online network -- Jobs also promised that the update would fix some of the bugs in iOS 4.0 that users have been complaining about since that version's June 21 debut.

Owners of older iPhones, especially 2008's iPhone 3G, have flooded Apple's support forum with reports of degraded performance since they upgraded to iOS 4.0.

Other parts of the upgrade kicked off Game Center, the company's multi-player online gaming network, and are supposed to fix problems with Bluetooth connectivity and the iPhone's proximity sensor. Customers have hammered Apple over the proximity issue, saying that the sensor didn't deactivate the touchscreen when the smartphone was held up to their faces, causing dropped calls, muted calls and "face-dialed" numbers.

Apple also patched 24 vulnerabilities in iOS with the update, including 19 tagged with the phrase "arbitrary code execution," Apple-speak for a critical vulnerability. Unlike other operating system makers, like Microsoft, Apple does not rank flaws with a threat-scoring system.

Over 80% of the bugs were in WebKit, the open-source browser engine that powers the mobile version of Safari integrated in iOS, as well as Safari on the desktop and Google's Chrome browser.

One of the four non-WebKit vulnerabilities was in FaceTime, Apple's new video chat application that debuted in June on the iPhone 4, and is also included on the new fourth-generation iPod Touch, which went on sale today in the company's retail stores.

The bug could let others redirect FaceTime calls, Apple said.

"An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls," said Apple's advisory. "This issue is addressed through improved handling of certificates."

Apple credited Aaron Sigel, who used to work in the company's security group, for reporting the bug. Sigel confirmed today that Apple's patch did the job.

The iOS 4.1 update is available for the iPhone 4, 3GS and 3G, as well as the iPod Touches introduced in 2008, 2009 and on Sept. 1, 2010. The oldest of Apple's iPhone and iPod Touch do not support iOS 4, and so will not receive today's upgrade.

Apple requires users to download iOS 4.1 to their Windows PC or Mac using iTunes, then sync their iPod Touches or iPhones to the machine to install the upgrade.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about iOS in Computerworld's iOS Topic Center.