NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Home / News / Apple / Iworld / iPhone

iPhone

Apple Posts Security Information on iPhone OS 2.0

The 'secure' side of the latest iPhone OS version disclosed

By Filip Truta, Apple News Editor

14th of July 2008, 22:06 GMT

Adjust text size:

With all the excitement created by the abundance of apps now available through the App Store, and Apple's continuous advertising of the enhancements brought by the new OS 2.0, few have noticed that security improvements are also present in the new iPhone / iPod touch OS.

In an article about the security content of iPhone v2.0 and iPod touch v2.0, Apple details these fixes as possible issues that users may encounter, should they not upgrade to iPhone OS 2.0. According to TUAW, "most of the improvements deal with websites that are crafted to cause mischief on your iPhone." Here are some excerpts from the respective

document:

"Impact: A malicious proxy server may spoof secure websites

Description: A malicious HTTPS proxy server may return arbitrary data to CFNetwork in a 502 Bad Gateway error, which could allow a secure website to be spoofed. This update addresses the issue by not returning the proxy-supplied data on an error condition.

[...]

Impact: A remote attacker may be able to cause an unexpected device reset

Description: An undetected failure condition exists in the handling of packets with an IPComp header. Sending a maliciously crafted packet to a system configured to use IPSec or IPv6 may cause an unexpected device reset. This update addresses the issue by properly detecting the failure condition.

[...]

Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

Description: When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt. This may lead to the disclosure of sensitive information. This update addresses the issue through improved handling of certificates."

Apple credits Hiromitsu Takagi for reporting this last issue.

These are just some of the few issues that could occur on iPhones running OS v1.0 through v1.1.4, and iPod touch units under v1.1 to v1.1.4. As an (original) iPhone owner, be sure to upgrade to the latest OS as soon as you get the chance. iPod touch users can also upgrade to software 2.0 for their respective devices, but are required to pay a $9.99 fee.

TAGS:	iPhone software 2.0 \| iPod touch software 2.0 \| iPhone 3G security \| Apple document \| Apple support	SHARE THIS
Read by 2,629 user(s) \| Add comment \| Link to this article		TWEET THIS

Article rating:

NOT RATED

0 vote(s)

Subscribe to news |

Print article |

Send to friend

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

No user comments yet.

Be the first to express your opinion using the form below!

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive