14 DAY TRIAL // Apple has released iOS 4.2.1 for iPhone, iPad and iPod Touch, which addresses a flurry of critical security vulnerabilities, including the screen lock bypass discovered last month.
In total, over eighty security issues have been patched in the new version, with some components getting multiple fixes.
By far, the biggest number of vulnerabilities were identified and addressed in the WebKit layout engine (27). Many of them have also been patched in Safari last week.
Forty fixes in this release are for the iPad only, 4.2.1 being the first 4.x version supporting the device. iPhone and iPod touch have already benefitted from these patches in iOS 4 and iOS 4.1.
The update also resolves several arbitrary code execution vulnerabilities in components like FreeType, libpng, libxml, OfficeImport or Telephony.
Some of them could have been leveraged in drive-by download attacks in a similar fashion to how exploits were used by the JailbreakMe service.
Other security fixes target a low impact bug in Safari where clearing stored passwords can take longer than expected, a MobileMe password leak issue in the Photos application, as well as a privilege escalation and a denial of service weakness in the Networking component.
In addition, an unauthorized remote request problem was identified and patched in Mail, along with a call initiation issue in iAd Content Display.
iOS 4.2 addresses a bug which allows attackers to mislead users into installing maliciously crafted configuration profiles.
The lock screen bypass bug discovered at the end of October, which allowed users to make phone calls and access the address book on locked iPhones via a button combination, has also been resolved.
The iPhone Dev-Team reports that all devices remain theoretically jailbreakable thanks to the limera1n boot ROM exploit, but only the iPhone3G, older iPhone3GS, and non-MC iPod touch 2G currently benefit from a untethered 4.2.1 jailbreak.
The team is still working on a untethered solution for newer devices, so you might want to hold on updating for now. Also, if you are using the ultrasn0w carrier Unlocker, you should definitely stay away from 4.2.1 and all official firmware updates, as they will remove it.