NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Apple > Iworld > iPhone

September 14th, 2009, 12:38 GMT · By Filip Truta

The Security Content of iPhone OS 3.1, OS 3.1.1 for iPod touch

Adjust text size:

Besides adding new features, tweaks and fixes in the latest software update to the iPhone OS, Apple has included a number of security patches as well, resolving recently discovered vulnerabilities in the software on both the iPhone side of the OS, and for iPod touch.

According to an Apple Support piece detailing “the security content of iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch,” almost a dozen bugs have been patched in OS 3.1 for iPhone and OS 3.1.1 for iPod touch, spanning areas like CoreAudio, Exchange Support and MobileMail. Even a “Recovery Mode” issue has been found in previous versions of the iPhone OS.

Apple reveals that, “A heap buffer overflow exists in Recovery Mode command parsing,” an issue that “may allow another person with physical access to the device to bypass the passcode, and access the user's data. This update addresses the issue through improved bounds checking.”

Another issue, affecting only iPhone owners running iPhone OS 1.0 through 3.0.1, is related to a null pointer dereference problem that exists in the software’s handling of SMS arrival notifications. Therefore, Apple says, “Receiving a maliciously crafted SMS message may lead to an unexpected service interruption.” To fix the issue, Apple has improved the handling of incoming SMS messages, crediting Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for discovering and reporting the bug.

Even deleted email messages have been penned in as an issue in iPhone OS earlier than 3.1. According to Clickwise Software and Tony Kavadias, these may still be visible through a Spotlight search, as Spotlight finds and allows access to deleted messages in Mail folders on the device. According to Apple’s description of the vulnerability, “This would allow a person with access to the device to view the deleted messages.” As simple as it sounds, the issue has been addressed by not including deleted emails in the Spotlight search results anymore. Apple also notes that only iPhone OS 3.0 and iPhone OS 3.0.1 users are affected, along with iPod touch 3.0 users.

Visit Apple’s Support section here to see all the security issues addressed in iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch.

FILED UNDER:

TELL US WHAT YOU THINK:

3,129 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

PwnageTool for OS 3.1 On Its Way

‘Jailbreak iPhone 3.1’ - Tutorial and Downloads Available

5G Nano Popped Open

Apple Releases Brother, Canon Printer Drivers for Mac OS X v10.6

Apple Releases iMac Graphics FW Update 1.0.2, HP Printer Drivers for OS X 10.6

READER COMMENTS:

Comment #1 by: Ravi on 15 Sep 2009, 12:53 UTC	reply to this comment
how can we jailbreak/unlock iphone 3g version 3.1 Please let me know at the earliest as i am totally confused !!!!!!!!

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use