ExchangeAvailable for iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Apple claims that connecting to a malicious Exchange server may lead to the disclosure of sensitive information. The description of the vulnerability then follows as such:
Description: Accepting an untrusted Exchange server certificate results in storing an exception on a per-hostname basis. On the next visit to an Exchange server contained in the exception list, its certificate is accepted with no prompt and validation. This may lead to the disclosure of credentials or application data. This update addresses the issue through improved handling of untrusted certificate exceptions. Credit to FD of Securus Global for reporting this issue.
Description: If an application causes an alert to apear [sic.] while Mail's call approval dialog is shown, the call will be placed without user interaction. This update addresses the issue by not dismissing the call approval dialog when other alerts appear. Credit to Collin Mulliner of Fraunhofer SIT for reporting this issue.
SafariWith the help of Joshua Belsky, Apple found that, “Clearing Safari's history via the Settings application does not prevent disclosure of the search history to a person with physical access to the device.” In broader terms, Apple explains that...
...Clearing Safari's history via the Settings application does not reset the search history. In this case, another person with physical access to the device may be able to view the search history. This update addresses the issue by removing the search history when Safari's history is cleared via the Settings application. Credit to Joshua Belsky for reporting this issue.
iPhone OS 3.0 delivers more than 100 new features, including Cut, Copy and Paste, MMS, Spotlight Search, Landscape Keyboard, expanded parental controls for TV shows, movies and apps from the App Store, video-recording and editing capabilities, the ability to capture and send audio recordings on the go with the new Voice Memo app, the ability to wirelessly download movies, TV and audio programs and an enhanced version of iTunes and iTunes U.
Visit Apple here to learn more about the security content of iPhone OS 3.0.