New iPhone / iPod OS fixes lots of security vulnerabilities

September 10th, 2009 Tags: , , , , ,

iPhone 3GS

Something that’s never quite so prominently featured is the security vulnerabilities within the iPhone / iPod Touch OS (to be fair, this applies to many phones, and Apple at least release OS updates that can currently be applied to all devices ensuring no one is left behind with an insecure OS; Nokia, I’m looking at you here!).

So, whilst yesterday Apple made a big song and dance about the new features in their iPhone (v3.1) and iPod Touch (v3.1.1) OS updates, they made a lot less mention of the security fixes that are in there too.  Now this information is public, I can reveal some of the vulnerabilities that have been fixed:

  • A malicious AAC or MP3 file could be accessed and this could cause application termination or arbitary code execution.
  • If connected to Exchange, it was possible to configure the device to allow access to Exchange even after the Exchange Administrator configured timeout period.
  • The Spotlight find facility could search and display deleted emails (it looks to me like they have simply fixed Spotlight to no longer display the search entry if it was from a deleted email, as opposed to actually completely removing the contents in the first place, but I may be wrong here).
  • It was possible to bypass the the passcode request via the Recovery Mode.
  • A maliciously crafted SMS could cause service disruption.
  • Passwords when entered could be made to briefly appear on the screen.
  • 4 WebKit vulnerabilities were fixed.

That last point is interesting; Nokia use the same underlying WebKit engine for their products, yet we don’t see speedy firmware releases from Nokia addressing these issues, and especially not for phone more than a year or two old, which may well still be vulnerable, but are “out of support”.  It’s good to see Apple addressing vulnerabilities, and with their capability of notifying owners of new versions, at least their devices should be safe against these attacks once the new OS is commonly used (and of course, within a week or so, all owners will have been offered the new update via iTunes).

Oh, and for a large (200MB+) download, it’s surprising to see Apple don’t support resumable downloads, so if the update stops or fails for any reason, you have to download it all again.


Leave a Reply