RealTime IT News

Apple's iPhone OS Upgrade Has a Security Angle

Apple (NASDAQ: AAPL) on Tuesday issued a point update to its iPhone OS, making only a few fixes to the phone's software despite not having patched it in months. It's likely there won't be a major fix until the release of OS 3.2, which will likely coincide with the release of the iPad slated for later in March.

OS 3.1.3 fixes not only the iPhone but the iPod Touch as well. According to the release notes, there are four security vulnerabilities addressed in the update. One prevents buffer overflow from a maliciously crafted mp4 audio file, which may allow for arbitrary code execution.

A second fix covers maliciously-crafted TIFF images, which may also lead to an unexpected application termination or arbitrary code execution. The third fix covers memory corruption that could allow someone to bypass the passcode security measure on the phone.

Finally, a fix in the WebKit browser will prevent a maliciously-crafted FTP server from causing information disclosure from the device, unexpected application termination, or execution of arbitrary code.

There are also some bug fixes. One improves the accuracy of the reported battery level on the iPhone 3GS, another resolves an issue where third-party apps would not launch in some instances, and the final fix addresses a bug that may cause an app to crash when using the Japanese Kana keyboard.

As always, Apple does not issue just upgraded files. It puts the whole disk image online and updates everything, which means a 291MB download.

So it seems iPhone users will have to wait a little longer for their iPad cross pollination. The iPad uses OS version 3.2, which still isn't out for the iPhone/iPod Touch. Also, app developers have noted that the recently released iPad SDK does not allow for building apps that run on the iPhone/iPod Touch as yet. The three devices will likely all sync up by the time the iPad is released in two months.

Andy Patrizio is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.