iPhone 3.1 Brings Security Enhancements
As with every new Firmware release from Apple, features as well as security are equally emphasized. It’s no surprise to see at least a few important security fixes included in the latest Firmware update.
Just like it would with any Software update, Apple has issued a knowledge base article detailing what’s changed and what’s been fixed in this latest release. A few of the most important fixes:
MobileMail - Description: Spotlight finds and allows access to deleted messages in Mail folders on the device. This would allow a person with access to the device to view the deleted messages. This update addresses the issue by not including the deleted email in the Spotlight search result. This issue only affects iPhone OS 3.0, iPhone OS 3.0.1, and iPhone OS for iPod touch 3.0. Credit to Clickwise Software and Tony Kavadias for reporting this issue.
Telephony - Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. A null pointer dereference issue exists in the handling of SMS arrival notifications. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. This update addresses the issue through improved handling of incoming SMS messages. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue.
WebKit - Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
Saw an article about this security upgrade - it’s only getting more serious as people are doing more of their financial transactions on their iphone.