iPhone 3.0 patches 46 security holes

Apple has patched nearly four dozen security holes in the iPhone and iPod Touch with its iPhone OS 3.0 release, made available on Wednesday.

The 46 flaws could allow an attacker to bypass security restrictions, shut down an application, disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, or take over the device, Apple said in an advisory.

Independent security firm Secunia ranked the most serious of the vulnerabilities as "highly critical".

Several of the bugs could allow a hacker to execute malicious code on the handset. For instance, vulnerabilities in the CoreGraphics component could be used to launch an attack when a user views a specially crafted image or PDF file.

Similarly, certain flaws in the web-browsing framework WebKit could let an outsider run code if the device's owner visits a malicious website.

A number of the vulnerabilities, mainly found in WebKit, open the door to cross-site scripting attacks, where the hacker compromises the phone by injecting code into a seemingly safe website.

In addition, bugs in Safari could lead to the disclosure of the search history and to successful 'clickjacking' attacks. Clickjacking is a technique where the intruder tricks the user about what they are launching when they click on an area, leading them to carry out an unintended action, such as approving a purchase.

Some of the vulnerabilities are more unusual, such as a flaw in Mail that makes it possible for an outsider to initiate a phone call without needing the user to do anything. Another is a bug in WebKit that could permit websites to surreptitiously track users.

Besides the security fixes, iPhone OS 3.0 adds functionality such as system-wide search and cut-and-paste. The software, first shown off to developers in March, is available via iTunes.

Original article: Apple stamps out 46 iPhone bugs from ZDNet UK