Main Menu

iPhone 3.0 OS is out

Written by Editor on June 18, 2009

So Apple have released the new version of the iPhone OS, although there are various new flashy features for the latest Jesus Phone OS it has also served as a security fix release too.

iPhone OS 3.0 also addresses a grand total of 47 security vulnerabilities. Many of the flaws are exploitable to execute arbitrary code on the iPhone. However, code execution on a non-jailbroken device is considered difficult, it is however still possible. At the end of July two researchers will be presenting at BlackHat USA 2009 on their methodology for achieving code execution on a factory iPhone.

The iPhone is an incredibly popular device and it stands to reason it would become a target and such more security researchers are focusing their efforts to expose flaws in the associated software. As a result it is only a matter of time before this initial steps will spawn active attacks against iPhone users. The vulnerabilities covered by the update address a wide range of problems across various aspects of the iPhone. The update includes fixes for issues within Safari, iPhone Mail.app, the Webkit rendering engine used by Safari and others.

There are several fixes in there around the CoreGraphics engine and the handling of PDF files that could be used to cause code execution as well as some issue with the handling of PNG files. Increasingly across many products issues with file handling are cropping up and it seems that the iPhone OS is just as vulnerable to them as others. Many of the issues patched in this update also appear to be related to other ‘open source’ products and as such this update is bringing the components of the iPhone OS that use them in line with the latest security fixes for those open source products.

From a feature set wise the major feature that could potentially be considered Security related is the new ‘Find my iPhone and Remote Wipe’ feature this is tied into the Mobile Me service. Which having tested that out here at VDot central is pretty cool.

All in all it is highly recommended for iPhone users to get this update installed as soon as possible. If your a user of a Jailbroken or Unlocked iPhone, then it would be best to hold off that upgrade until the various people in the iPhone ‘hacking’ scene do their thing and it looks like they are working on it.