Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS 4 Addresses Over 60 Security Vulnerabilities

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,548
30,865



205529-ios_4_lock.png


Apple has posted a new support document outlining the security content of iOS 4, released earlier today. The document covers well over 60 security vulnerabilities addressed with the new release for the operating system behind Apple's mobile devices. Fifty of the security issues addressed involve WebKit, the engine behind Apple's mobile Safari browser included on all iOS devices, while a handful of other issues affect the specific Safari implementation of WebKit in iOS.

One issue addressed in iOS 4 involves the ability of third-party applications to access a user's photo library, indirectly allowing the applications to infer a user's location without explicit authorization via the geolocation information. iOS 4 addresses the issue by modifying the Application Sandbox to prevent direct access to the photo library.

Four of the fixed vulnerabilities affect the operating system's ImageIO framework and could have allowed maliciously crafted BMP, TIFF or JPEG images to lead to security breaches. iOS 4 also addresses a pair of flaws in the Passcode Lock system in which remote locking via MobileMe could result in the password already being entered at the next unlock or unauthorized pairing of a locked device to a computer could occur soon after initial booting following a shutdown in an unlocked state.

iOS 4 also addresses an issue with the Settings application in which a device connected to a hidden Wi-Fi network could incorrectly indicate that is connected to a different network. Finally, an assortment of other issues primarily involving overflow conditions that could lead to crashes or arbitrary code execution have also been fixed in CFNetwork, LibSystem, and libxml.

Article Link: iOS 4 Addresses Over 60 Security Vulnerabilities
 
Article Link
https://www.macrumors.com/2010/06/21/ios-4-addresses-over-60-security-vulnerabilities/
B

BigBoss

macrumors newbie
Jun 21, 2010
4
0
so does this mean the developers would see what we have on our phones or did i understand this wrong lol
 
axcess99

axcess99

macrumors regular
Jul 1, 2005
150
150
So anyone with an iPhone 1G running iPhoneOS3 is basically just stuck as bait for pwnage? Guess this truly is the death-knell for the original iphone.
 
C

cprail

macrumors newbie
Sep 3, 2007
21
0
Wow, not only the iPad I just bought is already outdated (half the memory of the iPhone 4), but it will also be abandoned by Apple in two years?
 
J

joshh2o

macrumors member
Mar 23, 2010
41
0
York, Pennsylvania
axcess99 said:
So anyone with an iPhone 1G running iPhoneOS3 is basically just stuck as bait for pwnage? Guess this truly is the death-knell for the original iphone.
Click to expand...

That is what I had thought too, but this is what it says on Apple's website:

*

Application Sandbox

CVE-ID: CVE-2010-1751

Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

Impact: An application may be able to infer the user's location without authorization

Description: The Application Sandbox does not prevent applications from directly accessing the user's photo library. This may allow an application to determine visited locations without authorization. This issue is addressed by modifying the Application Sandbox to prevent direct access to the user's photo library. Credit to Zac White for reporting this issue.
 
CalebF

CalebF

macrumors regular
Jun 11, 2010
127
0
Boutvet Island
strabes said:
Good job Apple.
Click to expand...

So Apple patches security vulnerabilities, it's a pat on the back... Microsoft does it and it's "you guys suck!". Nice double standard. :rolleyes:

I thought the whole of idea of using Apple products is peace of mind, not piece of your identity stolen.
 
Fraaaa

Fraaaa

macrumors 65816
Mar 22, 2010
1,081
0
London, UK
CalebF said:
So Apple patches security vulnerabilities, it's a pat on the back... Microsoft does it and it's "you guys suck!". Nice double standard. :rolleyes:

I thought the whole of idea of using Apple products is peace of mind, not piece of your identity stolen.
Click to expand...

That is why Apple has a close ecosystem, so that at least know what is going on and fixes it. I want to see how other smartphone manage this.

What about Microsoft?
 
CalebF

CalebF

macrumors regular
Jun 11, 2010
127
0
Boutvet Island
Fraaaa said:
That is why Apple has a close ecosystem, so that at least know what is going on and fixes it. I want to see how other smartphone manage this.

What about Microsoft?
Click to expand...

So closed means... uh, what? That only fellow Apple products thieves/users can steal your identity?

BP: "The size of the oil spill is small in comparison to the size of the ocean."

waiter: "The size of the cockroach is small in comparison to the size of the bowl of soup."

me: "This doesn't help me!"

And when you say "closed off ecosystem", let's call a spade here-- (infamous) Walled Garden.

You wouldn't let a non-Apple company get away w/ a "closed off" (proprietary Adobe flash"). More hypocrisy.
 
CalebF

CalebF

macrumors regular
Jun 11, 2010
127
0
Boutvet Island
JAT said:
That you don't like it, and we don't care.
Click to expand...

Nuh, nuh, nuh... I'm not going to let you drop it here. Closed means what? Meaning controlled by a certain source, Apple. So that means Steve says 'jump' and you say 'how high?'. So that means Microsoft and Google, etc. can't get away w/t hat but Apple can. You're basically accepting I'm right and there's some hypocrisy here ("some" to say the least)?

Look, I KNOW you either accept it, or you don't ("closed off ecosystem); I do. But some fanboys get all high and mighty thumbing their nose down at companies for doing the exact (exact, which tickles me pink to no end!) thing that Apple is doing.

So the Walled Garden is just prettier here in Appleland... I get it. I accept it and agree. But a Walled Garden is still a Walled Garden.

But back to security here... same thing. Backdoors, only a set of french doors (Apple) than a drab screendoor (Microsoft).
 
JackAxe

JackAxe

macrumors 68000
Jul 6, 2004
1,535
0
In a cup of orange juice.
Can I download this WITHOUT iAd? ... NO! OK, then my 2G Touch will forever be stuck with iOS 3.

Anyways, at least this newer OS is FREE, but with iAd being integrated into it, I'll be passing. I'm still bitter that Apple charged me TEN BUCKS to fix THEIR freaking BUGS with the iOS 3.0 update, bugs that should have been fixed with a FREE update... And to add insult to injury, they cut the price in half about a month later. GRUMBLES...
 
C

Caharin

macrumors member
Feb 21, 2010
30
0
cprail said:
Wow, not only the iPad I just bought is already outdated (half the memory of the iPhone 4), but it will also be abandoned by Apple in two years?
Click to expand...

joshh2o said:
Why will it be abandoned in two years?
Click to expand...

JAT said:
It was a comment on the 1G models which have just received the first FAIL from being unable to run iOS4. No doubt the second will come tomorrow.
Click to expand...

Actually, it was a comment on the iPad.

You, sir or ma'am, are the fail. :(
 
Fraaaa

Fraaaa

macrumors 65816
Mar 22, 2010
1,081
0
London, UK
CalebF said:
Nuh, nuh, nuh... I'm not going to let you drop it here. Closed means what? Meaning controlled by a certain source, Apple. So that means Steve says 'jump' and you say 'how high?'. So that means Microsoft and Google, etc. can't get away w/t hat but Apple can. You're basically accepting I'm right and there's some hypocrisy here ("some" to say the least)?

Look, I KNOW you either accept it, or you don't ("closed off ecosystem); I do. But some fanboys get all high and mighty thumbing their nose down at companies for doing the exact (exact, which tickles me pink to no end!) thing that Apple is doing..
Click to expand...

Excuse me who should control it? Do you want 3rd party doing this kind of job so that Apple won't put their hands on? Definetly anyone but Apple is more trusty. Have you ever had an issue with Apple regarding your security and privacy?

No one is accepting that you are right for the simple reason that you are not making sense. There haven't been hypocrisy either, just a non-sense rant and fanboysm has nothing to do with this.

CalebF said:
So closed means... uh, what? That only fellow Apple products thieves/users can steal your identity?
Click to expand...

Of course, because it really is this the whole point. You are not even making sense to yourself.


JAT said:
It was a comment on the 1G models which have just received the first FAIL from being unable to run iOS4. No doubt the second will come tomorrow.
Click to expand...


iOS 4 hardly works on 3G.
 
V

Vulpinemac

macrumors 6502a
Nov 6, 2007
677
0
Caharin said:
Actually, it was a comment on the iPad.

You, sir or ma'am, are the fail. :(
Click to expand...

Keep in mind also that the iPad will get its own version of iOS 4 by fall. I expect that version will boast some things the iPhone version can't handle.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom