MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,534
15,253
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png


205529-ios_4_lock.png


Apple has posted a new support document outlining the security content of iOS 4, released earlier today. The document covers well over 60 security vulnerabilities addressed with the new release for the operating system behind Apple's mobile devices. Fifty of the security issues addressed involve WebKit, the engine behind Apple's mobile Safari browser included on all iOS devices, while a handful of other issues affect the specific Safari implementation of WebKit in iOS.

One issue addressed in iOS 4 involves the ability of third-party applications to access a user's photo library, indirectly allowing the applications to infer a user's location without explicit authorization via the geolocation information. iOS 4 addresses the issue by modifying the Application Sandbox to prevent direct access to the photo library.

Four of the fixed vulnerabilities affect the operating system's ImageIO framework and could have allowed maliciously crafted BMP, TIFF or JPEG images to lead to security breaches. iOS 4 also addresses a pair of flaws in the Passcode Lock system in which remote locking via MobileMe could result in the password already being entered at the next unlock or unauthorized pairing of a locked device to a computer could occur soon after initial booting following a shutdown in an unlocked state.

iOS 4 also addresses an issue with the Settings application in which a device connected to a hidden Wi-Fi network could incorrectly indicate that is connected to a different network. Finally, an assortment of other issues primarily involving overflow conditions that could lead to crashes or arbitrary code execution have also been fixed in CFNetwork, LibSystem, and libxml.

Article Link: iOS 4 Addresses Over 60 Security Vulnerabilities
 

BigBoss

macrumors newbie
Jun 21, 2010
4
0
so does this mean the developers would see what we have on our phones or did i understand this wrong lol
 

axcess99

macrumors member
Jul 1, 2005
87
97
So anyone with an iPhone 1G running iPhoneOS3 is basically just stuck as bait for pwnage? Guess this truly is the death-knell for the original iphone.
 

cprail

macrumors newbie
Sep 3, 2007
21
0
Wow, not only the iPad I just bought is already outdated (half the memory of the iPhone 4), but it will also be abandoned by Apple in two years?
 

joshh2o

macrumors member
Mar 23, 2010
41
0
York, Pennsylvania
So anyone with an iPhone 1G running iPhoneOS3 is basically just stuck as bait for pwnage? Guess this truly is the death-knell for the original iphone.

That is what I had thought too, but this is what it says on Apple's website:

*

Application Sandbox

CVE-ID: CVE-2010-1751

Available for: iOS 2.0 through 3.1.3 for iPhone 3G and later, iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later

Impact: An application may be able to infer the user's location without authorization

Description: The Application Sandbox does not prevent applications from directly accessing the user's photo library. This may allow an application to determine visited locations without authorization. This issue is addressed by modifying the Application Sandbox to prevent direct access to the user's photo library. Credit to Zac White for reporting this issue.
 

CalebF

macrumors regular
Jun 11, 2010
127
0
Boutvet Island
Good job Apple.

So Apple patches security vulnerabilities, it's a pat on the back... Microsoft does it and it's "you guys suck!". Nice double standard. :rolleyes:

I thought the whole of idea of using Apple products is peace of mind, not piece of your identity stolen.
 

Fraaaa

macrumors 65816
Mar 22, 2010
1,081
0
London, UK
So Apple patches security vulnerabilities, it's a pat on the back... Microsoft does it and it's "you guys suck!". Nice double standard. :rolleyes:

I thought the whole of idea of using Apple products is peace of mind, not piece of your identity stolen.

That is why Apple has a close ecosystem, so that at least know what is going on and fixes it. I want to see how other smartphone manage this.

What about Microsoft?
 

CalebF

macrumors regular
Jun 11, 2010
127
0
Boutvet Island
That is why Apple has a close ecosystem, so that at least know what is going on and fixes it. I want to see how other smartphone manage this.

What about Microsoft?

So closed means... uh, what? That only fellow Apple products thieves/users can steal your identity?

BP: "The size of the oil spill is small in comparison to the size of the ocean."

waiter: "The size of the cockroach is small in comparison to the size of the bowl of soup."

me: "This doesn't help me!"

And when you say "closed off ecosystem", let's call a spade here-- (infamous) Walled Garden.

You wouldn't let a non-Apple company get away w/ a "closed off" (proprietary Adobe flash"). More hypocrisy.
 

CalebF

macrumors regular
Jun 11, 2010
127
0
Boutvet Island
That you don't like it, and we don't care.

Nuh, nuh, nuh... I'm not going to let you drop it here. Closed means what? Meaning controlled by a certain source, Apple. So that means Steve says 'jump' and you say 'how high?'. So that means Microsoft and Google, etc. can't get away w/t hat but Apple can. You're basically accepting I'm right and there's some hypocrisy here ("some" to say the least)?

Look, I KNOW you either accept it, or you don't ("closed off ecosystem); I do. But some fanboys get all high and mighty thumbing their nose down at companies for doing the exact (exact, which tickles me pink to no end!) thing that Apple is doing.

So the Walled Garden is just prettier here in Appleland... I get it. I accept it and agree. But a Walled Garden is still a Walled Garden.

But back to security here... same thing. Backdoors, only a set of french doors (Apple) than a drab screendoor (Microsoft).
 

JackAxe

macrumors 68000
Jul 6, 2004
1,535
0
In a cup of orange juice.
Can I download this WITHOUT iAd? ... NO! OK, then my 2G Touch will forever be stuck with iOS 3.

Anyways, at least this newer OS is FREE, but with iAd being integrated into it, I'll be passing. I'm still bitter that Apple charged me TEN BUCKS to fix THEIR freaking BUGS with the iOS 3.0 update, bugs that should have been fixed with a FREE update... And to add insult to injury, they cut the price in half about a month later. GRUMBLES...
 

Caharin

macrumors member
Feb 21, 2010
30
0
Wow, not only the iPad I just bought is already outdated (half the memory of the iPhone 4), but it will also be abandoned by Apple in two years?

Why will it be abandoned in two years?

It was a comment on the 1G models which have just received the first FAIL from being unable to run iOS4. No doubt the second will come tomorrow.

Actually, it was a comment on the iPad.

You, sir or ma'am, are the fail. :(
 

Fraaaa

macrumors 65816
Mar 22, 2010
1,081
0
London, UK
Nuh, nuh, nuh... I'm not going to let you drop it here. Closed means what? Meaning controlled by a certain source, Apple. So that means Steve says 'jump' and you say 'how high?'. So that means Microsoft and Google, etc. can't get away w/t hat but Apple can. You're basically accepting I'm right and there's some hypocrisy here ("some" to say the least)?

Look, I KNOW you either accept it, or you don't ("closed off ecosystem); I do. But some fanboys get all high and mighty thumbing their nose down at companies for doing the exact (exact, which tickles me pink to no end!) thing that Apple is doing..

Excuse me who should control it? Do you want 3rd party doing this kind of job so that Apple won't put their hands on? Definetly anyone but Apple is more trusty. Have you ever had an issue with Apple regarding your security and privacy?

No one is accepting that you are right for the simple reason that you are not making sense. There haven't been hypocrisy either, just a non-sense rant and fanboysm has nothing to do with this.

So closed means... uh, what? That only fellow Apple products thieves/users can steal your identity?

Of course, because it really is this the whole point. You are not even making sense to yourself.


It was a comment on the 1G models which have just received the first FAIL from being unable to run iOS4. No doubt the second will come tomorrow.


iOS 4 hardly works on 3G.
 

Vulpinemac

macrumors 6502a
Nov 6, 2007
677
0
Actually, it was a comment on the iPad.

You, sir or ma'am, are the fail. :(

Keep in mind also that the iPad will get its own version of iOS 4 by fall. I expect that version will boast some things the iPhone version can't handle.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.