But the patch, while closing critical security holes all relating to the way in which the devices process TIFF images, will have the most impact on developers who have been installing third-party software on the iPhone, Paul Henry, vice president of technology evangelism at Secure Computing, told SCMagazineUS.com today.
Hackers had been exploiting the vulnerability to install software known as "jailbreak," which lets them gain root control of the phone to add non-proprietary applications, Henry said. Now, these same researchers will have to revert to the original software that remains vulnerable to the exploit.
"You 'backrev' the software to the previous version and you're back in business," he said.
According to Apple, the vulnerability lies in ImageIO, a framework that permits Mac OS X applications to read and write most image file formats, which is open to multiple buffer overflows.
"By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution," Apple said in an advisory.
Users can upgrade to the iPhone and iPod Touch versions 1.1.2 through iTunes only; it will not be available on the Software Update application or through the Apple Downloads website.
This is the third iPhone version update since the hot gadget was released at the start of the summer. Since then, many hacker groups have emerged in a quest to unlock the device.
Apple Chief Executive Officer Steve Jobs announced last month that third-party applications designed for the iPhone will be made available to consumers in February.
See original article on SC Magazine US
Apple releases iPhone, iTouch update
By Dan Kaplan on Nov 14, 2007 9:53AM