Along with a host of new features, version 3.0 comes fitted with patches for 46 security vulnerabilities. The upgrade fixes everything from heap buffer overflows, multiple memory corruption issues in the handling of PDF files to cross-site scripting flaws, according to Apple.
For example, one patch updates the iPhone mail application to enable more user discretion in the loading of remote images within HTML messages. The app was upgraded so that an application cannot cause an alert to appear that could be enlisted to initiate a phone call without the user's knowledge.
Another patch fixes what could have led to the disclosure of credentials or application data when users of Microsoft's Exchange server accept an untrusted certificate.
In the commercial space, the latest iPhone version contains a number of security advancements for businesses considering deployment, including hardware encryption and remote-wipe capabilities, experts told SCMagazineUS.com.
"The iPhone is a very powerful enterprise tool," said Mark Rotman, president of MessageWare, a Canada-based vendor that offers solutions to enhance and secure Outlook Web Access. "This is a very impressive device...and a great enterprise-ready entry."
See original article on scmagazineus.com
Latest upgrade to iPhone includes 46 security fixes
By
Greg Masters
on
Jun 19, 2009 10:16AM

Apple has released the long-anticipated upgrade to its iPhone operating system.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future

Video: Watch Juniper talk about its Aston Martin partnership