Along with a host of new features, version 3.0 comes fitted with patches for 46 security vulnerabilities. The upgrade fixes everything from heap buffer overflows, multiple memory corruption issues in the handling of PDF files to cross-site scripting flaws, according to Apple.
For example, one patch updates the iPhone mail application to enable more user discretion in the loading of remote images within HTML messages. The app was upgraded so that an application cannot cause an alert to appear that could be enlisted to initiate a phone call without the user's knowledge.
Another patch fixes what could have led to the disclosure of credentials or application data when users of Microsoft's Exchange server accept an untrusted certificate.
In the commercial space, the latest iPhone version contains a number of security advancements for businesses considering deployment, including hardware encryption and remote-wipe capabilities, experts told SCMagazineUS.com.
"The iPhone is a very powerful enterprise tool," said Mark Rotman, president of MessageWare, a Canada-based vendor that offers solutions to enhance and secure Outlook Web Access. "This is a very impressive device...and a great enterprise-ready entry."
See original article on scmagazineus.com
