Tuesday, March 15, 2011

Update your Apple devices to iOS 4.3

Update your Apple devices to iOS 4.3, or risk malicious code attacks

Amplify’d from nakedsecurity.sophos.com

Update your Apple devices to iOS 4.3, or risk malicious code attacks

iOS appsApple has released iOS 4.3, the latest version of its operating system for iPhones, iPads and the iPod touch.

Although some will be excited by the promise of faster performance from Safari, better video streaming and the thought of sharing their iTunes library over WiFi around the home, perhaps the most important reason to install the update onto your Apple gadgets is security.

According to Apple, the new iOS 4.3 update includes a number of critical security patches - some of which are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on your iPhone or iPad.

iOS apps

Details of the security fixes are included in an Apple knowledgebase article, and include protecting against maliciously-crafted TIFF image files that could be used to run malicious code on your device, and multiple memory corruption issues exist in WebKit, which could mean that visiting a boobytrapped website could lead to unauthorised code being executed.

These are, of course, the kind of vulnerabilities that have been exploited by malicious hackers and virus writers in the past and would present a way to deliver code to a non-jailbroken iPhone that did not involve entering via the official iPhone App Store.

There is no indication that these vulnerabilities have been exploited in the wild, but it would nevertheless be prudent to defend against them by installing the operating system patch to your iOS devices. Especially now that details of the security holes are known to the computer underground.

Bad news for iPhone 3G owners

There's bad news though for users of older Apple devices, however. The iOS 4.3 update is only compatible with the iPhone 3GS and later and the iPod touch 3rd generation and later. (It works on the original iPad, and the imminent iPad 2)

So if you have an earlier iPhone or iPod touch your device is probably vulnerable to attacks which exploit these security holes, and there is no official patch available for you to protect yourself. That's bad news for the many people who still have an iPhone 3G, for instance.

If you were looking for an excuse to upgrade your iPhone or iPod touch - maybe you've just been given a good one by Apple. But if you were happy with your iPhone 3G, I doubt you're feeling too good about having to reach into your pocket.

Apple customers can download the iOS 4.3 update via iTunes, and more information about the update can be found on Apple's website.

Read more at nakedsecurity.sophos.com
 

No comments: