Just recently, Apple released iPhone OS firmware 3.1.3. Our own Sofia Fontes wrote about the iPhone OS 3.1.3 being available, but I thought I would go into the details of the non-apparent bugs. In it contains fixes for both the iPhone and iPod Touch. For your convenience, here are they are:
There are 3 possible code execution bugs, and one that may load audio when remote loading is disabled, and one that may allow access to data. One in Core Audio that could result in code execution from a maliciously crafted mp4 file. One in ImageIO that could result in code execution from a maliciously crafted TIFF file. One when accessing a maliciously crafted FTP server that could result in arbitrary code execution. All three of these exploits can lead to a hacker running just about anything they want to on your phone. This includes, but is not limited to, reading all the data that traverses the network, sending out text messages that you did not intend to (including spam), running services, or simply rebooting your device.
The Audio loading bug is in the rendering engine. Mail.app may load some remote audio or video content despite your remote fetching configuration. That seriously spooks me. Not necessarily the worst thing on the planet, but it can really kill your data bandwidth cap, should you have one, while on 3G.
The ‘User Data Access Bug’ involves Recovery Mode. A user may be able to ‘access the user’s data’ by using a specially crafted USB control message. This one is not that serious, as it requires physical access to the device. This bug is the most serious for Jail-breakers. This was the method used to jailbreak your iPhone OS 3.1.2 device. Despite this hole being closed, I’m almost certain that the Jailbreakers will be happy to find yet another way around the restrictions to free their devices.
The updates for your iPhone OS Device can be obtained by plugging in your iPhone or iPod Touch and selecting ‘Check For Updates’. The update is free for all iPhone owners, it applies to all of the iPhones. If you’re an iPod Touch user, and you have already updated to 3.1 this update is also free. If you have an iPod Touch and are still on version 2.X, the update will cost your $4.95.
Source is from Apple.com.
Photo Credit: William Hook
