Security Updates in iPhone OS 2.2

November 21, 2008 · Print This Article

Apple has released a tech note regarding safety measure enhancements included in iPhone OS 2.2. Here is a synopsis of the changes that apply to protection for the iPhone and iPod Touch:

CoreGraphics Changes to CoreGraphics prevent maliciously crafted websites from causing unexpected application termination or arbitrary cipher execution.

ImageIO Changes to ImageIO prevent the use of maliously crafted TIFF images from causing unexpected application termination, arbitrary cipher execution or device reset/reboot.

Networking Changes to Networking were made to insure that the unmistaken encryption level for PPTP VPN connections is at the right level when it was often lower than expected.

Office Viewer Changes were made to the OS ability to display Microsoft Office files particularly with Microsoft Excel files.

Passcode Lock We’ll take a miss closer look at Passcode Lock since its the change most likely to be noticed by most iPhone users and, unfortunately, the one with the most potential for confusion.

The first issue resolved for Passcode Lock is the issue wherein emergency calls are not restricted to emergency numbers. Apple does not define the term “emergency numbers” in their bulletin, only referring to “a limited set of phone numbers”, but in our tests, we could not dial 713-xxx-xxxx.

The second issue involves iPhone restores. Previously, when you restored the iPhone from a backup, the Passcode Lock was not re-enabledm, and someone with access to the device could access goods and launch apps without the passcode. that has been resolved in iPhone OS 2.2.

Finally (and that is the most confusing of all the changes to the Passcode Lock

feature), short information service (SMS) messages were–prior to iPhone OS 2.2–revealed before the passcode was entered.

Under iPhone OS 2.2, we sent three text messages from AT&T’s website to our iPhone while the phone was locked. In all cases, the messages displayed on the lock screen showing the actual report and its text along with the slider to unlock the screen. that was with Settings > General > Passcode Lock > Show SMS Preview to ON. You cannot touch the notice to open the SMS App. You have to use the slider, enter your passcode and thereupon you can get to the SMS App. You cannot touch a texted phone number from the lock screen to launch the Phone App and dial a number automatically either.

Rather than display the actual text letter the phone now displays what you see below. You have to enter your passcode to see the actual information itself. No more previews. Hence no dialing again from these tryout messages while the lock is engaged and you cannot read them either since you only see the generic notice above.

Mobile Safari Changes were made to Mobile Safari’s ability to pact with mishandling of HTML table elements, use of iframe elements on a website for interface spoofing, maliously crafted websites may initiate a phone yell without user interaction some of these would lead to an unexpected application termination or arbitrary cipher execution.

Webkit Changes were made to WebKit to prevent the disclosure of sensitive info disclosed to a person with access to an unlocked device.

[carousel list=”NewReleases” category=”Books” keywords=”muscle” showBorder=”True” shuffleProducts=”True” width=”400″ height=”150″]

Share: These icons link to social bookmarking sites where readers can share and discover new web pages.