Apple heeft vorige week een update uitgebracht voor de vierde generatie van het besturingssysteem voor de iPhone en de iPod touch. Het bijwerken van de software is eenvoudig: het enige wat moet worden gedaan is de iPhone koppelen aan een Windows- of Mac OS X-computer waarop versie 9.2 van iTunes is geïnstalleerd. Versie 4.0.2 lost twee beveiligingsproblemen op:
iOS 4.0.2 Update for iPhone and iPod touch
- FreeType
CVE-ID: CVE-2010-1797
Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later
Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution
Description: A stack buffer overflow exists in FreeType's handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.- IOSurface
CVE-ID: CVE-2010-2973
Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later
Impact: Malicious code running as the user may gain system privileges
Description: An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.