Date: Wednesday, November 24th, 2010, 08:41
Category: News, security, Software
Following Apple’s Monday release of iOS 4.2 for iPads, iPhones and iPod touch devices, the company outlined its security fixes in a Knowledge Base entry posted online.
Per Macworld, many of the patches protect against malicious attackers running code on your device, which could in theory be used for all sorts of malicious purposes. Vulnerabilities were corrected for WebKit, Configuration Profiles, CoreGraphics, FreeType (in PDF rendering), and more to prevent against this type of attack.
iOS 4.2 also includes a fix for iAd content display, to prevent attackers in what Apple calls “a privileged network position” to force phone calls from your device without your permission. A separate fix for Mail corrects an issue where carefully-crafted HTML emails could track whether you viewed a message, even if you had turned off remote image loading in Settings.
The update also addresses a situation where your MobileMe password could become visible to an outside user in a privileged network position when using the Photos app to send images to the service. iOS 4.2 also corrects a race condition that could force the Reset Safari option to take a full 30 seconds to remove your saved Web passwords–during which time a speedy user with access to your device could still log in to those sites.
So, there you have it. And if you’ve noticed any major changes in iOS that you’d like to comment on, let us know.