Apple Patches The iPhone, Turns Some Into iBricks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Apple Patches The iPhone, Turns Some Into iBricks

The iPhone V1.1.1 update, which shipped Thursday, is a giant patch, fixing issues with the device's mail service, a bug in Bluetooth, and seven bugs in Safari.

Apple came out Thursday with an iPhone software update that patches 10 security bugs that could enable a hacker to remotely execute malicious code, reveal e-mail credentials, or even make a call without the user's consent. In some cases, however, where the user has tinkered with the guts of the iPhone, the software update has rendered the phone unusable.

The update -- iPhone V1.1.1 -- patches one bug in Bluetooth, two in the device's mail service, and seven in its Safari browser. U.S.-CERT is "strongly encouraging" users to review the advisory and follow best practices in determining what updates should be applied.

The fixes come out amid a lot of brouhaha in the research and hacker communities about software for sale that would enable the smartphone to work on any service provider with a standard GSM SIM card. Just this past Monday, though, Apple warned users that unlocking the programs used to connect the device to cellular networks other than AT&T's causes "irreparable damage." The company also warned that the modifications would probably cause the iPhone to be inoperable when the updates were released.

It's not yet clear what the total effect will be from the fixes on unlocked devices, though reports are surfacing online that the update has disabled at least some unlocked iPhones. It's being reported on Gizmodo that the software update may make unlocked iPhones unusable.

"For those who have 'unlocked' their iPhones, there were stories in the press over the last week that a future update would turn the unlocked iPhones into expensive paperweights," wrote Jim Clausing, a handler with the Internet Storm Center, on its daily blog. "It is unclear at present if this update is the one that does it or not (probably not based on the descriptions of the updates included)."

According to Apple's advisory, the update addresses an input validation flaw in the iPhone's Bluetooth server. An attacker within Bluetooth range may be able to crash the application or remotely run malicious code on the device. The company noted that performing additional validation of SDP packets fixes the bug. Apple is giving credit to Kevin Mahaffey and John Hering of Flexilis Mobile Security for finding and reporting the vulnerability.

The update also fixes two separate bugs in the iPhone's mail service. Because of one flaw, checking e-mail over untrusted networks may lead to information disclosure via a man-in-the-middle attack, according to the advisory. Because of the second mail bug, if a user clicks on a telephone link in an e-mail message, an attacker can cause the device to place a call without user confirmation. Apple explained that the patch fixes the problem by providing a confirmation window before dialing a phone number via a telephone link in mail. The company is crediting Andi Baritchi of McAfee for reporting the dialing issue.

The seven patches for the iPhone's Safari browser fix problems that include the disclosure of URLs, unintended dialing, and several issues with cross-site scripting. It wasn't noted if the bugs in the iPhone version of Safari also would plague Mac and Windows desktop users.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll