Apple leaves iPhone 3G users exposed to security holes, Sophos warns
March 2011 by Sophos
Sophos is advising users of Apple iPhones and iPads to patch their devices with the latest software update - iOS 4.3 - to protect against the possibility of a hacker attack, but also notes that Apple is leaving some of its devices undefended.
The new iOS 4.3 update includes a number of critical security patches, but despite the security implications, these are not being offered for older models of the iPhone and iPod touch. The extra security features are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on the Apple devices.
Security fixes include protecting against maliciously-crafted TIFF image files that could be used to run malicious code, and multiple memory corruption issues in ’WebKit’, which could mean that visiting a boobytrapped website could lead to the execution of unauthorised code.
The iOS 4.3 update is, however, only compatible with the iPhone 3GS and later, the iPod touch 3rd generation and later, in addition to both the iPad and the imminent iPad 2.
"If you have an earlier iPhone or iPod touch, your device is potentially vulnerable to attacks which could exploit these known security holes, and there is no official patch available for you to protect yourself," said Graham Cluley, senior technology consultant at Sophos. "That’s bad news for the very many people who still have an iPhone 3G, for instance. If you were looking for an excuse to upgrade your iPhone or iPod touch - maybe you’ve just been given a good one by Apple. But if you were happy with your iPhone 3G, I doubt you’re feeling too good about having to reach into your pocket."