iOS 4.2 includes massive security update for iPad and iPhone

All of the attention has been focused on the enhancements, while more than 80 security fixes flew in under the radar.

Apple has finally released the highly-anticipated iOS 4.2. While the attention around iOS 4.2 has been focused on the enhancements and new features -- particularly for the iPad, the update also fixes more than 80 vulnerabilities in the iPhone, iPod, and iPad.

It is common knowledge that iOS 4.2 introduces features like multitasking -- or at least Apple's pseudo version of multitasking -- a unified e-mail inbox, and the ability to organize apps by grouping them in folders to the iPad. It also includes a variety of enhancements aimed at IT admins that make it easier to manage and protect iPads connected to a corporate network. The massive barrage of security updates, however, flew in under the radar.

It's not that Apple is unwilling to admit that there are security issues, but Apple policy dictates that the vulnerabilities not be publicly disclosed until the patch is available. An Apple Web page detailing the security updates in iOS 4.2 explains, "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."

So, now that iOS 4.2 is out and the "patches or releases are available" it is safe to let you know that your iPhone, iPod, and iPad have been virtually Swiss cheese from a security standpoint. The iPhone and iPad are both now protected against more than 80 vulnerabilities -- many with critical security implications -- that most users were not even aware existed two days ago.

For example, viewing a PDF file is a relatively common task for an iPhone or iPad. According to Apple, it is also a potentially risky task on pre-iOS 4.2 devices. "A heap buffer overflow exists in FreeType's handling of TrueType opcodes [CVE-2010-3814]. Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking."

If you have surfed the Web on an iPhone or iPad, you might be interested to learn that a vast array of flaws exist that could allow an attacker to execute arbitrary malicious code on your device. There is also a vulnerability which reveals your surfing history. "A design issue exists in WebKit's handling of the CSS :visited pseudo-class. A maliciously crafted website may be able to determine which sites a user has visited. This update limits the ability of web pages to style pages based on whether links are visited."

These are just a few examples. Many of the more than 80 flaws addressed in iOS 4.2 have very serious security implications. While the general public wasn't aware of these flaws, attackers probably were. If they weren't they are now -- so the clock is ticking to get the iOS 4.2 update applied before malicious developers find ways to exploit these vulnerabilities.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Apple iOS 4.2patches & driversiphone 4tabletssoftwareoperating systemsAppleMac OSapple iphoneapple ipadiOS 4.2security

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?