Apple has released, only through their iTunes application, a 1.1.2 system update for the iPhone and the iPod Touch.
This addressed an “ImageIO” vulnerability that could allow the execution of malicious code through the viewing of a doctored TIFF image, according to Apple.
The malicious TIFF image could cause a buffer overflow that could either crash an application or run code, according to Apples technical note on the issue.
The problem, Apple said, affects not only the iPhone and iPod Touch with version 1.1.1 software, but also the desktop Mac OS X systems before versions 10.3.9 and 10.4.7 with Security Update 2006-004. Mac OS X 10.4.8 and later are not affected.
The 1.1.2 update also provides an icon in the iTunes source list signifying that the iPhone or iPod Touchs battery is charging. Other changes in the update include: support for event creation; editing in the iPod Touchs Calendar application; separate Custom and Standard ring tone lists; and more support for international languages.
This update breaks AppSnapp, one previous method of “jailbreaking,”—that is, hacking the iPod Touch and iPhone to enable users to place new applications on the main screen.
Users who have installed AppSnapp and then updated to v1.1.2 have said that this does not “brick” their devices, but does remove the installed applications.
However, one group, Conceited Software, has released a jailbreak method for the iPod Touch and iPhone with the 1.1.2 software. Their donationware solution does require users first to restore their devices to the 1.1.1 software and install some software, then update to 1.1.2, and then run the final jailbreak.
Apple representatives could not be reached for comment.
Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.