Nov 12, 2007

Apple patches security hole with iPhone update

Apple made the software available for download last Thursday, but on Monday it began pushing it out automatically to users via its iTunes updating mechanism.The iPhone uses iTunes to scan for security updates once per week, so users will gradually be offered this new firmware over the next seven days.

The update fixes a bug in the way that the iPhone renders TIFF (Tagged Image File Format) images.

The bug patch is a bit of a mixed blessing for iPhone enthusiasts. While it fixes a critical security vulnerability, that flaw had been used by iPhone developers in the unauthorized Jailbreak software that is used to run third-party applications. The update makes it difficult for users of brand-new iPhones to install Jailbreak.

Apple has been in a tug of war with some developers who have had to circumvent Apple's security measures in order to get their software to run on the iPhone. Apple initially wanted to prevent all third-party code from running directly on its mobile device, but in recent months the company has reversed course and promised to give developers a way to run their code on the iPhone. This software development kit (SDK) will become available in February 2008.

Apple's unauthorized developers have already found a way to stay ahead of Apple's latest software update.

Users with Jailbreak on their iPhone 1.1.1 systems are being advised to first install an application called OktoPrep, according to a post on the Unofficial Apple Weblog. This allows them to update to 1.1.2 without compromising their ability to run unauthorized software on the device.
Link