Wednesday, 03 February 2010 08:22

iPhone OS 3.1.3 primarily a security update

The 3.1.3 update for the iPhone and iPod touch software contains multiple security updates and a few other bug fixes

iPhone OS 3.1.3 delivers five security fixes.

Two of the flaws addressed concern problems that can be exploited by maliciously crafted media files, with the possibility of arbitrary code execution. MP4 audio file handling had the possibility of a buffer overflow, while TIFF images could trigger a buffer underflow.

Both of these issues have been addressed through better bounds checking.

Flaws in the way iPhone OS parses FTP directory listings meant that a maliciously crafted FTP server could potentially extract information from the device, cause the application to crash, or execute arbitrary code.

You know the way a passcode can be set to lock an iPhone? Apple determined that a certain USB control message could cause memory corruption in such a way that the need to enter the passcode was avoided.

There's also a security issue involving Mail - please read on.

The final security issue concerned email. The iPhone OS Mail application uses WebKit to render HTML messages, and WebKit is supposed to honour Mail's setting that controls the loading of remote images.

The problem was that this test wasn't being applied to HTML 5 media elements, so remotely hosted content was downloaded regardless of the user's preference.

Why is that a security problem? One of the tricks used to track whether a particular message has been read is to include a 'web bug' - a usually small and often invisible item that can be used to determine if and when an email was read, the recipient's IP address, and potentially the email address of someone visiting a web site.

Three non-security issues are addressed by the 3.1.3 update.

The accuracy of the battery indicator has been improved on the iPhone 3GS.

A app-crashing bug involving the Japanese Kana keyboard has been fixed.

Please read on for the remaining issues fixed in iPhone OS 3.1.3.

A problem that could prevent third-party apps from launching has also been fixed.

The iPhone OS 3.1.3 update is compatible with all models of the iPhone and iPod touch.

It is available via the iTunes application on Mac OS X or Windows.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News