Update your Apple devices to iOS 4.3, or risk malicious code attacks

iOS appsApple has released iOS 4.3, the latest version of its operating system for iPhones, iPads and the iPod touch.

Although some will be excited by the promise of faster performance from Safari, better video streaming and the thought of sharing their iTunes library over WiFi around the home, perhaps the most important reason to install the update onto your Apple gadgets is security.

According to Apple, the new iOS 4.3 update includes a number of critical security patches – some of which are designed to prevent vulnerabilities being exploited that could lead to malicious code being run on your iPhone or iPad.

Details of the security fixes are included in an Apple knowledgebase article, and include protecting against maliciously-crafted TIFF image files that could be used to run malicious code on your device, and multiple memory corruption issues exist in WebKit, which could mean that visiting a boobytrapped website could lead to unauthorised code being executed.

Sign up to our free newsletter.
Security news, advice, and tips.

These are, of course, the kind of vulnerabilities that have been exploited by malicious hackers and virus writers in the past and would present a way to deliver code to a non-jailbroken iPhone that did not involve entering via the official iPhone App Store.

There is no indication that these vulnerabilities have been exploited in the wild, but it would nevertheless be prudent to defend against them by installing the operating system patch to your iOS devices. Especially now that details of the security holes are known to the computer underground.

Bad news for iPhone 3G owners
There’s bad news though for users of older Apple devices, however. The iOS 4.3 update is only compatible with the iPhone 3GS and later and the iPod touch 3rd generation and later. (It works on the original iPad, and the imminent iPad 2)

So if you have an earlier iPhone or iPod touch your device is probably vulnerable to attacks which exploit these security holes, and there is no official patch available for you to protect yourself. That’s bad news for the many people who still have an iPhone 3G, for instance.

If you were looking for an excuse to upgrade your iPhone or iPod touch – maybe you’ve just been given a good one by Apple. But if you were happy with your iPhone 3G, I doubt you’re feeling too good about having to reach into your pocket.

Apple customers can download the iOS 4.3 update via iTunes, and more information about the update can be found on Apple’s website.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.