This article has been archived and is no longer updated by Apple.

About the security content of iPhone v1.1.2 and iPod touch v1.1.2 Updates

This document describes the security content of the iPhone v1.1.2 and iPod touch v1.1.2 Updates, which can be downloaded and installed via iTunes.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

iPhone v1.1.2 and iPod touch v1.1.2 Updates

ImageIO

CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465

Available for: iPhone v1.0 through v1.1.1, iPod touch v1.1 and v1.1.1

Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.

Description: ImageIO contains a version of libtiff that is vulnerable to multiple buffer overflows. By enticing a user to view a maliciously crafted TIFF image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issues by performing additional validation of TIFF images. These issues do not affect Mac OS X v10.3.9 systems with Security Update 2006-004, Mac OS X v10.4.7 systems with Security Update 2006-004, or systems running Mac OS X v10.4.8 or later. Credit to Tavis Ormandy, Google Security Team for reporting this issue.

Installation note:

This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an internet connection and have installed the latest version of iTunes from www.apple.com/itunes.

iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "Don't install" will present the option the next time you connect your iPhone or iPod touch.

The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the "Check for Update" button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer.

To verify that the iPhone or iPod touch has been updated:

  1. Navigate to Settings

  2. Click General

  3. Click About.The Version after applying this update will be "1.1.2 (3B48)" or later.

Published Date: