iOS 4.1: Critical security update for iPhone and iPod Touch users

Filed Under: Apple, Mobile, Vulnerability

iPod Touch and iPhone
Apple has released iOS 4.1, an updated version of its mobile operating system for the iPhone and iPod Touch.

New features vary depending on which device you own, and how old it is, but some folks will benefit from better photos via HDR (High Dynamic Resolution), Game Center, and the ability to upload high definition video to the likes of YouTube via WiFi.

But these aren't the only reasons why you might want to consider updating your iPod Touch or iPhone, as the new version of the operating system also includes a number of critical security updates.

Inevitably these haven't been advertised or mentioned as extensively as the flashy new bells-and-whistles.

Vulnerabilities which are reportedly patched by iOS 4.1 include flaws that could allow hackers to run malicious code on your device by sending you a maliciously-crafted GIF or TIFF image file, or visiting a boobytrapped website. These are techniques which are frequently used by malware authors on other operating systems.

So, as with less sexy desktop-based operating systems, you need to ensure that you keep your iPhone and iPod Touch up-to-date with the latest security patches. If your device can upgrade to iOS 4.1, it would seem like a good idea to do so.

The update is available via iTunes for the iPhone 4, iPhone 3GS, iPhone 3G and iPod Touch 2nd Generation or later.

Separately, claims have emerged that enthusiasts may already have found a way to jailbreak iOS 4.1, allowing users to run unauthorised code on their iPhone or iPod Touch and potentially opening the door for more attacks like the Duh and Ikee worms we saw last year.

There's speculation that Apple may find this latest jailbreaking vector tricky to defeat in a simple way - as unlike earlier exploits it appears the Cupertino-bsaed firm won't be able to patch against it via a software update.


You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley