Apple updates for iOS and iWork ’09 fix 4 security flaws

NSA tracking hundred of millions of mobile phone locations worldwide

iPhoneHot on the heels of last week’s release of OS X 10.7 (Lion), Apple has released three security updates for its office suite, iWork, and one security fix for iOS on iPhone, iPod Touch and iPad.

iOS has been updated to version 4.3.5, unless you are a Verizon user in which case you get iOS 4.2.10. This update fixes a flaw in X.509 certificate handling and could allow attackers to intercept SSL/TLS secure connections from iDevices.

I recommend applying this update as soon as possible as this could be a serious security and privacy risk. As usual you can get the update inside of iTunes and need to connect your Apple device to iTunes to apply the update.

iWork logoOf the three flaws that affect iWork ’09, two apply to the Numbers application and one applies to Pages. All three of the flaws could allow code execution through booby-trapped documents. This is a very common technique for exploiting people this year as Kris Braun and I discussed in this week’s Chet Chat.

iWork updates can be applied through the Software Update application found under the Apple logo in the upper-left corner of OS X user’s desktops.