Apple has issued a new patch for five flaws in its iPhone and iPod touch devices, three of which could be labeled as “critical”.
The company doesn’t label updates according to importance, but three of the flaws allow “arbitrary code execution”.
As noted in a V3.co.uk story, the most critical flaws affect the products’ CoreAudio, ImageIO and WebKit technologies. The flaw in CoreAudio means that playing a maliciously coded mp4 audio file could lead to “unexpected application termination or arbitrary code execution”, while viewing a malicious TIFF image could do the same due to the ImageIO vulnerability.
The update also includes a patch for a vulnerability in recovery mode that could allow a person with physical access to an iPhone or iPod touch to override the passcode and access user data.
To download the patch, labeled as iPhone OS 3.1.3 and iPhone 3.1.3 for iPod touch, visit the Apple security page. More information on the updates and vulnerabilities are available on the site.