While many people (me included) are happy to update their devices to iOS 4.2 for the new features enabled, most are not aware of the security fixes included that are also necessary. iOS 4.2 (like many iOS updates prior) includes fixes to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, initiate a call, cause a denial-of-service condition, gain system privileges, or obtain sensitive information on your iPhone, iPad, or iTouch. (While there is an update for AppleTV also, I’m not aware of what, if any, vulnerabilities were addressed with that update).
A quick overview of these fixes includes fixing an issue with the new iAD service where the ads could send you to malicious sites, fixing mail issues where properly formatted HTML emails could send information back to the sender of the email, and a network issue where properly formatted PIM messages could cause a denial of service situation or the device to completely shut down.
To see a full list of the vulnerabilities addressed, please see Apple’s security page here: http://support.apple.com/kb/HT4456
- Redsn0w jailbreak already live for iOS 4.2.1 on all devices (tuaw.com)
- iOS Tutorial: How to Update Your iPhone to iOS 4.2 (brighthub.com)
- Apple iOS 4.2 Hands-On (apple.slashdot.org)
- iOS 4.2: Our Complete Walkthrough (macstories.net)
- Ars goes hands-on with AirPlay on iOS 4.2 and Apple TV (arstechnica.com)