Apple has posted a new support document online, describing all the security vulnerabilities they have addressed with the release of iOS 4.
There are over 60 fixed security issues (64 to be exact) and most of them are about Webkit and Safari implementation in iOS’ Webkit, as Macrumors first noticed. But there are other fixes as well:
“One issue addressed in iOS 4 involves the ability of third-party applications to access a user’s photo library, indirectly allowing the applications to infer a user’s location without explicit authorization via the geolocation information. iOS 4 addresses the issue by modifying the Application Sandbox to prevent direct access to the photo library.
Four of the fixed vulnerabilities affect the operating system’s ImageIO framework and could have allowed maliciously crafted BMP, TIFF or JPEG images to lead to security breaches. iOS 4 also addresses a pair of flaws in the Passcode Lock system in which remote locking via MobileMe could result in the password already being entered at the next unlock or unauthorized pairing of a locked device to a computer could occur soon after initial booting following a shutdown in an unlocked state.”
It’ll be interesting to see how iOS 4 will hold up against hackers at next year’s Pwn2Own.