Among the many improvements to the iPhone with the 2.1 software update posted on Friday are changes meant to enhance security on the device. Apple has provided details about what’s changed. All of the changes affect security issues noted for iPhone 2.0 through 2.0.2 software releases. None of the problems affect iPhone software prior to 2.0.
The Application Sandbox has been updated to enforce proper access restrictions between application sandboxes. This could lead to the disclosure of sensitive information. FreeType vulnerabilities have been closed.
Changes have also been made to improve security with the iPhone’s network connectivity. mDNSResponder has been updated to reduce susceptibility to DNS cache poisoning. TCP initial sequence numbers are now randomly generated, to thwart remote attackers from spoofing TCP connections.
The Passcode Lock feature is used to keep users from making accessing the iPhone without entering a multi-digit code. That feature could be thwarted thanks to an exploit involving the handling of emergency calls; that has been corrected.
WebKit on the iPhone has also been updated to address an issue associated with the handling of Cascading Style Sheet (CSS) import statements. Document reference handling has been improved to prevent this problem from occurring.