iPhone 2.0 Includes Critical Security Fixes

Apple fans who bought their iPhones before Friday’s splashy iPhone 3G rollout have a new reason to upgrade their software: It’s buggy.

Apple disclosed Friday that the iPhone 2.0 software, which can be downloaded by users of the previous-generation iPhone, fixes some bugs in the browser and networking software in that earlier device. Some of the browser bugs are serious and could give attackers a way to sneak malicious software onto the iPhone.

The update fixes seven Safari bugs and three flaws in the Web Kit browser engine used by Safari. One of the Web Kit flaws was exploited in March by Independent Security Evaluators Researcher Charlie Miller to hack into a MacBook Air laptop to win a well-publicized hacking contest.

Friday’s update also fixes networking bugs in the Mac OS kernel software and CFNetwork software used by the iPhone.

Although the iPhone has not been the target of any known attacks, the iPhone 2.0 patch is worth downloading, said David Marcus, a security research manager with McAfee. “If you look at what the bad guys are looking at, browsers are certainly high on their list,” he said. “It’s important that when patches are released, people update as soon as they can.”

The iPhone 2.0 software has a few other bells and whistles to encourage the upgrade, such as support for Cisco VPN connections and Microsoft Exchange ActiveSync. It also has better e-mail and contact management features, Apple says.

The update is also intended for iPod Touch users, Apple said. People who buy the iPhone 3G shouldn’t need to do anything because the iPhone 2.0 software comes preloaded on that device.

Apple’s last set of security fixes for the iPhone came out Jan. 15.