Security firm warns lack of iOS 4.3 update leaves iPhone 3G vulnerable

Security company Sophos is warning iPhone 3G and older iPod touch owners that their devices could be vulnerable to attack following Apple's decision not to make the iOS 4.3 update available to them.

In addition to AirPlay improvements and iTunes Home Sharing, the iOS 4.3 update fixes a number of security holes, but it's only available for the iPhone 3GS, iPhone 4, the iPad and more recent iPod touch models.

"[I]f you have an earlier iPhone or iPod touch your device is probably vulnerable to attacks which exploit these security holes, and there is no official patch available for you to protect yourself. That's bad news for the many people who still have an iPhone 3G, for instance," says Graham Cluley, senior technology consultant at Sophos.

The security fixes are detailed in an Apple knowledgebase article. They protect against maliciously-crafted TIFF image files, which could be used to run malicious code on your device, as well as fixing many memory corruption issues in WebKit, the basis of the Safari web browser. Sophos warns this could lead to unauthorised code being executed.

Although none of these exploits have been found in the wild so far, owners of older Apple devices are still potentially vulnerable. "If you were looking for an excuse to upgrade your iPhone or iPod touch, maybe you've just been given a good one by Apple," says Cluley. "But if you were happy with your iPhone 3G, I doubt you're feeling too good about having to reach into your pocket."

[Via Computer Weekly]