Apple iPhone, iPod touch Security Patch: What's Fixed

The five security fixes are related to CoreAudio, ImageIO, Recovery Mode and WebKit.

The CoreAudio patch prevents "maliciously crafted" MP4 audio files from wreaking havoc, such as terminating programs or running rogue code. The ImageIO fix blocks malicious TIFF images from performing similar voodoo when users view them.

The Recovery Mode update prevents someone with physical access to a locked iPhone or iPod touch from bypassing the passcode and accessing your data. It corrects a memory corruption glitch in the handling of a USB control message that allowed the security breach.

WebKit gets two patches. One corrects an HTML 5-related problem that may cause mail to load remote audio and video files when remote image-loading is turned off. The second blocks WebKit from accessing a malicious FTP server.

The minor upgrades in iPhone OS version 3.1.3 correct a bug that causes apps to crash when using a Japanese Kana keyboard, and improve the accuracy of battery-level reporting on the iPhone 3GS.

The iPhone OS patch comes hot on the heels of Monday's iTunes 9.0.3 update, which remedies the problem of iTunes forgetting user passwords, and fixes glitches with iPod syncing. It also improves iTunes' stability and performance.