iOS 4.2 - Neuerungen und Verbesserungen für das iPhone

iOS 4.2 - Neuerungen und Verbesserungen für das iPhone

Apple hat das iOS 4.2 Software-Update für iPhone 3G, iPhone 3GS sowie für den iPhone 4 freigegeben und zum kostenlosen Download über die Apple iTunes-Aktualisierung bereitgestellt. Hier werden die Neuerungen und Verbesserungen aufgelistet die auf dem iPhone 3G, dem iPhone 3GS sowie auf dem iPhone 4 durch das iOS 4.2 Software-Update Einzug halten werden…

iOS 4.2.1 Software-Update für iPhone

Neue Funktionen im iOS 4.2 Software-Update für das iPhone

Das iOS 4.2 Software-Update für iPhone 3G, iPhone 3GS sowie für den iPhone 4 wird unteranderem diese Neuerungen und Verbesserungen enthalten:

AirPrint

  • Mit AirPrint ist es ganz einfach, Mails, Fotos, Webseiten und Dokumente direkt vom iPhone, iPad oder iPod touch zu drucken. Nur ein paar Fingertipps und schon hast du das, was du eben noch auf dem Display gesehen hast, als Ausdruck in der Hand. Du musst dazu keine Software laden, keine Treiber installieren und keine Kabel anschließen.

AirPlay

  • Mit AirPlay kannst du digitale Medien von deinem iPhone, iPad und iPod touch drahtlos an dein Apple TV und AirPlay fähige Lautsprecher streamen. So siehst du Filme und Fotos auf dem HD Fernseher und hörst Musik auf deinen besten Lautsprechern.

iPhone, iPad oder iPod touch suchen

  • Die MobileMe Funktion zum Suchen von iPhone, iPad oder iPod touch hilft dir, dein Gerät wiederzufinden und die Daten darauf zu schützen. Sie ist jetzt für alle iPhone 4, iPad oder iPod touch Geräte der 4. Generation mit iOS 4.2 kostenlos.3 Nachdem du die Funktion eingerichtet hast, kannst du dein Gerät auf einer Karte finden, eine Nachricht auf dem Display anzeigen, per Fernzugriff einen Code festlegen und alle Daten darauf fernlöschen. Und falls du dein iPhone, iPad oder deinen iPod touch doch wiederfindest, stellst du einfach alle Daten mithilfe deiner letzten Datensicherung wieder her.

"Mein iPhone suchen" in Aktion sehen

  • Wenn du iOS 4.2 geladen hast, kannst du diese neue Funktion ganz leicht aktivieren - direkt auf deinem Gerät. Informier dich, wie du dein iPhone, dein iPad oder deinen iPod touch einrichtest.

Weitere Funktionen von iOS 4.2 für iPhone

Game Center

  • Das Netzwerk für Spielefans. Finde Freunde oder tritt mit Auto-Match in Multiplayer-Spielen gegen neue Gegner an. Behalte Erfolge im Blick und vergleiche Ranglisten.

Filme bei iTunes ausleihen

  • Leih dir Filme aus einer riesigen Auswahl und sieh sie dir in wenigen Minuten an.

Noch besseres Mail

  • Sieh dir die Nachrichten aller Mail Accounts in einem einheitlichen Postfach an, folge Nachrichten mit den Threads und öffne Anhänge mit Apps anderer Anbieter.

Textsuche auf Webseiten

  • In Safari kannst du eine schnelle Textsuche durchführen, um selbst auf den längsten Webseiten bestimmte Wörter oder Wortgruppen zu finden.

Notizen mit Stil

  • Mach deine Notizen mit neuen Schriften wie Marker Felt, Helvetica und Chalkboard noch ein bisschen persönlicher.

Kalendereinladungen beantworten

  • Beantworte Einladungen aus Kalenderdiensten wie Yahoo!, Google und Microsoft Exchange direkt aus der integrierten Kalenderapp.

Erweiterungen für Tastatur und Wörterbuch

  • iOS 4.2 unterstützt mehr als 50 Sprachen und Dialekte mit über 30 neuen internationalen Tastaturen und Wörterbüchern für das iPad.

Noch bessere Bedienungshilfen

  • Steuer VoiceOver über eine drahtlose Tastatur. Du kannst auch Blindenschrift mit über 30 unterstützten drahtlosen Braillezeilen in mehr als 25 Sprachen ausgeben.

Noch bessere Features für Unternehmen

  • Unternehmen können die Vorteile der noch besseren Sicherheitsfunktionen, die erweiterte Geräteverwaltung und die optimierte Unternehmensintegration nutzen.

Neue Töne für Nachrichten

  • Jetzt weißt du auch ohne aufs Display zu schauen, von wem die Nachricht ist. Du kannst nämlich aus 17 neuen Tönen wählen und sie deinen Kontakten individuell zuordnen. (Nur beim iPhone).

Informationen über den Sicherheitsinhalt des iOS 4.2 Update für iPhone, iPad und iPod touch

In diesem Dokument finden Sie Informationen zum iOS 4.2 Update für iPhone, iPad und iPod touch, das Sie über iTunes laden und installieren können.

Configuration Profiles - CVE-ID: CVE-2010-3827

  • Impact: A user may be misled into installing a maliciously crafted configuration profile
  • Description: A signature validation issue exists in the handling of configuration profiles. A maliciously crafted configuration profile may appear to have a valid signature in the configuration installation utility. This issue is addressed through improved validation of profile signatures.

CoreGraphics - CVE-ID: CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054

  • Impact: Multiple vulnerabilities in FreeType 2.4.1
  • Description: Multiple vulnerabilities exist in FreeType 2.4.1, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/

FreeType - CVE-ID: CVE-2010-3814

  • Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution
  • Description: A heap buffer overflow exists in FreeType's handling of TrueType opcodes. Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

iAd Content Display - CVE-ID: CVE-2010-3828

  • Impact: An attacker in a privileged network position may be able to cause a call to be initiated
  • Description: A URL handling issue exists in iAd Content Display. An iAd is requested by an application, either automatically or through explicit user action. By injecting the contents of a requested ad with a link containing a URL scheme used to initiate a call, an attacker in a privileged network position may be able to cause a call to occur.

ImageIO - CVE-ID: CVE-2010-2249, CVE-2010-1205

  • Impact: Multiple vulnerabilities in libpng
  • Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.

libxml - CVE-ID: CVE-2010-4008

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in libxml's xpath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of xpaths.

Mail - CVE-ID: CVE-2010-3829

  • Impact: Mail may resolve DNS names when remote image loading is disabled
  • Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the prefetch even if remote image loading is disabled. This may result in undesired requests to remote servers. The sender of an HTML-formatted email message could use this to determine whether the message was viewed. This issue is addressed by disabling DNS prefetching when remote image loading is disabled.

Networking - CVE-ID: CVE-2010-1843

  • Impact: A remote attacker may cause an unexpected system shutdown
  • Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. This issue does not affect devices running iOS versions prior to 3.2.

Networking - CVE-ID: CVE-2010-3830

  • Impact: Malicious code may gain system privileges
  • Description: An invalid pointer reference exists in Networking when handling packet filter rules. This may allow malicious code running in the user's session to gain system privileges. This issue is addressed through improved handling of packet filter rules.

OfficeImport  - CVE-ID: CVE-2010-3786

  • Impact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in OfficeImport's handling of Excel files. Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue was addressed on iPhones in iOS 4.

Photos - CVE-ID: CVE-2010-3831

  • Impact: "Send to MobileMe" may result in the disclosure of the MobileMe account password
  • Description: The Photos application allows users to share their pictures and movies through various means. One way is the "Send to MobileMe" button, which uploads the selected contents to the user's MobileMe Gallery. The Photos application will use HTTP Basic authentication if no other authentication mechanism is presented as available by the server. An attacker with a privileged network position may manipulate the response of the MobileMe Gallery to request basic authentication, resulting in the disclosure of the MobileMe account password. This issue is addressed by disabling support for Basic authentication.

Safari - CVE-ID: CVE-2009-1707

  • Impact: "Reset Safari" may not immediately remove website passwords from memory
  • Description: After clicking the "Reset" button for "Reset saved names and passwords" in the "Reset Safari..." menu option, Safari may take up to 30 seconds to clear the passwords. A user with access to the device in that time window may be able to access the stored credentials. This issue is addressed by resolving the race condition that led to the delay.

Telephony - CVE-ID: CVE-2010-3832

  • Impact: A remote attacker may be able to cause arbitrary code execution
  • Description: A heap buffer overflow exists in the handling of Temporary Mobile Subscriber Identity (TMSI) fields in GSM mobility management. This may allow a remote attacker to cause arbitrary code execution on the baseband processor. This issue is addressed through improved bounds checking.

WebKit - CVE-ID: CVE-2010-3803

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An integer overflow exists in WebKit's handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

WebKit - CVE-ID: CVE-2010-3824

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to wushi of team509 for reporting this issue.

WebKit - CVE-ID: CVE-2010-3816

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling.

WebKit - CVE-ID: CVE-2010-3809

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue exists in WebKit's handling of inline styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of inline styling.

WebKit - CVE-ID: CVE-2010-3810

  • Impact: A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history
  • Description: A cross-origin issue exists in WebKit's handling of the History object. A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history. This issue is addressed through improved tracking of security origins.

WebKit - CVE-ID: CVE-2010-3805

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An integer underflow exists in WebKit's handling of WebSockets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

WebKit - CVE-ID: CVE-2010-3823

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling of Geolocation objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling.

WebKit - CVE-ID: CVE-2010-3116

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple use after free issues exist in WebKit's handling of plug-ins. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory handling.

WebKit - CVE-ID: CVE-2010-3812

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An integer overflow exists in WebKit's handling of Text objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit - CVE-ID: CVE-2010-3808

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue exists in WebKit's handling of editing commands. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editing commands.

WebKit - CVE-ID: CVE-2010-3259

  • Impact: Visiting a malicious website may lead to the disclosure of image data from another website
  • Description: A cross-origin issue exists in WebKit's handling of images created from "canvas" elements. Visiting a malicious website may lead to the disclosure of image data from another website. This issue is addressed through improved tracking of security origins.

WebKit - CVE-ID: CVE-2010-1822

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue exists in WebKit's handling of SVG elements in non-SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG elements.

WebKit - CVE-ID: CVE-2010-3811

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling of element attributes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling.

WebKit - CVE-ID: CVE-2010-3817

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue exists in WebKit's handling of CSS 3D transforms. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS 3D transforms.

WebKit - CVE-ID: CVE-2010-3818

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling of inline text boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling.

WebKit - CVE-ID: CVE-2010-3819

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue exists in WebKit's handling of CSS boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS boxes.

WebKit - CVE-ID: CVE-2010-3820

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An uninitialized memory access issue exists in WebKit's handling of editable elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editable elements.

WebKit - CVE-ID: CVE-2010-1789

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

WebKit - CVE-ID: CVE-2010-1806

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of object pointers.

WebKit - CVE-ID: CVE-2010-3257

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

WebKit - CVE-ID: CVE-2010-3826

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue exists in WebKit's handling of colors in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of colors in SVG documents.

WebKit - CVE-ID: CVE-2010-1807

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An input validation issue exists in WebKit's handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of floating point values.

WebKit - CVE-ID: CVE-2010-3821

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in WebKit's handling of the ':first-letter' pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ':first-letter' pseudo-element.

WebKit - CVE-ID: CVE-2010-3804

  • Impact: Websites may surreptitiously track users
  • Description: Safari generates random numbers for JavaScript applications using a predictable algorithm. This may allow a website to track a particular Safari session without using cookies, hidden form elements, IP addresses, or other techniques. This update addresses the issue by using a stronger random number generator.

WebKit - CVE-ID: CVE-2010-3813

  • Impact: WebKit may perform DNS prefetching even when it is disabled
  • Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the operation even if prefetching is disabled. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed through improved handling of DNS prefetching requests. Credit to Jeff Johnson of Rogue Amoeba Software for reporting this issue.

WebKit - CVE-ID: CVE-2010-3822

  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An uninitialized pointer issue exists in WebKit's handling of CSS counter styles. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS counter styles. Credit to kuzzcc for reporting this issue.

WebKit

  • Impact: A maliciously crafted website may be able to determine which sites a user has visited
  • Description: A design issue exists in WebKit's handling of the CSS :visited pseudo-class. A maliciously crafted website may be able to determine which sites a user has visited. This update limits the ability of web pages to style pages based on whether links are visited.

Multiple components - CVE-ID: CVE-2010-0051, CVE-2010-0544, CVE-2010-0042, CVE-2010-1384, CVE-2010-1387, CVE-2010-1392, CVE-2010-1394, CVE-2010-1403, CVE-2010-1405, CVE-2010-1407, CVE-2010-1408, CVE-2010-1410, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1421, CVE-2010-1422, CVE-2010-1757, CVE-2010-1758, CVE-2010-1764, CVE-2010-1770, CVE-2010-1771, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1791, CVE-2010-1793, CVE-2010-1811, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815

  • Impact: Multiple security fixes in iOS for iPad
  • Description: This update incorporates security fixes that were provided for iPhone and iPod touch in iOS 4 and iOS 4.1.

Diesen Artikel auf Twitter, Google+ oder Facebook weiterempfehlen

Artikel auf Twitter empfehlen Artikel auf Google+ empfehlen Artikel auf Facebook empfehlen
Kommentare sind geschlossen
Copyright © 2014 Valdet Beqiraj it-blogger.net