Apple released iOS 4.2.1 for iPhone, iPad, and iPod touch, and the security patch notes show the release includes 41 security fixes, many of them for serious issues. Updated components include an issue effecting configuration profiles, graphics, fonts, an issue with iAd, Mail, a networking issue, one issue specific to Safari, and then a metric tonne of fixes for Webkit, the rendering engine used by Safari and other iOS apps that display Web pages.

You can update your iOS device through iTunes.

We’re including the full security patch notes for your convenience:

iOS 4.2 Security Patch Notes:

• Configuration Profiles

  CVE-ID: CVE-2010-3827

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: A user may be misled into installing a maliciously crafted configuration profile

  Description: A signature validation issue exists in the handling of configuration profiles. A maliciously crafted configuration profile may appear to have a valid signature in the configuration installation utility. This issue is addressed through improved validation of profile signatures. Credit to Barry Simpson of Bomgar Corporation for reporting this issue.

• CoreGraphics

  CVE-ID: CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Multiple vulnerabilities in FreeType 2.4.1

  Description: Multiple vulnerabilities exist in FreeType 2.4.1, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/

• FreeType

  CVE-ID: CVE-2010-3814

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution

  Description: A heap buffer overflow exists in FreeType’s handling of TrueType opcodes. Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

• iAd Content Display

  CVE-ID: CVE-2010-3828

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: An attacker in a privileged network position may be able to cause a call to be initiated

  Description: A URL handling issue exists in iAd Content Display. An iAd is requested by an application, either automatically or through explicit user action. By injecting the contents of a requested ad with a link containing a URL scheme used to initiate a call, an attacker in a privileged network position may be able to cause a call to occur. This issue is addressed by ensuring that the user is prompted before a call is initiated from a link. Credit to Aaron Sigel of vtty.com for reporting this issue.

• ImageIO

  CVE-ID: CVE-2010-2249, CVE-2010-1205

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Multiple vulnerabilities in libpng

  Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html

• libxml

  CVE-ID: CVE-2010-4008

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in libxml’s xpath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of xpaths. Credit to Bui Quang Minh from Bkis (www.bkis.com) for reporting this issue.

• Mail

  CVE-ID: CVE-2010-3829

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Mail may resolve DNS names when remote image loading is disabled

  Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the prefetch even if remote image loading is disabled. This may result in undesired requests to remote servers. The sender of an HTML-formatted email message could use this to determine whether the message was viewed. This issue is addressed by disabling DNS prefetching when remote image loading is disabled. Credit to Mike Cardwell of Cardwell IT Ltd. for reporting this issue.

• Networking

  CVE-ID: CVE-2010-1843

  Available for: iOS 4.0 through 4.1 for iPhone 3GS and later, iOS 4.0 through 4.1 for iPod touch (3rd generation), iOS 3.2 through 3.2.2 for iPad

  Impact: A remote attacker may cause an unexpected system shutdown

  Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. Credit to an anonymous researcher working with TippingPoint’s Zero Day Initiative for reporting this issue. This issue does not affect devices running iOS versions prior to 3.2.

• Networking

  CVE-ID: CVE-2010-3830

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Malicious code may gain system privileges

  Description: An invalid pointer reference exists in Networking when handling packet filter rules. This may allow malicious code running in the user’s session to gain system privileges. This issue is addressed through improved handling of packet filter rules.

• OfficeImport
  
  CVE-ID: CVE-2010-3786
  
  Available for: iOS 3.2 through 3.2.2 for iPad
  
  Impact: Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution
  
  Description: A memory corruption issue exists in OfficeImport’s handling of Excel files. Viewing a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue was addressed on iPhones in iOS 4. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.

• Photos

  CVE-ID: CVE-2010-3831

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: “Send to MobileMe” may result in the disclosure of the MobileMe account password

  Description: The Photos application allows users to share their pictures and movies through various means. One way is the “Send to MobileMe” button, which uploads the selected contents to the user’s MobileMe Gallery. The Photos application will use HTTP Basic authentication if no other authentication mechanism is presented as available by the server. An attacker with a privileged network position may manipulate the response of the MobileMe Gallery to request basic authentication, resulting in the disclosure of the MobileMe account password. This issue is addressed by disabling support for Basic authentication. Credit to Credit to Aaron Sigel of vtty.com for reporting this issue.

• Safari

  CVE-ID: CVE-2009-1707

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: “Reset Safari” may not immediately remove website passwords from memory

  Description: After clicking the “Reset” button for “Reset saved names and passwords” in the “Reset Safari…” menu option, Safari may take up to 30 seconds to clear the passwords. A user with access to the device in that time window may be able to access the stored credentials. This issue is addressed by resolving the race condition that led to the delay. Credit to Philippe Couturier of izypage.com, and Andrew Wellington of The Australian National University for reporting this issue.

• Telephony

  CVE-ID: CVE-2010-3832

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 3.2 through 3.2.2 for iPad

  Impact: A remote attacker may be able to cause arbitrary code execution

  Description: A heap buffer overflow exists in the handling of Temporary Mobile Subscriber Identity (TMSI) fields in GSM mobility management. This may allow a remote attacker to cause arbitrary code execution on the baseband processor. This issue is addressed through improved bounds checking. Credit to Ralf-Philipp Weinmann of the University of Luxembourg for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3803

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An integer overflow exists in WebKit’s handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3824

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling “use” elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to wushi of team509 for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3816

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Rohit Makasana of Google Inc. for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3809

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An invalid cast issue exists in WebKit’s handling of inline styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of inline styling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3810

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history

  Description: A cross-origin issue exists in WebKit’s handling of the History object. A maliciously crafted website may be able to spoof the address in the location bar or add arbitrary locations to the history. This issue is addressed through improved tracking of security origins. Credit to Mike Taylor of Opera Software for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3805

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An integer underflow exists in WebKit’s handling of WebSockets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Keith Campbell, and Cris Neckar of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3823

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling of Geolocation objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to kuzzcc for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3116

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: Multiple use after free issues exist in WebKit’s handling of plug-ins. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory handling.

• WebKit

  CVE-ID: CVE-2010-3812

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An integer overflow exists in WebKit’s handling of Text objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 working with TippingPoint’s Zero Day Initiative for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3808

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An invalid cast issue exists in WebKit’s handling of editing commands. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editing commands. Credit to wushi of team509 for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3259

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a malicious website may lead to the disclosure of image data from another website

  Description: A cross-origin issue exists in WebKit’s handling of images created from “canvas” elements. Visiting a malicious website may lead to the disclosure of image data from another website. This issue is addressed through improved tracking of security origins. Credit to Isaac Dawson, and James Qiu of Microsoft and Microsoft Vulnerability Research (MSVR) for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-1822

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An invalid cast issue exists in WebKit’s handling of SVG elements in non-SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of SVG elements. Credit to wushi of team509 for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3811

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling of element attributes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Michal Zalewski for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3817

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An invalid cast issue exists in WebKit’s handling of CSS 3D transforms. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS 3D transforms. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3818

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling of inline text boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3819

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An invalid cast issue exists in WebKit’s handling of CSS boxes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS boxes. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3820

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An uninitialized memory access issue exists in WebKit’s handling of editable elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of editable elements. Credit: Apple.

• WebKit

  CVE-ID: CVE-2010-1789

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A heap buffer overflow exists in WebKit’s handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.

• WebKit

  CVE-ID: CVE-2010-1806

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of object pointers. Credit to wushi of team509, working with TippingPoint’s Zero Day Initiative for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3257

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A use after free issue exists in WebKit’s handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to VUPEN Vulnerability Research Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3826

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An invalid cast issue exists in WebKit’s handling of colors in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of colors in SVG documents. Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-1807

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An input validation issue exists in WebKit’s handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of floating point values. Credit to Luke Wagner of Mozilla for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3821

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: A memory corruption issue exists in WebKit’s handling of the ‘:first-letter’ pseudo-element in cascading stylesheets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of the ‘:first-letter’ pseudo-element. Credit to Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3804

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Websites may surreptitiously track users

  Description: Safari generates random numbers for JavaScript applications using a predictable algorithm. This may allow a website to track a particular Safari session without using cookies, hidden form elements, IP addresses, or other techniques. This update addresses the issue by using a stronger random number generator. Credit to Amit Klein of Trusteer for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3813

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: WebKit may perform DNS prefetching even when it is disabled

  Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the operation even if prefetching is disabled. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed trough improved handling of DNS prefetching requests. Credit to Jeff Johnson of Rogue Amoeba Software for reporting this issue.

• WebKit

  CVE-ID: CVE-2010-3822

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

  Description: An uninitialized pointer issue exists in WebKit’s handling of CSS counter styles. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS counter styles. Credit to kuzzcc for reporting this issue.

• WebKit

  Available for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad

  Impact: A maliciously crafted website may be able to determine which sites a user has visited

  Description: A design issue exists in WebKit’s handling of the CSS :visited pseudo-class. A maliciously crafted website may be able to determine which sites a user has visited. This update limits the ability of web pages to style pages based on whether links are visited.

• Multiple components

  CVE-ID: CVE-2010-0051, CVE-2010-0544, CVE-2010-0042, CVE-2010-1384, CVE-2010-1387, CVE-2010-1392, CVE-2010-1394, CVE-2010-1403, CVE-2010-1405, CVE-2010-1407, CVE-2010-1408, CVE-2010-1410, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1421, CVE-2010-1422, CVE-2010-1757, CVE-2010-1758, CVE-2010-1764, CVE-2010-1770, CVE-2010-1771, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1791, CVE-2010-1793, CVE-2010-1811, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815

  Available for: iOS 3.2 through 3.2.2 for iPad

  Impact: Multiple security fixes in iOS for iPad

  Description: This update incorporates security fixes that were provided for iPhone and iPod touch in iOS 4 and iOS 4.1.