Apple has had problems with the iPhone's password-locking feature before. In August 2008, a researcher discovered a bug that allowed users to bypass a password-protected lock had resurfaced in iPhone 2.0. Apple quickly confirmed the bug and patched it a month later.
Users can wait out the update interval -- iTunes automatically checks Apple's update servers once a week -- or retrieve iPhone 3.1 manually by selecting "Check for Update" under the iTunes Help menu and then docking the iPhone to a PC or Macintosh.
Apple also updated QuickTime for both the Mac and Windows to version 7.6.4, fixing four flaws, all critical.
According to Apple's advisory, all four vulnerabilities involved QuickTime's handling of file formats, a common cause of the player's problems. Two of the vulnerabilities related to improper parsing of H.264 movie files, while the remaining pair were due to issues in handling MPEG-4 video files and FlashPix image files.
"These are the kinds of bugs one would come to expect from QuickTime," said Andrew Storms, director of security operations at nCircle Network Security, echoing comments regularly made by experts about QuickTime's knack for harboring file format flaws.
Two of the four vulnerabilities were reported to Apple by 3Com TippingPoint's bug bounty program, Zero Day Initiative (ZDI). Three months ago, when Apple last patched QuickTime, six of the 10 flaws had been reported by the ZDI program.
Monday's update was Apple's third this year for the player, which has been patched against 21 vulnerabilities so far in 2009; last year, Apple patched 30 QuickTime bugs.
Updating to QuickTime 7.6.4, however, will disable the QuickTime Pro functionality of versions earlier than v. 7, Apple acknowledged in a separate support document. QuickTime 6 Pro users, for example, will need to buy the $29.99 QuickTime 7 Pro activation code to restore the lost features if they upgrade to 7.6.4.
Mac users can upgrade to QuickTime 7.6.4 using the operating system's built-in Software Update feature, while Windows users can either download the new QuickTime from Apple's site or use the optional Windows update tool.