Apple plugs iPhone security flaw

Apple Inc. issued its first software update to its iPhone mobile device on Tuesday, patching security holes in the Safari web browser.

The iPhone update primarily plugs a vulnerability in Safari that could be exploited to allow hackers to take control of the hand-held device.

The vulnerability, first reported by Baltimore, Md.-based Independent Security Evaluators, was set to be detailed at a Thursday briefing at the Black Hat computer security conference in Las Vegas.

ISE security expert Charlie Miller wrote last week that the vulnerability could be exposed via a malicious web page opened with Safari on the iPhone. The iPhone user can be tricked into opening the web page either through an attacker controlled wireless access point or a link delivered via e-mail or text message. A modified version of the exploit can also be delivered through a forum website that lacks proper security measures.

Apple also said the update also closes two other vulnerabilities that allowed malicious web users to inject code into web pages viewed by users.

The update comes on the same day the company released security updates to several versions of its OS X operating system, plugging dozens of vulnerabilities or bugs.

The iPhone update is available for download on the company's iTunes website, while the OS X updates are found on a separate page for security updates.