Apple has issued an advisory regarding security enhancements included in the iPhone OS 3.0 release Wednesday.

Here is a synopsis of the 46 iPhone security vulnerabilities addressed by the latest operating-system update for the iPhone and iPod Touch. As may be expected, many of these security patches focus on the Web-browsing framework WebKit.

CoreGraphics Changes to CoreGraphics prevent maliciously crafted image and PDF files from causing unexpected application termination or arbitrary code execution; vulnerabilities causing the same problems in FreeType v2.3.8 were also patched.

Exchange Changes were made to prevent a user from connecting to a malicious Exchange server that could lead to the disclosure of sensitive information by adding improvements to the handling of untrusted certificate exceptions.

ImageIO Changes to ImageIO prevent the use of maliciously crafted PNG images from causing unexpected application termination or arbitrary code execution.

International Components for Unicode Changes to Unicode prevent the use of maliciously crafted content that may bypass Web site filters and result in cross-site scripting.

IPSec Changes to IPSec patch multiple vulnerabilities in the racoon daemon that may lead to a denial-of-service attack.

Libxml Changes to XML library Libxml patch multiple vulnerabilities in Libxml2 version 2.6.16.

Mail Changes were made to the Mail app to give users control over the loading of remote images in HTML messages (see below). Additionally, the app was changed to prevent an application from causing an alert to appear that may be used to initiate a phone call without user interaction.

(You may read the full article from here: cnet)