toggle

AAPL Stock: 97.46 ( + 2.74 )

Printed from http://www.macnn.com

Apple releases iPhone 1.01 firmware

updated 08:50 pm EDT, Tue July 31, 2007

iPhone 1.01 firmware

Apple today released an iPhone firmware update via its iTunes software, which it says brings several bug fixes. Though the company did not specify the bug fixes or additional features, if any, the company has provided the update to all customers who sync their iPhone with iTunes, offering the ability to download the software or download and install the software. The update, only available via iTunes, takes several minutes and users are greeted with the standard white Apple logo and white progress bar on the iPhone as well as a progress bar on their desktop while the updated is being applied to the device. Apple's security website notes indicate that the update fixes a critical Safari bug that allowed malicious users to take control of an iPhone (updates for Mac OS X Tiger/Panther and Safari 3.03 beta for Windows are also available).












  • Safari (CVE-ID: CVE-2007-2400):

    Impact: Visiting a malicious website may allow cross-site scripting.

    Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

  • Safari (CVE-ID: CVE-2007-3944)

    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution.

    Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

  • WebCore (CVE-ID: CVE-2007-2401)

    Impact: Visiting a malicious website may allow cross-site requests.

    Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

  • WebKit (CVE-ID: CVE-2007-3742)

    Impact: Look-alike characters in a URL could be used to masquerade a website.

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

  • WebKit (CVE-ID: CVE-2007-2399)

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

    Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.





by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. cambie

    Joined: Dec 1969

    0

    verified

    Took a while to actually update it seemed, and I noticed the first thing it did was verify the current software installed in the iPhone. I'm curious to see how this update affects all of those who installed custom ringtones and other customizations.

  1. Zaud

    Joined: Dec 1969

    0

    hangs?

    I'm stuck at half-way - anyone else? I've been waiting for about 10 minutes with the status bar on both my MacBook Pro and the iPhone stuck at just almost half-way.

    Is it just slow? How can you tell it's verifying the software?

  1. milhouse

    Joined: Dec 1969

    0

    Custom ringtones are gone

    The firmware update removed my custom ringtones. I haven't tried to use the SW to add them again. Not sure if it's blocked or not.

    YMMV

  1. David Esrati

    Joined: Dec 1969

    0

    Still no contact search

    Update went smooth, haven't noticed any problems. Still no search for contacts- and I can only sync one calendar- without the iPhone is disconnected error.

  1. benj

    Joined: Dec 1969

    0

    Smooth update

    no here has said snappier, but i swear it is...

  1. Feathers

    Joined: Dec 1969

    0

    honourable

    Credit should go to Apple for a) Acknowledging the existence of these security issues. b) Fixing them and c) Crediting those who brought the issues to Apple's attention. Rather more open and transparent than certain other companies that could be mentioned.

  1. ttrostel

    Joined: Dec 1969

    0

    Nice to see

    Yes ... and it has the benefit of encouraging like behavior in the future. Thats a bonus for both the company and its customers. Well done Apple!

  1. Guest

    Joined: Dec 1969

    0

    Multimedia messaging???

    Does this update give the iPhone the ability to receive multimedia (pictures) along with a text message?

  1. Person Man

    Joined: Dec 1969

    0

    Giving credit

    Apple has done a good job of crediting those who find and report issues when they release fixes. They've done this for several years now.

    I think giving credit where it is due is a good thing, EXCEPT when the finder pulls stunts like, "I'm not going to tell Apple yet. I'll tell them eventually." (What's left unsaid, "So I and others can have 'fun' with it first), or "release a fix in one week or we release details to the public" (i.e. extortion). Those people don't deserve credit.

    Give credit to the RESPONSIBLE security researchers only.

  1. jhawk95

    Joined: Dec 1969

    0

    Choose RingTones Again?

    Ok, so we all know it wipes out custom ring-tones and those have to be hacked back onto the phone.... but what happens to all the contacts that you have chosen a custom ringtone for? If you immediately re-load the music will each contact still recognize the custom ringtone and still play it? Or do you have to go to each contact and re-select the correct song for that contact?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, ...

toggle

Most Commented