AAPL Stock: 118.03 ( -0.85 )

Printed from

Apple releases iPhone 1.01 firmware

updated 08:50 pm EDT, Tue July 31, 2007

iPhone 1.01 firmware

Apple today released an iPhone firmware update via its iTunes software, which it says brings several bug fixes. Though the company did not specify the bug fixes or additional features, if any, the company has provided the update to all customers who sync their iPhone with iTunes, offering the ability to download the software or download and install the software. The update, only available via iTunes, takes several minutes and users are greeted with the standard white Apple logo and white progress bar on the iPhone as well as a progress bar on their desktop while the updated is being applied to the device. Apple's security website notes indicate that the update fixes a critical Safari bug that allowed malicious users to take control of an iPhone (updates for Mac OS X Tiger/Panther and Safari 3.03 beta for Windows are also available).

  • Safari (CVE-ID: CVE-2007-2400):

    Impact: Visiting a malicious website may allow cross-site scripting.

    Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

  • Safari (CVE-ID: CVE-2007-3944)

    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution.

    Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

  • WebCore (CVE-ID: CVE-2007-2401)

    Impact: Visiting a malicious website may allow cross-site requests.

    Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

  • WebKit (CVE-ID: CVE-2007-3742)

    Impact: Look-alike characters in a URL could be used to masquerade a website.

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

  • WebKit (CVE-ID: CVE-2007-2399)

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

    Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

by MacNN Staff




  1. cambie

    Joined: Dec 1969



    Took a while to actually update it seemed, and I noticed the first thing it did was verify the current software installed in the iPhone. I'm curious to see how this update affects all of those who installed custom ringtones and other customizations.

  1. Zaud

    Joined: Dec 1969



    I'm stuck at half-way - anyone else? I've been waiting for about 10 minutes with the status bar on both my MacBook Pro and the iPhone stuck at just almost half-way.

    Is it just slow? How can you tell it's verifying the software?

  1. milhouse

    Joined: Dec 1969


    Custom ringtones are gone

    The firmware update removed my custom ringtones. I haven't tried to use the SW to add them again. Not sure if it's blocked or not.


  1. David Esrati

    Joined: Dec 1969


    Still no contact search

    Update went smooth, haven't noticed any problems. Still no search for contacts- and I can only sync one calendar- without the iPhone is disconnected error.

  1. benj

    Joined: Dec 1969


    Smooth update

    no here has said snappier, but i swear it is...

  1. Feathers

    Joined: Dec 1969



    Credit should go to Apple for a) Acknowledging the existence of these security issues. b) Fixing them and c) Crediting those who brought the issues to Apple's attention. Rather more open and transparent than certain other companies that could be mentioned.

  1. ttrostel

    Joined: Dec 1969


    Nice to see

    Yes ... and it has the benefit of encouraging like behavior in the future. Thats a bonus for both the company and its customers. Well done Apple!

  1. Guest

    Joined: Dec 1969


    Multimedia messaging???

    Does this update give the iPhone the ability to receive multimedia (pictures) along with a text message?

  1. Person Man

    Joined: Dec 1969


    Giving credit

    Apple has done a good job of crediting those who find and report issues when they release fixes. They've done this for several years now.

    I think giving credit where it is due is a good thing, EXCEPT when the finder pulls stunts like, "I'm not going to tell Apple yet. I'll tell them eventually." (What's left unsaid, "So I and others can have 'fun' with it first), or "release a fix in one week or we release details to the public" (i.e. extortion). Those people don't deserve credit.

    Give credit to the RESPONSIBLE security researchers only.

  1. jhawk95

    Joined: Dec 1969


    Choose RingTones Again?

    Ok, so we all know it wipes out custom ring-tones and those have to be hacked back onto the phone.... but what happens to all the contacts that you have chosen a custom ringtone for? If you immediately re-load the music will each contact still recognize the custom ringtone and still play it? Or do you have to go to each contact and re-select the correct song for that contact?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented