Slashdot Mirror
Apple iPhone v1.0.1 Update Now Available
The Webguy writes "Apple has released the first update for the iPhone. Updated components in the v1.0.1 update include Safari, the WebCore, and the WebKit. Quoting from the Apple Knowledge Base, the 'update is only available through iTunes, and will not appear in your computer's Software Update application, or on the Apple Support Downloads site.'" One source speculated that Apple wanted to get fixes in users' hands ahead of the Black Hat conference where details of early iPhone vulnerabilities could be revealed.
Like arbitrary coordinates or an address? Because it can bookmark addresses and searches. I have McCarran International Airport (Las Vegas) bookmarked on my phone right now.
iPhone v1.0.1 Update
Safari
CVE-ID: CVE-2007-2400
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site scripting
Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.
Safari
CVE-ID: CVE-2007-3944
Available for: iPhone v1.0
Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
WebCore
CVE-ID: CVE-2007-2401
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
CVE-ID: CVE-2007-3742
Available for: iPhone v1.0
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
WebKit
CVE-ID: CVE-2007-2399
Available for: iPhone v1.0
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
Don't blame me, I voted for Baltar.
You have to press the "Check for Updates" button in iTunes to get it. iTunes only auto-checks for updates every 7 days or so.
Its not what it is, its something else.
I agree. (For all the sense of the score you received, this should earn me a score of -2!)
Its nine oclock on a saturday
Yes it is checking the install for integrity... and it looks like it wipes out phones with some mods. It is not clear yet what mods trigger a complete wipe. It looks like ringtones and minor mods will survive the update. People are still testing.
VPN connections work correctly now. Before, it wouldn't save my PPTP password and then when it connected it would bring up a password entry box with only numeric characters allowed. I didn't try VPN with a password not saved, but at least saved password behavior is correct.
The update took around 7-8 minutes altogether. Left a ".ipsw" file in my ~/Library/iTunes/iPhone Software Updates folder which presumably contains the image.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
Well there is the fact that it doesn't break any of the existing hacks for the iPhone...
Hmm, probably an issue with the adapter itself. Here's a thread where people are saying they're pretty flaky: http://discussions.apple.com/thread.jspa?threadID= 1032995&tstart=0
Yep. It wiped my ringtones and my custom graphics. I thought this might happen. Now let's see if it actually fixed Safari so it doesn't crash every 10 minutes.
The funny thing is, if there's enough of Mac OS X in there, it should be theoretically possible to port Inkwell to the iPhone. I'm sure Apple is thinking about this.
I don't think they are, because the finger is a terrible writing implement - that would be far more suited to a stylus I think.
And Palm? It seems to me that about the only chance Palm has for continued existence is to go back to their roots and release Graffiti (v1, not v2, now that the lawsuit is settled) for the iPhone. You *do* know that Palm's original product was Graffiti, right? And that one of the platforms it ran on was the Newton MessagePad?
Yes, but the Newton was always more about pure text entry with the stylus, the Palm stuff really wasn't as useful on the Newton. Palm/Grafitti really came into its own with a dedicated OS, I had a few Palm Pilots and I loved them. They went to a place with the Treo I could not follow.
Honestly, I hope Palm does well with the Foleo, because it embodies in many ways ideas that I've had about the future of mobile computing for a long time. It's just that given Palm's recent history, I doubt that it's going to thrive.
The problem with the folio is that it's plainly positioned as an adjunct device to other smartphones, and unless Apple opens up the iPhone enough it can interoperate well... I'm not sure how well they will fare. I also do not wish Palm ill, but I'm not sure they have made good choices in the last few years.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
When you are at the area you want to save, search for a road name visible on the map. Searches take place primarily in the area you are viewing, so if the road is small enough you'll get a pretty exact location you can bookmark to return to that area.
If you use a major road name, the location chosen might be in the middle of the stretch of roadway, so try to use smaller streets if you can.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
(it is called itunes, no?) Am I the only one who finds it amusing that people are so desperate to find something, anything, negative to say about the iPhone that they pick something like this to complain about? That, and if you're on a PC and going to sync an iPhone, which includes an iPod (needs iTunes), why would you want _another_ app to do the syncing of the stuff on the iPhone that isn't music? It's the most logical place for that functionality.
Jailbreak is the primary tool used to enter commands into the iphone. It works. So, it looks like you want to unmod your phone, and it'll be possible to apply the patch, the re-mod it.