Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple iPhone v1.0.1 Update Now Available

Posted by kdawson on from the more-better-security dept.

The Webguy writes "Apple has released the first update for the iPhone. Updated components in the v1.0.1 update include Safari, the WebCore, and the WebKit. Quoting from the Apple Knowledge Base, the 'update is only available through iTunes, and will not appear in your computer's Software Update application, or on the Apple Support Downloads site.'" One source speculated that Apple wanted to get fixes in users' hands ahead of the Black Hat conference where details of early iPhone vulnerabilities could be revealed.

7 of 279 comments (clear)

  1. A Description of the Patches from Apple: by iluvcapra · · Score: 5, Informative



    iPhone v1.0.1 Update

    Safari

    CVE-ID: CVE-2007-2400

    Available for: iPhone v1.0

    Impact: Visiting a malicious website may allow cross-site scripting

    Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

    Safari

    CVE-ID: CVE-2007-3944

    Available for: iPhone v1.0

    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

    Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

    WebCore

    CVE-ID: CVE-2007-2401

    Available for: iPhone v1.0

    Impact: Visiting a malicious website may allow cross-site requests

    Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

    WebKit

    CVE-ID: CVE-2007-3742

    Available for: iPhone v1.0

    Impact: Look-alike characters in a URL could be used to masquerade a website

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

    WebKit

    CVE-ID: CVE-2007-2399

    Available for: iPhone v1.0

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

    --
    Don't blame me, I voted for Baltar.
    1. Re:A Description of the Patches from Apple: by chefmonkey · · Score: 5, Funny

      Viewing a maliciously crafted web page may lead to arbitrary code execution

      Arbitrary code execution? But isn't that what every iPhone user has been clamoring for?
  2. My iPhone seems fine... by qualidafial · · Score: 5, Funny

    I'm writing this message from my iPhone and haven't noticed any problems at ~£]+~}2(&"@NO CARRIER

  3. Copy/paste by Anonymous Coward · · Score: 5, Funny

    It's informative because he did it on an iPhone! (Haha, I made a funny! You can't copy/paste on an iPhone!!) :-P

  4. Sooooo.... by kollywabbles · · Score: 5, Funny

    can I replace the battery now?

    --
    put it in the bit bucket
  5. Re:oops by stonedcat · · Score: 5, Funny

    Your struggle had me gripping the edge of my seat.

    --
    You can't take the sky from me.
  6. In Your Face "Enterprise" iPhone Bashers by gig · · Score: 5, Interesting

    This is the first time ever that a vulnerability has been found in a smart phone and it's been patched ahead of the public demo of the exploit.

    There is this meme that the iPhone is not ready for the enterprise because it doesn't have MAPI and special I-T management tools. Yet here we have the first vulnerability in the iPhone and it is promptly patched through a system that will distribute the patches very quickly and easily. A stark contrast to other mobiles. There are multiple holes in Symbian and of course Windows Mobile that remain completely unpatched. Nobody knows when that is going to change. For all the enterprise bluster around those systems they are not patching zero-day exploits.

    There are many reasons that the Mac is more secure than Windows, but a big reason is that OS X is such a moving target. Every quarter for 5 years there has been a new version which updates itself automatically. Exploits are made less valuable not just because of the smaller user base than Windows, but also because of the short shelf life of each OS version. The vast majority of Mac users are using the very latest OS and have all the patches applied even though the vast majority of Mac users have no I-T staff and no I-T skills.

    When the iPhone first shipped and people started hacking it, there was a lot of talk then that every hack may be temporary, a software update could come down through iTunes at any time and reset the game. There is nothing like that protecting any other mobile.