Most Popular
| Top Stories | Latest | Featured |
Fallout 3 goes gold, gets leaked on torrent sites
New Xbox 360 Experience to arrive next month
Apple confirms notebook event next week
Apple preparing to release $800 MacBook?
Circuit City in trouble, going the way of the dodo?
Asustek planning touch-screen Eee PC?
TechSpot RSSIT
Apple releases iPhone firmware update v1.0.1
It has been little over a month since the iPhone first debuted on June 29 and Apple has already released the first firmware update for the device. The iPhone firmware update v1.0.1 will be delivered through iTunes when syncing with a Mac or PC.
Firmware v1.0.1 corrects a few flaws found in Webcore and Webkit, but perhaps most importantly, the upgrade closes the Safari Browser security breach discovered earlier this month, which allowed malicious pages to take total control of an iPhone.
Users with hacked iPhones may want to hold off for a bit, as there have been some reports circulating around the web that the update forced a full system wipe on such phones. Nevertheless, the iPhones are reportedly still functional. You can read the full Apple iPhone security bug fixes list in the comments section.
Related Stories
User Comments (1)
Post a comment| JosVilches on July 31, 2007 10:15 PM | Full Apple iPhone security bug fixes list
Safari CVE-ID: CVE-2007-2400 Available for: iPhone v1.0 Impact: Visiting a malicious website may allow cross-site scripting Description: Safari's security model prevents java script in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow java script from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue. Safari CVE-ID: CVE-2007-3944 Available for: iPhone v1.0 Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the java script engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of java script regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues. WebCore CVE-ID: CVE-2007-2401 Available for: iPhone v1.0 Impact: Visiting a malicious website may allow cross-site requests Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue. WebKit CVE-ID: CVE-2007-3742 Available for: iPhone v1.0 Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check. WebKit CVE-ID: CVE-2007-2399 Available for: iPhone v1.0 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
|
