Apple's first iPhone software update address security, bugs

Posted:
in iPhone edited January 2014
Apple on Tuesday evening addressed concerns about potentially dangerous security holes in the mobile version of its Safari web browser with the first ever software update to its new iPhone handset.



Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.



The latter scripting flaw was heavily publicized last week when consultants from Independent Security Evaluators used it to effectively hijack the phone's core functions.



Also addressed by software patch were three separate issues within the company's WebCore and WebKit platforms that form the backbone of Safari. Two of the fixes guard against false XML requests and frame rendering glitches that could be used to control the phone or crash the browser through memory errors.



Like recent iPod updates, the iPhone fix is downloadable solely through iTunes and can be installed the next time the phone is docked or detected by the jukebox software.



In a brief set of release notes, Apple said the iPhone software update also includes several "bug fixes." The company recommends that users install the patch "immediately."



«1

Comments

  • Reply 1 of 25
    rot'napplerot'napple Posts: 1,839member
    Quote:
    Originally Posted by AppleInsider View Post


    Apple has tackled concerns about potentially dangerous security holes in its mobile version of Safari with the first revision to the iPhone's code.



    Tuesday marked the release of Apple's first ever fix for the iPhone since the product's June 29th release and mends vulnerabilities relating to visiting malicious websites.



    First Post?! - Maybe...



    Any word on whether this patch just deals with Safari? What about the little idiosyncrasies of the other apps on the phone and the wishlists that have been reported on or dreamed about. What is it's status, anyone?
  • Reply 2 of 25
    mstonemstone Posts: 11,510member
    Cool deal
  • Reply 3 of 25
    donlphidonlphi Posts: 214member
    Anybody else have to restore their iPhone in order to install the update?



    It killed my ringtones. As soon as it's done installing, I'll let you know if I can use Jailbreak again.

  • Reply 4 of 25
    Quote:
    Originally Posted by donlphi View Post


    Anybody else have to restore their iPhone in order to install the update?



    It killed my ringtones. As soon as it's done installing, I'll let you know if I can use Jailbreak again.





    Yup. It gave me an error when trying to update normally when it was extracting or verifying, and now I'm restoring my iPhone as I type. It scared me at first because it was giving an unknown error when trying to restore, but it's working now...
  • Reply 5 of 25
    sandausandau Posts: 1,230member
    flawless install.



    and 1.0.1 1C25 is so much snappier than 1.0 (had to say it!!)



    lol.



    no new functionality but bug fixes are good before Aug 2!



    I really hope a lot of cool stuff comes with Leopard for the Apple TV and iPhone.
  • Reply 6 of 25
    desarcdesarc Posts: 642member
    iTunes will automatically check for an update again on 8/7/07.

    isn't that the day that apple is supposed to announce iMacs? perhaps a bit more than iMacs?
  • Reply 7 of 25
    mrjoec123mrjoec123 Posts: 223member
    Quote:
    Originally Posted by ChristoRogers View Post


    Yup. It gave me an error when trying to update normally when it was extracting or verifying, and now I'm restoring my iPhone as I type. It scared me at first because it was giving an unknown error when trying to restore, but it's working now...



    I didn't need to restore, but I haven't used Jailbreak or any other hack.



    So far so good. Safari seems to crash less often, but it's too early to be sure.
  • Reply 8 of 25
    mrjoec123mrjoec123 Posts: 223member
    Quote:
    Originally Posted by desarc View Post


    iTunes will automatically check for an update again on 8/7/07.

    isn't that the day that apple is supposed to announce iMacs? perhaps a bit more than iMacs?



    Aug 7 is a week from today. iTunes checks every week automatically. Don't read too much into it.



    Apple itself was very clear that there will only be Mac-related announcements on the 7th.
  • Reply 9 of 25
    Easy install here.
  • Reply 10 of 25
    So has anyone tried re-installing ringtones after updating their iPhones?
  • Reply 11 of 25
    irelandireland Posts: 17,798member
    Quote:
    Originally Posted by mrjoec123 View Post


    Aug 7 is a week from today. iTunes checks every week automatically. Don't read too much into it.



    Apple itself was very clear that there will only be Mac-related announcements on the 7th.



    Yet I can guarantee the crowds will try to persuade them wrong.
  • Reply 12 of 25
    michaelbmichaelb Posts: 242member
    Quote:
    Originally Posted by mrjoec123 View Post


    Apple itself was very clear that there will only be Mac-related announcements on the 7th.



    I don't buy it. I think it was just a clever ruse to keep Wall Street from sending Apple stock over $300 and 270,000 hit man contracts issued on Steve when he announces:



    "iPhone 2.0 - you've had the demo, now get the real thing. This one is 3G, has GPS functionality, Notes syncing, multiple email delete, and all those other bullet point wishlists that the suckers were waiting for with the 1.x update."



    "One more thing... no AT&T."



    Or of course it could be an iMac with a squished keyboard. Take your pick!
  • Reply 13 of 25
    Quote:
    Originally Posted by AppleInsider View Post


    Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.



    So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.
  • Reply 14 of 25
    palegolaspalegolas Posts: 1,361member
    How big is this update?

    I'm just curious of generally how big a system update for (portable) OS X is.
  • Reply 15 of 25
    Quote:
    Originally Posted by Walter Slocombe View Post


    So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.



    in this case, no that is not correct. javascript is not related to java, despite the fact that both use "java" in the name. at least, they are not related technologies in that a platform that does not support java does not say anything about it supporting javascript. iPhone's Safari does in fact support javascript and the vulnerability had nothing to do with java or their decision to not include its support.
  • Reply 16 of 25
    bacillusbacillus Posts: 313member
    It does not fix the polka dots issue.
  • Reply 17 of 25
    pbg4 dudepbg4 dude Posts: 1,611member
    Quote:
    Originally Posted by Walter Slocombe View Post


    So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.



    Javascript != Java



    Very important to know, and javascript is available on the iPhone or else "Web 2.0" wouldn't work on it.
  • Reply 18 of 25
    physguyphysguy Posts: 920member
    I've found only one specific bug that was fixed. Previously the iPhone would not remember by VPN password, now it does. If you don't enter a password it still only gives the numbers keypad to enter the password when you start VPN so that wasn't fixed. Also, the Stopwatch/Lap bug was not fixed.
  • Reply 19 of 25
    bacillusbacillus Posts: 313member
    Quote:
    Originally Posted by psychobass213 View Post


    So has anyone tried re-installing ringtones after updating their iPhones?



    Yes - I used iFuntastic 2.1.0, and it worked.
  • Reply 20 of 25
    Really quick install, about 5 minutes.

    It is curious, that updating has not been published on site of Apple and is accessible only through a player iTunes. Thus installation process is shown on computer display, instead of on the display of iPhone itself.
Sign In or Register to comment.