Apple's first iPhone software update address security, bugs
Apple on Tuesday evening addressed concerns about potentially dangerous security holes in the mobile version of its Safari web browser with the first ever software update to its new iPhone handset.
Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.
The latter scripting flaw was heavily publicized last week when consultants from Independent Security Evaluators used it to effectively hijack the phone's core functions.
Also addressed by software patch were three separate issues within the company's WebCore and WebKit platforms that form the backbone of Safari. Two of the fixes guard against false XML requests and frame rendering glitches that could be used to control the phone or crash the browser through memory errors.
Like recent iPod updates, the iPhone fix is downloadable solely through iTunes and can be installed the next time the phone is docked or detected by the jukebox software.
In a brief set of release notes, Apple said the iPhone software update also includes several "bug fixes." The company recommends that users install the patch "immediately."
Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.
The latter scripting flaw was heavily publicized last week when consultants from Independent Security Evaluators used it to effectively hijack the phone's core functions.
Also addressed by software patch were three separate issues within the company's WebCore and WebKit platforms that form the backbone of Safari. Two of the fixes guard against false XML requests and frame rendering glitches that could be used to control the phone or crash the browser through memory errors.
Like recent iPod updates, the iPhone fix is downloadable solely through iTunes and can be installed the next time the phone is docked or detected by the jukebox software.
In a brief set of release notes, Apple said the iPhone software update also includes several "bug fixes." The company recommends that users install the patch "immediately."
Comments
Apple has tackled concerns about potentially dangerous security holes in its mobile version of Safari with the first revision to the iPhone's code.
Tuesday marked the release of Apple's first ever fix for the iPhone since the product's June 29th release and mends vulnerabilities relating to visiting malicious websites.
First Post?! - Maybe...
Any word on whether this patch just deals with Safari? What about the little idiosyncrasies of the other apps on the phone and the wishlists that have been reported on or dreamed about. What is it's status, anyone?
It killed my ringtones. As soon as it's done installing, I'll let you know if I can use Jailbreak again.
Anybody else have to restore their iPhone in order to install the update?
It killed my ringtones. As soon as it's done installing, I'll let you know if I can use Jailbreak again.
Yup. It gave me an error when trying to update normally when it was extracting or verifying, and now I'm restoring my iPhone as I type. It scared me at first because it was giving an unknown error when trying to restore, but it's working now...
and 1.0.1 1C25 is so much snappier than 1.0 (had to say it!!)
lol.
no new functionality but bug fixes are good before Aug 2!
I really hope a lot of cool stuff comes with Leopard for the Apple TV and iPhone.
isn't that the day that apple is supposed to announce iMacs? perhaps a bit more than iMacs?
Yup. It gave me an error when trying to update normally when it was extracting or verifying, and now I'm restoring my iPhone as I type. It scared me at first because it was giving an unknown error when trying to restore, but it's working now...
I didn't need to restore, but I haven't used Jailbreak or any other hack.
So far so good. Safari seems to crash less often, but it's too early to be sure.
iTunes will automatically check for an update again on 8/7/07.
isn't that the day that apple is supposed to announce iMacs? perhaps a bit more than iMacs?
Aug 7 is a week from today. iTunes checks every week automatically. Don't read too much into it.
Apple itself was very clear that there will only be Mac-related announcements on the 7th.
Aug 7 is a week from today. iTunes checks every week automatically. Don't read too much into it.
Apple itself was very clear that there will only be Mac-related announcements on the 7th.
Yet I can guarantee the crowds will try to persuade them wrong.
Apple itself was very clear that there will only be Mac-related announcements on the 7th.
I don't buy it. I think it was just a clever ruse to keep Wall Street from sending Apple stock over $300 and 270,000 hit man contracts issued on Steve when he announces:
"iPhone 2.0 - you've had the demo, now get the real thing. This one is 3G, has GPS functionality, Notes syncing, multiple email delete, and all those other bullet point wishlists that the suckers were waiting for with the 1.x update."
"One more thing... no AT&T."
Or of course it could be an iMac with a squished keyboard. Take your pick!
Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.
So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.
I'm just curious of generally how big a system update for (portable) OS X is.
So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.
in this case, no that is not correct. javascript is not related to java, despite the fact that both use "java" in the name. at least, they are not related technologies in that a platform that does not support java does not say anything about it supporting javascript. iPhone's Safari does in fact support javascript and the vulnerability had nothing to do with java or their decision to not include its support.
So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.
Javascript != Java
Very important to know, and javascript is available on the iPhone or else "Web 2.0" wouldn't work on it.
So has anyone tried re-installing ringtones after updating their iPhones?
Yes - I used iFuntastic 2.1.0, and it worked.
It is curious, that updating has not been published on site of Apple and is accessible only through a player iTunes. Thus installation process is shown on computer display, instead of on the display of iPhone itself.