Apple's first iPhone software update address security, bugs

[AppleInsider]

Apple on Tuesday evening addressed concerns about potentially dangerous security holes in the mobile version of its Safari web browser with the first ever software update to its new iPhone handset.

Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.

The latter scripting flaw was heavily publicized last week when consultants from Independent Security Evaluators used it to effectively hijack the phone's core functions.

Also addressed by software patch were three separate issues within the company's WebCore and WebKit platforms that form the backbone of Safari. Two of the fixes guard against false XML requests and frame rendering glitches that could be used to control the phone or crash the browser through memory errors.

Like recent iPod updates, the iPhone fix is downloadable solely through iTunes and can be installed the next time the phone is docked or detected by the jukebox software.

In a brief set of release notes, Apple said the iPhone software update also includes several "bug fixes." The company recommends that users install the patch "immediately."

[ View this article at AppleInsider.com ]

[Rot'nApple]

Quote:

Originally Posted by AppleInsider

Apple has tackled concerns about potentially dangerous security holes in its mobile version of Safari with the first revision to the iPhone's code.

Tuesday marked the release of Apple's first ever fix for the iPhone since the product's June 29th release and mends vulnerabilities relating to visiting malicious websites.

First Post?! - Maybe...

Any word on whether this patch just deals with Safari? What about the little idiosyncrasies of the other apps on the phone and the wishlists that have been reported on or dreamed about. What is it's status, anyone?

[mstone]

Cool deal

[donlphi]

Anybody else have to restore their iPhone in order to install the update?

It killed my ringtones. As soon as it's done installing, I'll let you know if I can use Jailbreak again.

[ChristoRogers]

Quote:

Originally Posted by donlphi

Anybody else have to restore their iPhone in order to install the update?

It killed my ringtones. As soon as it's done installing, I'll let you know if I can use Jailbreak again.

Yup. It gave me an error when trying to update normally when it was extracting or verifying, and now I'm restoring my iPhone as I type. It scared me at first because it was giving an unknown error when trying to restore, but it's working now...

[sandau]

flawless install.

and 1.0.1 1C25 is so much snappier than 1.0 (had to say it!!)

lol.

no new functionality but bug fixes are good before Aug 2!

I really hope a lot of cool stuff comes with Leopard for the Apple TV and iPhone.

[desarc]

iTunes will automatically check for an update again on 8/7/07.
isn't that the day that apple is supposed to announce iMacs? perhaps a bit more than iMacs?

[mrjoec123]

Quote:

Originally Posted by ChristoRogers

Yup. It gave me an error when trying to update normally when it was extracting or verifying, and now I'm restoring my iPhone as I type. It scared me at first because it was giving an unknown error when trying to restore, but it's working now...

I didn't need to restore, but I haven't used Jailbreak or any other hack.

So far so good. Safari seems to crash less often, but it's too early to be sure.

[mrjoec123]

Quote:

Originally Posted by desarc

iTunes will automatically check for an update again on 8/7/07.
isn't that the day that apple is supposed to announce iMacs? perhaps a bit more than iMacs?

Aug 7 is a week from today. iTunes checks every week automatically. Don't read too much into it.

Apple itself was very clear that there will only be Mac-related announcements on the 7th.

[Proximityeffect]

Easy install here.

[psychobass213]

So has anyone tried re-installing ringtones after updating their iPhones?

[Ireland]

Quote:

Originally Posted by mrjoec123

Aug 7 is a week from today. iTunes checks every week automatically. Don't read too much into it.

Apple itself was very clear that there will only be Mac-related announcements on the 7th.

Yet I can guarantee the crowds will try to persuade them wrong.

[michaelb]

Quote:

Originally Posted by mrjoec123

Apple itself was very clear that there will only be Mac-related announcements on the 7th.

I don't buy it. I think it was just a clever ruse to keep Wall Street from sending Apple stock over $300 and 270,000 hit man contracts issued on Steve when he announces:

"iPhone 2.0 - you've had the demo, now get the real thing. This one is 3G, has GPS functionality, Notes syncing, multiple email delete, and all those other bullet point wishlists that the suckers were waiting for with the 1.x update."

"One more thing... no AT&T."

Or of course it could be an iMac with a squished keyboard. Take your pick!

[Walter Slocombe]

Quote:

Originally Posted by AppleInsider

Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.

So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.

[palegolas]

How big is this update?
I'm just curious of generally how big a system update for (portable) OS X is.

[tsvisser]

Quote:

Originally Posted by Walter Slocombe

So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.

in this case, no that is not correct. javascript is not related to java, despite the fact that both use "java" in the name. at least, they are not related technologies in that a platform that does not support java does not say anything about it supporting javascript. iPhone's Safari does in fact support javascript and the vulnerability had nothing to do with java or their decision to not include its support.

[Bacillus]

It does not fix the polka dots issue.

[PBG4 Dude]

Quote:

Originally Posted by Walter Slocombe

So am I right in thinking that in part Java is to blame? if so then Apple are right to leave it off the iPhone, it wouldnt be the first time Java has bit them.

Javascript != Java

Very important to know, and javascript is available on the iPhone or else "Web 2.0" wouldn't work on it.

[physguy]

I've found only one specific bug that was fixed. Previously the iPhone would not remember by VPN password, now it does. If you don't enter a password it still only gives the numbers keypad to enter the password when you start VPN so that wasn't fixed. Also, the Stopwatch/Lap bug was not fixed.

[Bacillus]

Quote:

Originally Posted by psychobass213

So has anyone tried re-installing ringtones after updating their iPhones?

Yes - I used iFuntastic 2.1.0, and it worked.

[violo25]

Really quick install, about 5 minutes.
It is curious, that updating has not been published on site of Apple and is accessible only through a player iTunes. Thus installation process is shown on computer display, instead of on the display of iPhone itself.

[bitWrangler]

No problems here with the update. It did seem to "pause" for a while in the middle (the progress bar did not advance in iTunes or the iPhone, but that only lasted for a couple of minutes. I am happy to get the update as I've had Safari crap out on me multiple times and yesterday the phone freaked out (the home screen refreshed continuously about once every second).

[filburt]

Quote:

Originally Posted by sandau

flawless install.

and 1.0.1 1C25 is so much snappier than 1.0 (had to say it!!)

In all seriousness, many are reporting the same thing but I think it's the requisite reboot that explains snappier performance.

[physguy]

Quote:

Originally Posted by filburt

In all seriousness, many are reporting the same thing but I think it's the requisite reboot that explains snappier performance.

Not in my case as I have rebooted several times, on general principle, during the 4 weeks I've had the phone. It is currently 'snappier' than at any time before the update. For example playing the 'Bejewled' game (which is local javascript once loaded) is visibly faster in updating the screen after a move.

[Mojo]

after running the update today, my exchange account is working perfectly with all the various subfolders showing up and syncing with iphoto finally works correctly for me. Before the update, I had problems with photos not deleting from the iphone after being imported to iphoto and thats been resolved as well

[cyko95]

This may be simply my mail server's problem, but has anyone else noticed emails taking a LOT longer to send out than before the update? No matter if i'm on wifi or edge it takes at least a couple minutes or so now. Before it was like 15 - 20 seconds.