iPhone security posting suggests 2.2 firmware tomorrow
Germans documenting an exploit that forces an iPhone to dial an unwanted number have also potentially tipped users off to the imminent release of Apple's widely anticipated 2.2 firmware upgrade.
The Fraunhofer Institute for Secure Information's official release describes an attack which, after fooling users into visiting a maliciously crafted website, automatically kicks the phone into its dialer and composes a number without a chance to interrupt.
The trick theoretically allows the site owner to set up a 900 number or other calling destination that costs money or otherwise causes a problem.
Fraunhofer's Collin Mulliner notes that the exploit only requires three lines of code and is simple enough that anyone with "basic HTML knowledge" could add the formatting to a page and trigger the compromise.
While dangerous, the exploit was demonstrated to Apple a month ago with an understanding that it would be fixed soon.
The security experts, however, have also revealed that the necessary patch will surface in upcoming firmware from Apple -- code which Fraunhofer claims is due on November 21st.
Although the chance exists that the update in question is a minor maintenance update, the announcement comes just as Apple is generally believed to be wrapping up development of its major iPhone 2.2 upgrade, prompting speculation that the security fix is being rolled into the larger revision and is on the verge of being released.
After converting version 2.1 into a primarily bug-focused update, the electronics giant is known to be using 2.2 as a vehicle for several important feature requests. Among these will be a complete Google Maps refresh with Street View and non-driving directions, the ability to download podcasts over the air, an altered Safari and App Store client, and emoji icons for Japanese cellphone owners that often depend on them for text messaging.
The Fraunhofer Institute for Secure Information's official release describes an attack which, after fooling users into visiting a maliciously crafted website, automatically kicks the phone into its dialer and composes a number without a chance to interrupt.
The trick theoretically allows the site owner to set up a 900 number or other calling destination that costs money or otherwise causes a problem.
Fraunhofer's Collin Mulliner notes that the exploit only requires three lines of code and is simple enough that anyone with "basic HTML knowledge" could add the formatting to a page and trigger the compromise.
While dangerous, the exploit was demonstrated to Apple a month ago with an understanding that it would be fixed soon.
The security experts, however, have also revealed that the necessary patch will surface in upcoming firmware from Apple -- code which Fraunhofer claims is due on November 21st.
Although the chance exists that the update in question is a minor maintenance update, the announcement comes just as Apple is generally believed to be wrapping up development of its major iPhone 2.2 upgrade, prompting speculation that the security fix is being rolled into the larger revision and is on the verge of being released.
After converting version 2.1 into a primarily bug-focused update, the electronics giant is known to be using 2.2 as a vehicle for several important feature requests. Among these will be a complete Google Maps refresh with Street View and non-driving directions, the ability to download podcasts over the air, an altered Safari and App Store client, and emoji icons for Japanese cellphone owners that often depend on them for text messaging.
Comments
That's nice Apple, but how bout Push Notification? Calendar + To Do syncing with Gmail? Actual Push mail? Not 15 minute fetch! Or most importantly Dvorak keyboard support!?
hmmmm
I THINK IT STINKS
Feel better? That should tide you over for a while
That's nice Apple, but how Dvorak keyboard support!?
I use the Dvorak keyboard layout on full-sized keyboards, and much prefer it over QWERTY. But do you really think it would bring the same benefits to the virtual keyboard of the iPhone?
I use the Dvorak keyboard layout on full-sized keyboards, and much prefer it over QWERTY. But do you really think it would bring the same benefits to the virtual keyboard of the iPhone?
It probably wouldn't bring the same benefits, but at least their keyboards would be consistent across devices.
My Garmin GPS has a keyboard that is laid out in alphabetical order. It drives me batty.
Beyond that, I'd like Safari not to crash so much. Fed up with filling in web forms and it crashing just as I'm about to submit it. I'd like it to perform a bit better too, needs more snappy. Sometimes it can really get slow (then crash generally)...
That's nice Apple, but how bout Push Notification? Calendar + To Do syncing with Gmail? Actual Push mail? Not 15 minute fetch! Or most importantly Dvorak keyboard support!?
You're not going to see Apple come up with Google sync on the iPhone. Just won't happen. And no need to because it will happen other ways. Actual PUSH email exists on the iPhone using IMAP IDLE. Works great. Same with Mobile Me.
Push notifications - lets give them a pass on this. Obviously they saw with Mobileme their failure and instead of pushing it out the door unready, they are getting it ready.
Downloading it now
Iphone 2.2 firmware is available in itunes 8.0.2
Downloading it now
It says i cant collect to server.... is the server being hammered ?
keep trying....
http://www.apple.com/iphone/softwareupdate/
have fun!
It probably wouldn't bring the same benefits, but at least their keyboards would be consistent across devices.
My Garmin GPS has a keyboard that is laid out in alphabetical order. It drives me batty.
FYI, at least with Garmin nüvi you can change to a QUERTY keyboard layout - just go to Tools or Settings on the main menu screen.
Al
Then you select the file you just downloaded.
So far so good. Saferi seems faster and better. My Iphone feels fresh again.