1.0.1 Update

[launchpad]

Apple just released an update to the iPhone "version 1.0.1." There is no word about what changed, but it is reported to cover MANY “bug fixes. So go and get your update...

[Kender]

Phone v1.0.1 Update

Safari

CVE-ID: CVE-2007-2400

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site scripting

Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Safari

CVE-ID: CVE-2007-3944

Available for: iPhone v1.0

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

WebCore

CVE-ID: CVE-2007-2401

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: iPhone v1.0

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-2399

Available for: iPhone v1.0

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

[SimonTuffGuy]

Sweet! Downloading now.

[SimonTuffGuy]

I read that people we're having problems if they've hacked their phone (iFuntastic? Not sure if that's just come ringtones or what)...

I'm happy to report that everything is functioning correctly on mine, even the ringtones that I loaded with the iPhoneRingToneMaker program...

[iLoveIt]

I can't wait for them to release an update so you can download iTunes songs from iPhone and then use them as ringtones.

Haven't noticed a difference with 1.0.1 but I hope it's more secure.

[SimonTuffGuy]

iLoveIt - You Windows or Mac? Get the iPhoneRingtoneMaker that's posted on the site here... It cost me $10, but I can put unlimited ringtones on the phone and I had no problems updating it.

When Apple released their new iTunes update, you're going to get charged the regular fee to convert to a ringtone (I think it's $1)...

[iLoveIt]

I'm a mac but ten bucks is more just for a few, plus I hate third part software. I like things to mesh seemlessly.

[SimonTuffGuy]

Quote:

Originally Posted by iLoveIt

I'm a mac but ten bucks is more just for a few, plus u hate third part software. I like things to mesh seemlessly.

Eh - I'd hold off for Apple to release their iTunes update then that'll add new ringtones.

I thought when I saw the iTunes updated download to my PC on Friday that it would have that added in. Just looked to be some bug fixes.

While it doesn't mesh seemlessly, it does work and that's what I find important. It'll be interesting to see how it works when iTunes is ringtone-ready (will mine already display there, will iTunes pull them off the phone?)... Hmmm

I figured, $10 is 10 ringtones from Apple (plus waiting until they are ready to release their upgrade)... I shared it with my brother and we each loaded at least 5 ringtones to our phones. That pays for itself... If it doesn't work with iTunes when the new version is released, I'm sure an update will come out for it.

*shrug*

I just know that I'm enjoying my own custom ringtones without any problems from update 1.0.1... (while I saw reviews from people who did the jailbreak stuff or other hacked methods of getting ringtones who had to restore their phone before they could upgrade)...