New Security Updates v1.0.1 for Apple iPhone
Last update:  31-07-07 Submitted by assa
Views: 1280 Home Industry News Software News


Apple has just issued an updates v1.0.1 for the iPhone. It fixes the security problem of the Safari web browser. This update is only available through iTunes, and will not appear in your computer's Software Update application, or on the Apple Support Downloads site. iTunes automatically checks Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update.

iphone-1-0-1

iPhone v1.0.1 Update details

Safari

CVE-ID: CVE-2007-2400

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site scripting

Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Safari

CVE-ID: CVE-2007-3944

Available for: iPhone v1.0

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

WebCore

CVE-ID: CVE-2007-2401

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: iPhone v1.0

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-2399

Available for: iPhone v1.0

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

Source





 Lastest News in this category

mSpot's Make-UR-Tones and Remix Available for ATT users
AT&T announced today the immediate availability of mSpot's Make-UR-Tones and Remix.

UIQ Technology Updates UIQ to version 3.3
UIQ Technology today announced the availability of UIQ 3.3. UIQ 3.3 based on Symbian OS v 9.3 builds on the UIQ 3 family. It includes incremental e...

mobiPad controls S60 and UIQ with a WiiMote - cool party tricks sold seperately
This app is more of a Bluetooth profile than it is an application, but the bottom line is that it allows you to connect your WiiMote to your S60 de...

Gameloft Confirms Plans to Develop For iPhone With Over 15 Titles in 2008
Gameloft confirmed its intention to develop over 15 mobile games built upon Apple's iPhone Software Development Kit (SDK).

UIQ Technology announces the winners of the UIQ application competition '08
UIQ Technology announced the winners of the UIQ Open, a developer competition aimed at finding the most innovative, useful and entertaining third-p...



 Free Mobile Phone Wallpaper

uyle_284

128w_2309

miot_33

128w_516



Recommend: SlashGear / Instinct Phone cases / iPhone Video accessories / MY iTablet / PHONE Magazine / Android Community Store
iPod Touch Store / Apple-Touch.com / iPhone Buzz / Macbook touch / Android Community / Palm Pre Accessories / Pre Cases / Verizon Storm / HTC Diamond / Pre Cases / Palm Eos / BlackBerry Bold Accessories / BlackBerry Bold cases / BlackBerry Bold Accessories / My Pre Community / Bold Cases / Android Market
Pre Accessories / Palm Pre Cases / Palm Pre Accessories / My Pre Accessories
SlashGear.TV / the Instinct Phone / Pre Accessories / iPhone 3G Accessories / iPhone 3G Cases / MY Pre / MY Pre forums / G1 Accessories / G1 Accessories / iPhone 3G S Accessories / iPhone 3G S Cases / url.ag / i7500
Logos & trademarks in this site are property of their respective owner(s). The comments are property of their posters, the rest © SlashPhone.
Privacy Policy | Terms of Use | Got Suggestions?: SlashPhone Tipline / SlashPhone Editor / Vincent Nguyen
Designed and Developed by Ewdison Then. SlashPhone is part of R3 Media, Blogging Life and Powered by Madserve.com
.