Official iPhone Software Update 1.01 Discussion

insocal

New Member
Bronze
Jun 25, 2007
58
0
0
I can confirm that it changed from 'cc' to 'bcc'. I looked it both before and after the update and saw the change.
Thanks so much for verifying!

Interesting that it isn't mentioned ANYWHERE in the DOCUMENTATION including the 'UPDATED' manual. Although, the new manual is DATED August 1st so maybe it will be 'NEW' tomorrow?

Either way, I'm glad about the addition.
 

tharmsen

New Member
Silver
Jul 5, 2007
873
0
0
Does anyone know what this new update specifically does?
LOL... yeah, it's been posted about a hundred times... :p Here ya go again:

  • Safari
    CVE-ID: CVE-2007-2400
    Available for: iPhone v1.0
    Impact: Visiting a malicious website may allow cross-site scripting
    Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.
  • Safari
    CVE-ID: CVE-2007-3944
    Available for: iPhone v1.0
    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
    Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
  • WebCore
    CVE-ID: CVE-2007-2401
    Available for: iPhone v1.0
    Impact: Visiting a malicious website may allow cross-site requests
    Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
  • WebKit
    CVE-ID: CVE-2007-3742
    Available for: iPhone v1.0
    Impact: Look-alike characters in a URL could be used to masquerade a website
    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
  • WebKit
    CVE-ID: CVE-2007-2399
    Available for: iPhone v1.0
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
 

chefj

New Member
Bronze
Jun 17, 2007
43
0
0
anybody having problems with there ipohone interface working after reinstalling jailbreak?
 

stpamamos

Member
Bronze
Jul 31, 2007
33
0
6
Back-up your photos.

If you took any photos on your phone that you don't want to lose I would suggest backing them up before getting the update. I just emailed them to myself to back them up. After installing the update my camera roll photos were erased and my youtube bookmarks were erased.
 

iAsh

New Member
Jul 31, 2007
4
0
0
I notice that some people had to restore their iPhone. I didn't have mine modded and it only took just a few mins for the software to complete without restoring.
 

chefj

New Member
Bronze
Jun 17, 2007
43
0
0
I noticed 2 major things right away.

1. Mail app opens email much faster
2. This is the big one.. music plays through the speaker AND THE MIC. Before it used to only play though one side. Someone please verify that I am not imagining things...
Mine only plays through the one side still....LUCKY!
 

edw1nk

New Member
Jul 7, 2007
24
0
1
i barely got the nerve to mod my homescreen icons (only because it was a loaner phone). and now im stuck on a slow connection downloading the 91mb file
 

Iceblinkluck

New Member
Bronze
Mar 30, 2007
129
0
0
Long Island NY
Mine only plays through the one side still....LUCKY!
This update worked fine for me. I noticed no change in the speaker function. All of my info, including ringtones added by the ringtone maker were there. This was updated using the mac that I sync the phone with.