iPhone Update 1.0.1 Now Available, Fixes Safari Security Breach, Other BugsS

Click to viewiPhone Firmware Update v1.0.1 is now available through iTunes, and it will "fix bugs." The JesusPhone is getting an apparently minor upgrade, but the consequences are huge to your security. Discover why after the jump. [Last Updated Aug 1 08:30AM EST - NEW: full listing of changes after the jump.]

iPhone Update 1.0.1 Now Available, Fixes Safari Security Breach, Other BugsS

Updated 8:30PM EST

• The most important thing is this: the upgrade closes the big Safari security breach discovered earlier this month, which allowed malicious pages to take total control of your iPhone:

Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

In three words: download it now.

• It works.

• iFuntastic works.

• We needed to do a system restore first. iTunes didn't recognized our unholy, hacked jesusPhone.

• Apple may be biting back the hackers. The iPhone Dev Team is on top of it.

Reader observations

• Jason Fulkerson says: "Not seeing any major changes with the firmware - although the mail client has decided that all the email I've received since I got the iPhone is "new" again, bit of a pain."

• Our own Jason Chen says that he is happy that all is fine with his iPhone after the update, as he keeps writing his awesome iPhone book.

Updated 9:12PM EST Again on Aug 1 08:30AM EST

From the iPhone Dev Wiki:

• Full system wipe on modded phones [apparently it fails integrity check, but other people report they had no problems with this. It may be one of the mods affecting the check.]

• Downgrade does not work.

• The phone goes back through the activation process (DVD Jon's method has been confirmed to work still.)

Jailbreak appears to be broken as of all reports coming in, work is going on to see if it can be made to work. Jailbreak 1.0 appears to work fine.

iPhoneInterface does not work anymore The latest version works.

Updated 9:25PM EST

• There seems to be other bug fixes, not only security.

• YouTube lists work.

• The "This Week" tab under "Most Popular" in the YouTube application is fixed: it no longer duplicates the contents of the "All Time" tab.

Updated 9:40PM EST

• Reader Mike Albert Jr is saying that his Exchange folders show up now: "after updating my iPhone firmware, my exchange server folders show up. When I delete an email in outlook, the email is removed from my iPhone." Maybe NASA will reconsider their decision now.

• We don't use Exchange (thank you, $deity) so we can't check it out. Other readers are reporting that their IMAP accounts now show folders too.

iPhone Dev Team points to the full list of changes

Updated 10:15PM EST

• Some publications are reporting increased stability, but we think it's too early too tell.

Updated 11:30 EST

iPhone Dev Team points to the full list of changes. Notice that many things have changed, including applications like Mail, Address Book and Music Player, even if they are not noticeable on the user end.

88c88
< ./Applications/MobileMail.app/Default-AccountSetup.png 2167 > ./Applications/MobileMail.app/Default-AccountSetup.png 2204
90,91c90,91
< ./Applications/MobileMail.app/Default.png 9723
< ./Applications/MobileMail.app/English.lproj/Main.strings 3312 > ./Applications/MobileMail.app/Default.png 9736
> ./Applications/MobileMail.app/English.lproj/Main.strings 3358
93c93
< ./Applications/MobileMail.app/MobileMail 376940 > ./Applications/MobileMail.app/MobileMail 381176
226c226
< ./Applications/MobileNotes.app/English.lproj/Main.strings 288 > ./Applications/MobileNotes.app/English.lproj/Main.strings 422
228c228
< ./Applications/MobileNotes.app/MobileNotes 89572 > ./Applications/MobileNotes.app/MobileNotes 93812
283c283
< ./Applications/MobilePhone.app/MobilePhone 569000 > ./Applications/MobilePhone.app/MobilePhone 569020
384c384
< ./Applications/MobileSafari.app/English.lproj/Localizable.strings 4373 > ./Applications/MobileSafari.app/English.lproj/Localizable.strings 4395
389c389
< ./Applications/MobileSafari.app/MobileSafari 402596 > ./Applications/MobileSafari.app/MobileSafari 402648
404c404
< ./Applications/MobileSafari.app/StaticBookmarks.plist 252 > ./Applications/MobileSafari.app/StaticBookmarks.plist 256
441c441
< ./Applications/MobileSlideShow.app/MobileSlideShow 43420 > ./Applications/MobileSlideShow.app/MobileSlideShow 43468
514c514
< ./Applications/Preferences.app/English.lproj/Localizable.strings 1153 > ./Applications/Preferences.app/English.lproj/Localizable.strings 1200
516c516
< ./Applications/Preferences.app/English.lproj/Passcode 859 > ./Applications/Preferences.app/English.lproj/Passcode 1160
523c523
< ./Applications/Preferences.app/English.lproj/legal-disclaimer.html 134819 > ./Applications/Preferences.app/English.lproj/legal-disclaimer.html 135438
530c530
< ./Applications/Preferences.app/Passcode 676 > ./Applications/Preferences.app/Passcode 849
532c532
< ./Applications/Preferences.app/Preferences 125196 > ./Applications/Preferences.app/Preferences 124236
538c538
< ./Applications/Preferences.app/Settings.plist 1206 > ./Applications/Preferences.app/Settings.plist 1230
748c748
< ./Applications/YouTube.app/YouTube 228512 > ./Applications/YouTube.app/YouTube 232652
852,853c852,853
< ./System/Library/Caches/com.apple.kernelcaches/kernelcache.release.s5l8900xrb 3260467
< ./System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900xrb 3260467 > ./System/Library/Caches/com.apple.kernelcaches/kernelcache.release.s5l8900xrb 3262608
> ./System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900xrb 3262608
926c926
< ./System/Library/CoreServices/SpringBoard.app/English.lproj/SpringBoard.strings 10555 > ./System/Library/CoreServices/SpringBoard.app/English.lproj/SpringBoard.strings 10710
988c988
< ./System/Library/CoreServices/SpringBoard.app/SpringBoard 691216 > ./System/Library/CoreServices/SpringBoard.app/SpringBoard 695456
1009c1009
< ./System/Library/CoreServices/SystemVersion.plist 467 > ./System/Library/CoreServices/SystemVersion.plist 466
1148c1148
< ./System/Library/Frameworks/AddressBookUI.framework/AddressBookUI 428692 > ./System/Library/Frameworks/AddressBookUI.framework/AddressBookUI 428708
1150c1150
< ./System/Library/Frameworks/AddressBookUI.framework/Info.plist 371 > ./System/Library/Frameworks/AddressBookUI.framework/Info.plist 373
1168c1168
< ./System/Library/Frameworks/CFNetwork.framework/CFNetwork 395996 > ./System/Library/Frameworks/CFNetwork.framework/CFNetwork 396352
1178c1178
< ./System/Library/Frameworks/Celestial.framework/Celestial 1076832 > ./System/Library/Frameworks/Celestial.framework/Celestial 1081148
1180,1181c1180,1181
< ./System/Library/Frameworks/Celestial.framework/English.lproj/Localizable.strings 446
< ./System/Library/Frameworks/Celestial.framework/Info.plist 322 > ./System/Library/Frameworks/Celestial.framework/English.lproj/Localizable.strings 469
> ./System/Library/Frameworks/Celestial.framework/Info.plist 324
1195,1196c1195,1196
< ./System/Library/Frameworks/CoreSurface.framework/Info.plist 670
< ./System/Library/Frameworks/CoreTelephony.framework/CoreTelephony 208052 > ./System/Library/Frameworks/CoreSurface.framework/Info.plist 674
> ./System/Library/Frameworks/CoreTelephony.framework/CoreTelephony 208216
1199c1199
< ./System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter 378248 > ./System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter 383704
1218c1218
< ./System/Library/Frameworks/GraphicsServices.framework/GraphicsServices 65300 > ./System/Library/Frameworks/GraphicsServices.framework/GraphicsServices 65396
1223c1223
< ./System/Library/Frameworks/IAP.framework/Support/iapd 1012928 > ./System/Library/Frameworks/IAP.framework/Support/iapd 1017080
1236c1236
< ./System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore 675864 > ./System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore 667012
1244,1245c1244,1245
< ./System/Library/Frameworks/MeCCA.framework/Info.plist 722
< ./System/Library/Frameworks/MeCCA.framework/MeCCA 1265584 > ./System/Library/Frameworks/MeCCA.framework/Info.plist 726
> ./System/Library/Frameworks/MeCCA.framework/MeCCA 1265912
1252c1252
< ./System/Library/Frameworks/Message.framework/Message 1157912 > ./System/Library/Frameworks/Message.framework/Message 1165072
1266c1266
< ./System/Library/Frameworks/MessageUI.framework/MessageUI 266192 > ./System/Library/Frameworks/MessageUI.framework/MessageUI 266668
1285c1285
< ./System/Library/Frameworks/MobileMusicPlayer.framework/MobileMusicPlayer 30760 > ./System/Library/Frameworks/MobileMusicPlayer.framework/MobileMusicPlayer 34856
1288c1288
< ./System/Library/Frameworks/MoviePlayerUI.framework/MoviePlayerUI 178400 > ./System/Library/Frameworks/MoviePlayerUI.framework/MoviePlayerUI 177492
1312,1313c1312,1313
< ./System/Library/Frameworks/MusicLibrary.framework/MusicLibrary 417396
< ./System/Library/Frameworks/OfficeImport.framework/Versions/A/OfficeImport 5237436 > ./System/Library/Frameworks/MusicLibrary.framework/MusicLibrary 418364
> ./System/Library/Frameworks/OfficeImport.framework/Versions/A/OfficeImport 5237548
1323c1323
< ./System/Library/Frameworks/PhotoLibrary.framework/English.lproj/Main.strings 2514 > ./System/Library/Frameworks/PhotoLibrary.framework/English.lproj/Main.strings 2511
1325c1325
< ./System/Library/Frameworks/PhotoLibrary.framework/PhotoLibrary 380044 > ./System/Library/Frameworks/PhotoLibrary.framework/PhotoLibrary 385900
1353c1353
< ./System/Library/Frameworks/Preferences.framework/Preferences 258156 > ./System/Library/Frameworks/Preferences.framework/Preferences 258400
1371c1371
< ./System/Library/Frameworks/TelephonyUI.framework/TelephonyUI 111884 > ./System/Library/Frameworks/TelephonyUI.framework/TelephonyUI 112336
1461c1461
< ./System/Library/Frameworks/UIKit.framework/UIKit 2184512 > ./System/Library/Frameworks/UIKit.framework/UIKit 2189124
1551c1551
< ./System/Library/Frameworks/WebCore.framework/WebCore 4625660 > ./System/Library/Frameworks/WebCore.framework/WebCore 4635516
1571c1571
< ./System/Library/Internet 43860 > ./System/Library/Internet 48264
1600c1600
< ./System/Library/PreferenceBundles/AirPortSettings.bundle/AirPortSettings 145948 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/AirPortSettings 145932
1604c1604
< ./System/Library/PreferenceBundles/AirPortSettings.bundle/English.lproj/Other 414 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/English.lproj/Other 399
1606c1606
< ./System/Library/PreferenceBundles/AirPortSettings.bundle/Info.plist 423 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/Info.plist 425
1610c1610
< ./System/Library/PreferenceBundles/AirPortSettings.bundle/Other 674 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/Other 655
1628c1628
< ./System/Library/PreferenceBundles/BluetoothSettings.bundle/BluetoothSettings 52732 > ./System/Library/PreferenceBundles/BluetoothSettings.bundle/BluetoothSettings 56956
1634c1634
< ./System/Library/PreferenceBundles/CarrierSettings.bundle/CarrierSettings 44792 > ./System/Library/PreferenceBundles/CarrierSettings.bundle/CarrierSettings 44816
1649c1649
< ./System/Library/PreferenceBundles/MobileMailSettings.bundle/English.lproj/Preferences.strings 6702 > ./System/Library/PreferenceBundles/MobileMailSettings.bundle/English.lproj/Preferences.strings 7008
1651c1651
< ./System/Library/PreferenceBundles/MobileMailSettings.bundle/MobileMailSettings 173964 > ./System/Library/PreferenceBundles/MobileMailSettings.bundle/MobileMailSettings 178888
1673c1673
< ./System/Library/PreferenceBundles/MobilePhoneSettings.bundle/Services.plist 513 > ./System/Library/PreferenceBundles/MobilePhoneSettings.bundle/Services.plist 517
1687c1687
< ./System/Library/PreferenceBundles/VPNPreferences.bundle/English.lproj/MobileVPN.strings 1850 > ./System/Library/PreferenceBundles/VPNPreferences.bundle/English.lproj/MobileVPN.strings 1900
1691c1691
< ./System/Library/PreferenceBundles/VPNPreferences.bundle/VPNPreferences 99472 > ./System/Library/PreferenceBundles/VPNPreferences.bundle/VPNPreferences 99632
1725c1725
< ./System/Library/SystemConfiguration/Aeropuerto.bundle/Aeropuerto 142040 > ./System/Library/SystemConfiguration/Aeropuerto.bundle/Aeropuerto 146152
1729,1730c1729,1730
< ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration 165892
< ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration.xml 1714 > ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration 166596
> ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration.xml 1827
1770c1770
< ./private/etc/bluetool/deepsleep.script 170 > ./private/etc/bluetool/deepsleep.script 171
1772c1772
< ./private/etc/bluetool/init.script 2720 > ./private/etc/bluetool/init.script 2841
1787c1787
< ./private/var/db/dyld/update-prebinding-paths.txt 5763 > ./private/var/db/dyld/update-prebinding-paths.txt 6519
1819c1819
< ./usr/lib/liblockdown.dylib 31372 > ./usr/lib/liblockdown.dylib 31620
1831c1831
< ./usr/libexec/SyncAgent 167980 > ./usr/libexec/SyncAgent 167988
1834c1834
< ./usr/libexec/crashreporterd 23896 > ./usr/libexec/crashreporterd 24048
1837c1837
< ./usr/libexec/lockdownd 747188 > ./usr/libexec/lockdownd 751480
1839c1839
< ./usr/libexec/ptpd 133076 > ./usr/libexec/ptpd 133024
1842c1842
< ./usr/sbin/BTServer 1036448 > ./usr/sbin/BTServer 1040832
1846c1846
< ./usr/sbin/mDNSResponder 278660 > ./usr/sbin/mDNSResponder 278688



Keep checking for updates as we go through our bug list and experiment. If you have anything to tell us about your update experience, use the comments or tips.

Full Apple iPhone security bug fixes list

Safari

CVE-ID: CVE-2007-2400

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site scripting

Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Safari

CVE-ID: CVE-2007-3944

Available for: iPhone v1.0

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

WebCore

CVE-ID: CVE-2007-2401

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: iPhone v1.0

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-2399

Available for: iPhone v1.0

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

[Apple]