Jul 31, 2007 11:30 PM
38,089
Enter your username and password.
iPhone Firmware Update v1.0.1 is now available through iTunes, and it will "fix bugs." The JesusPhone is getting an apparently minor upgrade, but the consequences are huge to your security. Discover why after the jump. [Last Updated Aug 1 08:30AM EST - NEW: full listing of changes after the jump.]
Updated 8:30PM EST
• The most important thing is this: the upgrade closes the big Safari security breach discovered earlier this month, which allowed malicious pages to take total control of your iPhone:
Viewing a maliciously crafted web page may lead to arbitrary code executionDescription: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
In three words: download it now.
• It works.
• iFuntastic works.
• We needed to do a system restore first. iTunes didn't recognized our unholy, hacked jesusPhone.
• Apple may be biting back the hackers. The iPhone Dev Team is on top of it.
Reader observations
• Jason Fulkerson says: "Not seeing any major changes with the firmware - although the mail client has decided that all the email I've received since I got the iPhone is "new" again, bit of a pain."
• Our own Jason Chen says that he is happy that all is fine with his iPhone after the update, as he keeps writing his awesome iPhone book.
Updated 9:12PM EST Again on Aug 1 08:30AM EST
From the iPhone Dev Wiki:
• Full system wipe on modded phones [apparently it fails integrity check, but other people report they had no problems with this. It may be one of the mods affecting the check.]
• Downgrade does not work.
• The phone goes back through the activation process (DVD Jon's method has been confirmed to work still.)
• Jailbreak appears to be broken as of all reports coming in, work is going on to see if it can be made to work. Jailbreak 1.0 appears to work fine.
• iPhoneInterface does not work anymore The latest version works.
Updated 9:25PM EST
• There seems to be other bug fixes, not only security.
• YouTube lists work.
• The "This Week" tab under "Most Popular" in the YouTube application is fixed: it no longer duplicates the contents of the "All Time" tab.
Updated 9:40PM EST
• Reader Mike Albert Jr is saying that his Exchange folders show up now: "after updating my iPhone firmware, my exchange server folders show up. When I delete an email in outlook, the email is removed from my iPhone." Maybe NASA will reconsider their decision now.
• We don't use Exchange (thank you, $deity) so we can't check it out. Other readers are reporting that their IMAP accounts now show folders too.
iPhone Dev Team points to the full list of changes
Updated 10:15PM EST
• Some publications are reporting increased stability, but we think it's too early too tell.
Updated 11:30 EST
iPhone Dev Team points to the full list of changes. Notice that many things have changed, including applications like Mail, Address Book and Music Player, even if they are not noticeable on the user end.
88c88 < ./Applications/MobileMail.app/Default-AccountSetup.png 2167 > ./Applications/MobileMail.app/Default-AccountSetup.png 2204 90,91c90,91 < ./Applications/MobileMail.app/Default.png 9723 < ./Applications/MobileMail.app/English.lproj/Main.strings 3312 > ./Applications/MobileMail.app/Default.png 9736 > ./Applications/MobileMail.app/English.lproj/Main.strings 3358 93c93 < ./Applications/MobileMail.app/MobileMail 376940 > ./Applications/MobileMail.app/MobileMail 381176 226c226 < ./Applications/MobileNotes.app/English.lproj/Main.strings 288 > ./Applications/MobileNotes.app/English.lproj/Main.strings 422 228c228 < ./Applications/MobileNotes.app/MobileNotes 89572 > ./Applications/MobileNotes.app/MobileNotes 93812 283c283 < ./Applications/MobilePhone.app/MobilePhone 569000 > ./Applications/MobilePhone.app/MobilePhone 569020 384c384 < ./Applications/MobileSafari.app/English.lproj/Localizable.strings 4373 > ./Applications/MobileSafari.app/English.lproj/Localizable.strings 4395 389c389 < ./Applications/MobileSafari.app/MobileSafari 402596 > ./Applications/MobileSafari.app/MobileSafari 402648 404c404 < ./Applications/MobileSafari.app/StaticBookmarks.plist 252 > ./Applications/MobileSafari.app/StaticBookmarks.plist 256 441c441 < ./Applications/MobileSlideShow.app/MobileSlideShow 43420 > ./Applications/MobileSlideShow.app/MobileSlideShow 43468 514c514 < ./Applications/Preferences.app/English.lproj/Localizable.strings 1153 > ./Applications/Preferences.app/English.lproj/Localizable.strings 1200 516c516 < ./Applications/Preferences.app/English.lproj/Passcode 859 > ./Applications/Preferences.app/English.lproj/Passcode 1160 523c523 < ./Applications/Preferences.app/English.lproj/legal-disclaimer.html 134819 > ./Applications/Preferences.app/English.lproj/legal-disclaimer.html 135438 530c530 < ./Applications/Preferences.app/Passcode 676 > ./Applications/Preferences.app/Passcode 849 532c532 < ./Applications/Preferences.app/Preferences 125196 > ./Applications/Preferences.app/Preferences 124236 538c538 < ./Applications/Preferences.app/Settings.plist 1206 > ./Applications/Preferences.app/Settings.plist 1230 748c748 < ./Applications/YouTube.app/YouTube 228512 > ./Applications/YouTube.app/YouTube 232652 852,853c852,853 < ./System/Library/Caches/com.apple.kernelcaches/kernelcache.release.s5l8900xrb 3260467 < ./System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900xrb 3260467 > ./System/Library/Caches/com.apple.kernelcaches/kernelcache.release.s5l8900xrb 3262608 > ./System/Library/Caches/com.apple.kernelcaches/kernelcache.s5l8900xrb 3262608 926c926 < ./System/Library/CoreServices/SpringBoard.app/English.lproj/SpringBoard.strings 10555 > ./System/Library/CoreServices/SpringBoard.app/English.lproj/SpringBoard.strings 10710 988c988 < ./System/Library/CoreServices/SpringBoard.app/SpringBoard 691216 > ./System/Library/CoreServices/SpringBoard.app/SpringBoard 695456 1009c1009 < ./System/Library/CoreServices/SystemVersion.plist 467 > ./System/Library/CoreServices/SystemVersion.plist 466 1148c1148 < ./System/Library/Frameworks/AddressBookUI.framework/AddressBookUI 428692 > ./System/Library/Frameworks/AddressBookUI.framework/AddressBookUI 428708 1150c1150 < ./System/Library/Frameworks/AddressBookUI.framework/Info.plist 371 > ./System/Library/Frameworks/AddressBookUI.framework/Info.plist 373 1168c1168 < ./System/Library/Frameworks/CFNetwork.framework/CFNetwork 395996 > ./System/Library/Frameworks/CFNetwork.framework/CFNetwork 396352 1178c1178 < ./System/Library/Frameworks/Celestial.framework/Celestial 1076832 > ./System/Library/Frameworks/Celestial.framework/Celestial 1081148 1180,1181c1180,1181 < ./System/Library/Frameworks/Celestial.framework/English.lproj/Localizable.strings 446 < ./System/Library/Frameworks/Celestial.framework/Info.plist 322 > ./System/Library/Frameworks/Celestial.framework/English.lproj/Localizable.strings 469 > ./System/Library/Frameworks/Celestial.framework/Info.plist 324 1195,1196c1195,1196 < ./System/Library/Frameworks/CoreSurface.framework/Info.plist 670 < ./System/Library/Frameworks/CoreTelephony.framework/CoreTelephony 208052 > ./System/Library/Frameworks/CoreSurface.framework/Info.plist 674 > ./System/Library/Frameworks/CoreTelephony.framework/CoreTelephony 208216 1199c1199 < ./System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter 378248 > ./System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter 383704 1218c1218 < ./System/Library/Frameworks/GraphicsServices.framework/GraphicsServices 65300 > ./System/Library/Frameworks/GraphicsServices.framework/GraphicsServices 65396 1223c1223 < ./System/Library/Frameworks/IAP.framework/Support/iapd 1012928 > ./System/Library/Frameworks/IAP.framework/Support/iapd 1017080 1236c1236 < ./System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore 675864 > ./System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore 667012 1244,1245c1244,1245 < ./System/Library/Frameworks/MeCCA.framework/Info.plist 722 < ./System/Library/Frameworks/MeCCA.framework/MeCCA 1265584 > ./System/Library/Frameworks/MeCCA.framework/Info.plist 726 > ./System/Library/Frameworks/MeCCA.framework/MeCCA 1265912 1252c1252 < ./System/Library/Frameworks/Message.framework/Message 1157912 > ./System/Library/Frameworks/Message.framework/Message 1165072 1266c1266 < ./System/Library/Frameworks/MessageUI.framework/MessageUI 266192 > ./System/Library/Frameworks/MessageUI.framework/MessageUI 266668 1285c1285 < ./System/Library/Frameworks/MobileMusicPlayer.framework/MobileMusicPlayer 30760 > ./System/Library/Frameworks/MobileMusicPlayer.framework/MobileMusicPlayer 34856 1288c1288 < ./System/Library/Frameworks/MoviePlayerUI.framework/MoviePlayerUI 178400 > ./System/Library/Frameworks/MoviePlayerUI.framework/MoviePlayerUI 177492 1312,1313c1312,1313 < ./System/Library/Frameworks/MusicLibrary.framework/MusicLibrary 417396 < ./System/Library/Frameworks/OfficeImport.framework/Versions/A/OfficeImport 5237436 > ./System/Library/Frameworks/MusicLibrary.framework/MusicLibrary 418364 > ./System/Library/Frameworks/OfficeImport.framework/Versions/A/OfficeImport 5237548 1323c1323 < ./System/Library/Frameworks/PhotoLibrary.framework/English.lproj/Main.strings 2514 > ./System/Library/Frameworks/PhotoLibrary.framework/English.lproj/Main.strings 2511 1325c1325 < ./System/Library/Frameworks/PhotoLibrary.framework/PhotoLibrary 380044 > ./System/Library/Frameworks/PhotoLibrary.framework/PhotoLibrary 385900 1353c1353 < ./System/Library/Frameworks/Preferences.framework/Preferences 258156 > ./System/Library/Frameworks/Preferences.framework/Preferences 258400 1371c1371 < ./System/Library/Frameworks/TelephonyUI.framework/TelephonyUI 111884 > ./System/Library/Frameworks/TelephonyUI.framework/TelephonyUI 112336 1461c1461 < ./System/Library/Frameworks/UIKit.framework/UIKit 2184512 > ./System/Library/Frameworks/UIKit.framework/UIKit 2189124 1551c1551 < ./System/Library/Frameworks/WebCore.framework/WebCore 4625660 > ./System/Library/Frameworks/WebCore.framework/WebCore 4635516 1571c1571 < ./System/Library/Internet 43860 > ./System/Library/Internet 48264 1600c1600 < ./System/Library/PreferenceBundles/AirPortSettings.bundle/AirPortSettings 145948 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/AirPortSettings 145932 1604c1604 < ./System/Library/PreferenceBundles/AirPortSettings.bundle/English.lproj/Other 414 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/English.lproj/Other 399 1606c1606 < ./System/Library/PreferenceBundles/AirPortSettings.bundle/Info.plist 423 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/Info.plist 425 1610c1610 < ./System/Library/PreferenceBundles/AirPortSettings.bundle/Other 674 > ./System/Library/PreferenceBundles/AirPortSettings.bundle/Other 655 1628c1628 < ./System/Library/PreferenceBundles/BluetoothSettings.bundle/BluetoothSettings 52732 > ./System/Library/PreferenceBundles/BluetoothSettings.bundle/BluetoothSettings 56956 1634c1634 < ./System/Library/PreferenceBundles/CarrierSettings.bundle/CarrierSettings 44792 > ./System/Library/PreferenceBundles/CarrierSettings.bundle/CarrierSettings 44816 1649c1649 < ./System/Library/PreferenceBundles/MobileMailSettings.bundle/English.lproj/Preferences.strings 6702 > ./System/Library/PreferenceBundles/MobileMailSettings.bundle/English.lproj/Preferences.strings 7008 1651c1651 < ./System/Library/PreferenceBundles/MobileMailSettings.bundle/MobileMailSettings 173964 > ./System/Library/PreferenceBundles/MobileMailSettings.bundle/MobileMailSettings 178888 1673c1673 < ./System/Library/PreferenceBundles/MobilePhoneSettings.bundle/Services.plist 513 > ./System/Library/PreferenceBundles/MobilePhoneSettings.bundle/Services.plist 517 1687c1687 < ./System/Library/PreferenceBundles/VPNPreferences.bundle/English.lproj/MobileVPN.strings 1850 > ./System/Library/PreferenceBundles/VPNPreferences.bundle/English.lproj/MobileVPN.strings 1900 1691c1691 < ./System/Library/PreferenceBundles/VPNPreferences.bundle/VPNPreferences 99472 > ./System/Library/PreferenceBundles/VPNPreferences.bundle/VPNPreferences 99632 1725c1725 < ./System/Library/SystemConfiguration/Aeropuerto.bundle/Aeropuerto 142040 > ./System/Library/SystemConfiguration/Aeropuerto.bundle/Aeropuerto 146152 1729,1730c1729,1730 < ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration 165892 < ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration.xml 1714 > ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration 166596 > ./System/Library/SystemConfiguration/IPConfiguration.bundle/IPConfiguration.xml 1827 1770c1770 < ./private/etc/bluetool/deepsleep.script 170 > ./private/etc/bluetool/deepsleep.script 171 1772c1772 < ./private/etc/bluetool/init.script 2720 > ./private/etc/bluetool/init.script 2841 1787c1787 < ./private/var/db/dyld/update-prebinding-paths.txt 5763 > ./private/var/db/dyld/update-prebinding-paths.txt 6519 1819c1819 < ./usr/lib/liblockdown.dylib 31372 > ./usr/lib/liblockdown.dylib 31620 1831c1831 < ./usr/libexec/SyncAgent 167980 > ./usr/libexec/SyncAgent 167988 1834c1834 < ./usr/libexec/crashreporterd 23896 > ./usr/libexec/crashreporterd 24048 1837c1837 < ./usr/libexec/lockdownd 747188 > ./usr/libexec/lockdownd 751480 1839c1839 < ./usr/libexec/ptpd 133076 > ./usr/libexec/ptpd 133024 1842c1842 < ./usr/sbin/BTServer 1036448 > ./usr/sbin/BTServer 1040832 1846c1846 < ./usr/sbin/mDNSResponder 278660 > ./usr/sbin/mDNSResponder 278688
Keep checking for updates as we go through our bug list and experiment. If you have anything to tell us about your update experience, use the comments or tips.
Full Apple iPhone security bug fixes listSafari
CVE-ID: CVE-2007-2400
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site scripting
Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.
Safari
CVE-ID: CVE-2007-3944
Available for: iPhone v1.0
Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
WebCore
CVE-ID: CVE-2007-2401
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
CVE-ID: CVE-2007-3742
Available for: iPhone v1.0
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
WebKit
CVE-ID: CVE-2007-2399
Available for: iPhone v1.0
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
[Apple]
Send an email to Jesus Diaz, the author of this post, at jesus@gizmodo.com.
Original material is licensed under a Creative Commons License permitting non-commercial sharing with attribution.
Start a new discussion