Home / mailings APPLE-SA-2007-07-31 iPhone v1.0.1 Update
Posted on 01 August 2007
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-07-31 iPhone v1.0.1 Update
iPhone v1.0.1 Update is now available and addresses the following
issues:
Safari
CVE-ID: CVE-2007-2400
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site scripting
Description: Safari's security model prevents JavaScript in remote
web pages from modifying pages outside of their domain. A race
condition in page updating combined with HTTP redirection may allow
JavaScript from one page to modify a redirected page. This could
allow cookies and pages to be read or arbitrarily modified. This
update addresses the issue by correcting access control to window
properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of
Adobe Systems, Inc. for reporting this issue.
Safari
CVE-ID: CVE-2007-3944
Available for: iPhone v1.0
Impact: Viewing a maliciously crafted web page may lead to arbitrary
code execution
Description: Heap buffer overflows exist in the Perl Compatible
Regular Expressions (PCRE) library used by the JavaScript engine in
Safari. By enticing a user to visit a maliciously crafted web page,
an attacker may trigger the issues, which may lead to arbitrary code
execution. This update addresses the issues by performing additional
validation of JavaScript regular expressions. Credit to Charlie
Miller and Jake Honoroff of Independent Security Evaluators for
reporting these issues.
WebCore
CVE-ID: CVE-2007-2401
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when
serializing headers into an HTTP request. By enticing a user to visit
a maliciously crafted web page, an attacker could trigger a
cross-site scripting issue. This update addresses the issue by
performing additional validation of header parameters. Credit to
Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
CVE-ID: CVE-2007-3742
Available for: iPhone v1.0
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could be used to create a URL which contains
look-alike characters. These could be used in a malicious web site to
direct the user to a spoofed site that visually appears to be a
legitimate domain. This update addresses the issue by through an
improved domain name validity check. Credit to Tomohito Yoshino
of Business Architects Inc. for reporting this issue.
WebKit
CVE-ID: CVE-2007-2399
Available for: iPhone v1.0
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets
could lead to memory corruption. Visiting a maliciously crafted web
page may lead to an unexpected application termination or arbitrary
code execution. Credit to Rhys Kidd for reporting this issue.
Installation note:
This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When the
iPhone is docked, iTunes will present the user with the option to
install the update. We recommend applying the update immediately if
possible. Selecting "don't install" will present the option the next
time you connect your iPhone.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the "Check for Update" button within iTunes. After doing
this, the update can be applied when your iPhone is docked to your
computer.
To check that the iPhone has been updated:
* Navigate to Settings
* Select General
* Select About
* The Version after applying this update will be "1.0.1 (1C25)"
Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
