Home / mailings APPLE-SA-2007-09-27 iPhone v1.1.1 Update
Posted on 27 September 2007
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-09-27 iPhone v1.1.1 Update
iPhone v1.1.1 Update is now available and addresses the following
issues:
Bluetooth
CVE-ID: CVE-2007-3753
Impact: An attacker within Bluetooth range may be able to cause an
unexpected application termination or arbitrary code execution
Description: An input validation issue exists in the iPhone's
Bluetooth server. By sending maliciously-crafted Service Discovery
Protocol (SDP) packets to an iPhone with Bluetooth enabled, an
attacker may trigger the issue, which may lead to unexpected
application termination or arbitrary code execution. This update
addresses the issue by performing additional validation of SDP
packets. Credit to Kevin Mahaffey and John Hering of Flexilis Mobile
Security for reporting this issue.
CVE-ID: CVE-2007-3754
Impact: Checking email over untrusted networks may lead to
information disclosure via a man-in-the-middle attack
Description: When Mail is configured to use SSL for incoming and
outgoing connections, it does not warn the user when the identity of
the mail server has changed or cannot be trusted. An attacker capable
of intercepting the connection may be able to impersonate the user's
mail server and obtain the user's email credentials or other
sensitive information. This update addresses the issue by properly
warning when the identity of the remote mail server has changed.
CVE-ID: CVE-2007-3755
Impact: Following a telephone ("tel:") link in Mail will dial a
phone number without confirmation
Description: Mail supports telephone ("tel:") links to dial phone
numbers. By enticing a user to follow a telephone link in a mail
message, an attacker can cause iPhone to place a call without user
confirmation. This update addresses the issue by providing a
confirmation window before dialing a phone number via a telephone
link in Mail. Credit to Andi Baritchi of McAfee for reporting this
issue.
Safari
CVE-ID: CVE-2007-3756
Impact: Visiting a malicious website may lead to the disclosure of
URL contents
Description: A design issue in Safari allows a web page to read the
URL that is currently being viewed in its parent window. By enticing
a user to visit a maliciously crafted web page, an attacker may be
able to obtain the URL of an unrelated page. This update addresses
the issue through an improved cross-domain security check. Credit to
Michal Zalewski of Google Inc. and Secunia Research for reporting
this issue.
Safari
CVE-ID: CVE-2007-3757
Impact: Visiting a malicious website may lead to unintended dialing
or dialing a different number than expected
Description: Safari supports telephone ("tel:") links to dial phone
numbers. When a telephone link is selected, Safari will confirm that
the number should be dialed. A maliciously crafted telephone link may
cause a different number to be displayed during confirmation than the
one actually dialed. Exiting Safari during the confirmation process
may result in unintentional confirmation. This update addresses the
issue by properly displaying the number that will be dialed, and
requiring confirmation for telephone links. Credit to Billy Hoffman
and Bryan Sullivan of HP Security Labs (Formerly SPI Labs) and
Eduardo Tang for reporting this issue.
Safari
CVE-ID: CVE-2007-3758
Impact: Visiting a malicious website may lead to cross-site
scripting
Description: A cross-site scripting vulnerability exists in Safari
that allows malicious websites to set JavaScript window properties of
websites served from a different domain. By enticing a user to visit
a maliciously crafted website, an attacker can trigger the issue,
resulting in getting or setting the window status and location of
pages served from other websites. This update addresses the issue by
providing improved access controls on these properties. Credit to
Michal Zalewski of Google Inc. for reporting this issue.
Safari
CVE-ID: CVE-2007-3759
Impact: Disabling JavaScript does not take effect until Safari is
restarted
Description: Safari can be configured to enable or disable
JavaScript. This preference does not take effect until the next time
Safari is restarted. This usually occurs when the iPhone is
restarted. This may mislead users into believing that JavaScript is
disabled when it is not. This update addresses the issue by applying
the new preference prior to loading new web pages.
Safari
CVE-ID: CVE-2007-3760
Impact: Visiting a malicious website may result in cross-site
scripting
Description: A cross-site scripting issue in Safari allows a
maliciously crafted website to bypass the same-origin policy using
"frame" tags. By enticing a user to visit a maliciously crafted web
page, an attacker can trigger the issue, which may lead to the
execution of JavaScript in the context of another site. This update
addresses the issue by disallowing JavaScript as an "iframe" source,
and limiting JavaScript in frame tags to the same access as the site
from which it was served. Credit to Michal Zalewski of Google Inc.
and Secunia Research for reporting this issue.
Safari
CVE-ID: CVE-2007-3761
Impact: Visiting a malicious website may result in cross-site
scripting
Description: A cross-site scripting issue in Safari allows
JavaScript events to be associated with the wrong frame. By enticing
a user to visit a maliciously crafted web page, an attacker may cause
the execution of JavaScript in the context of another site. This
update addresses the issue by associating JavaScript events to the
correct source frame.
Safari
CVE-ID: CVE-2007-4671
Impact: JavaScript on websites may access or manipulate the contents
of documents served over HTTPS
Description: An issue in Safari allows content served over HTTP to
alter or access content served over HTTPS in the same domain. By
enticing a user to visit a maliciously crafted web page, an attacker
may cause the execution of JavaScript in the context of HTTPS web
pages in that domain. This update addresses the issue by limiting
access between JavaScript executing in HTTP and HTTPS frames. Credit
to Keigo Yamazaki of Little eArth Corporation Co., Ltd. for reporting
this issue.
Installation note:
This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from
http://www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When the
iPhone is docked, iTunes will present the user with the option to
install the update. We recommend applying the update immediately if
possible. Selecting "Don't install" will present the option the next
time you connect your iPhone.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the "Check for Update" button within iTunes. After doing
this, the update can be applied when your iPhone is docked to your
computer.
To check that the iPhone has been updated:
* Navigate to Settings
* Click General
* Click About
The Version after applying this update will be "1.1.1 (3A109a)"
Information will also be posted to the Apple Product Security
web site: http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
