[The Cleaner]

Version 1.0.1 is out. Anyone tried their phone with the new firmware? and probs?

[ScottyGams]

im scared it will kill my iphone, as i did a ringtone hack!

[325 Baller]

I was reading about it...if you added ringtones or modified it in anyway you have to restore your fone first but you can redo it after. It just added safety stuff to safari

[ScottyGams]

oh... good call then, ill take care of it

[ipodonidrive]

I just updated and my iPhone works fine. Here is what Apple says about the update:

About the security content of iPhone v1.0.1 Update
This document describes the security content of iPhone v1.0.1 Update, which can be downloaded and installed via iTunes as described below.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

iPhone v1.0.1 Update

Safari

CVE-ID: CVE-2007-2400

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site scripting

Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Safari

CVE-ID: CVE-2007-3944

Available for: iPhone v1.0

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

WebCore

CVE-ID: CVE-2007-2401

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: iPhone v1.0

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-2399

Available for: iPhone v1.0

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

Installation note

This update is only available through iTunes, and will not appear in your computer's Software Update application, or on the Apple Support Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from (www.apple.com/itunes).

iTunes automatically checks Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "don't install" will present the option the next time you connect your iPhone. The automatic update process may take up to a week depending on the day that iTunes checks for updates.

You can manually obtain the update via the "Check for Updates" button or menu choice in iTunes. After doing this, the update can be applied when your iPhone is docked to your computer.

To check that the iPhone has been updated:

Navigate to Settings on the iPhone.
Click General.
Click About. The version after applying this update will be "1.0.1 (1C25)".

[Weaselboy]

I did the upgrade and it works fine. My E92 BT pairs more consistently since this update.

[Phila]

This update fixes(sort of..) the problem I had with the Monster iCar Charger. Now it will do audio from the line-out! ..sometimes.

[bmargolis]

As far as I can tell, the iPhone update completely solved the problem of needing to turn WiFi OFF to have Bluetooth on the phone work properly. I now leave WiFi ON and have the same great call quality as with it off.

[Jonmartin]

Quote:

Originally Posted by ScottyGams

im scared it will kill my iphone, as i did a ringtone hack!

It will delete your ringtone hack but it's all good cause after the update I did it again same process.