×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple iPhone v1.0.1 Update Now Available

kdawson posted more than 6 years ago | from the more-better-security dept.

Upgrades 279

The Webguy writes "Apple has released the first update for the iPhone. Updated components in the v1.0.1 update include Safari, the WebCore, and the WebKit. Quoting from the Apple Knowledge Base, the 'update is only available through iTunes, and will not appear in your computer's Software Update application, or on the Apple Support Downloads site.'" One source speculated that Apple wanted to get fixes in users' hands ahead of the Black Hat conference where details of early iPhone vulnerabilities could be revealed.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

279 comments

first post (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20065893)

first post you mother fucking bitches

Mother? What? (1, Funny)

Anonymous Coward | more than 6 years ago | (#20065973)

I was thinking about taking your mother to the monster truck show, but now, I have second thoughts. Chances would be high for her to throw her iPhone at the monster truck as an offering since you have said this.

NIce! (0, Flamebait)

Nikron (888774) | more than 6 years ago | (#20065895)

Now can you please tell us about every minor iPhone update forever and ever and ever? Pretty please? Okay? Thanks.

Re:NIce! (-1, Flamebait)

aichpvee (631243) | more than 6 years ago | (#20065971)

This needs to be moved to the "apple" or "idontgiveafuck" section so that it doesn't get mixed in with the half-, quarter-, one-eight-, or "any bit at all-" interesting dupes^Wstories.

Re:NIce! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066015)

It's already in the apple section. FUCK.

Re:NIce! (0, Troll)

aichpvee (631243) | more than 6 years ago | (#20066085)

It's in the IT section, too, moron.

Re:NIce! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066199)

I never said it wasn't. DUMFUCK. DAMN

Re:NIce! (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066761)

Your mom is in the IT section! OOOOOOOOOOOO BURN cause she's a whore!!!!!! BURNNNNNN OOOOOOOOO BURNN

Re:NIce! (0)

Anonymous Coward | more than 6 years ago | (#20066633)

Flamebiat? I agree with him this isn't really news worthy material, at least to be on the front page. Put it in back and put the submitter back on the shortbus.

newbd! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20065901)

newbd!

Sure wish... (4, Funny)

Man On Pink Corner (1089867) | more than 6 years ago | (#20065907)

it would let me bookmark a Google Maps location.

Re:Sure wish... (2, Informative)

furball (2853) | more than 6 years ago | (#20065931)

Like arbitrary coordinates or an address? Because it can bookmark addresses and searches. I have McCarran International Airport (Las Vegas) bookmarked on my phone right now.

Re:Sure wish... (1)

Man On Pink Corner (1089867) | more than 6 years ago | (#20066043)

Arbitrary coordinates. Right now Maps is useless for returning to locations that were arrived at by manually scrolling around. Not being able to create arbitrary placemarks is a real forehead-slapper of an omission, since not every location on Earth has a street address.

hmmm or not (1, Interesting)

sam_paris (919837) | more than 6 years ago | (#20065941)

I just plugged my iphone in as soon as I saw this story and I dont see any update 1.01...

Re:hmmm or not (4, Informative)

Necroman (61604) | more than 6 years ago | (#20065975)

You have to press the "Check for Updates" button in iTunes to get it. iTunes only auto-checks for updates every 7 days or so.

Re:hmmm or not (1)

TubeSteak (669689) | more than 6 years ago | (#20066613)

You have to press the "Check for Updates" button in iTunes to get it. iTunes only auto-checks for updates every 7 days or so.
So if someone patched iTunes to prevent it from fetching iPhone updates...
You could theoretically mod your phone and iTunes wouldn't stop working because of pending updates?

Re:hmmm or not (1)

Necroman (61604) | more than 6 years ago | (#20066797)

Nope, it asks if you watch to patch, you don't have to. From what I can tell, you are more than welcome to keep running 1.0.0 version of the iPhone firmware.

oops (2, Interesting)

sam_paris (919837) | more than 6 years ago | (#20065977)

Ok I have it now, but rather worryingly, half way through installation the process has stalled and my phone is currently ibricked :(

Re:oops (3, Insightful)

Anonymous Coward | more than 6 years ago | (#20066067)

It takes a long time to get moving again once it stalls at the halfway point, but it does eventually continue. 5-10 minutes total, in my case.

Re:oops (2, Insightful)

shawnce (146129) | more than 6 years ago | (#20066093)

Did you take it out of the dock? Anyway if need run the restore option that iTunes provides.

(my update worked without issue, it did "stall" for about 2 minutes during the updating firmware stage)

Re:oops (0)

Anonymous Coward | more than 6 years ago | (#20066335)

So you interrupt your iPhone update because you can't wait to post the result on slashdot? Man, get your priorities straight: your hardware is more important than your social status here.

Re:oops (1)

Anonymous Freak (16973) | more than 6 years ago | (#20066631)

Hrm... Halfway through, iTunes gave me an "Update could not be completed" error, although the progress bar on the iPhone itself is still going.

Due to the Slashdot length-between-posts time limit, I have had time to let it finish, and it looks like it worked just fine. Although I currently have no cell phone signal, even though it's in the exact same location that it had a full signal before the update..... Ah, there we go. Signal is back. Sync failed, though. It's losing the connection to the iPhone... Trying plugged in directly, rather than through a USB hub... That did it.

All is good now.

Re:hmmm or not (1, Informative)

Anonymous Coward | more than 6 years ago | (#20066421)

Its nine oclock on a saturday

Re:hmmm or not (0, Troll)

Anonymous Coward | more than 6 years ago | (#20066425)

The regular crowd shuffles in

Re:hmmm or not (0, Troll)

Anonymous Coward | more than 6 years ago | (#20066429)

Theres an old man sitting next to me

Re:hmmm or not (2, Insightful)

Anonymous Coward | more than 6 years ago | (#20066431)

Makin love to his tonic and gin

Re:hmmm or not (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066435)

He says, son, can you play me a memory?

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066445)

Im not really sure how it goes

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066451)

But its sad and its sweet and I knew it complete

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066455)

When I wore a younger mans clothes

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066459)

Sing us a song, you're the piano man

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066461)

Sing us a song tonight

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066463)

Well, were all in the mood for a melody

Re:hmmm or not (1, Funny)

Anonymous Coward | more than 6 years ago | (#20066465)

And you've got us feelin alright

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066469)

Now John at the bar is a friend of mine

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066473)

He gets me my drinks for free

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066475)

And hes quick with a joke or to light up your smoke

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066479)

But theres someplace that hed rather be

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066485)

He says, Bill, I believe this is killing me.

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066487)

As the smile ran away from his face

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066491)

Well Im sure that I could be a movie star

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066493)

If I could get out of this place

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066499)

Now Paul is a real estate novelist

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066501)

Who never had time for a wife

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066507)

And hes talkin with Davy whos still in the navy

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066513)

And probably will be for life

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066515)

And the waitress is practicing politics

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066525)

As the businessmen slowly get stoned

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066645)

Aren't they sharing a drink they call loneliness?

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066709)

Yep. The proxy server that line was supposted to be posted from timed out.

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066529)

But its better than drinkin alone

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066549)

It's a pretty good crowd for a saturday

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066551)

And the manager gives me a smile

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066555)

cause he knows that its me they've been comin to see

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066559)

To forget about life for a while

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066565)

And the microphone smells like a beer

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066569)

And they sit at the bar and put bread in my jar

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066571)

And say, man, what are you doin here?

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066573)

And the piano, it sounds like a carnival

Re:hmmm or not (0)

Anonymous Coward | more than 6 years ago | (#20066637)

Piano man troll? Didn't see that one coming!

A Description of the Patches from Apple: (5, Informative)

iluvcapra (782887) | more than 6 years ago | (#20065967)



iPhone v1.0.1 Update

Safari

CVE-ID: CVE-2007-2400

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site scripting

Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Safari

CVE-ID: CVE-2007-3944

Available for: iPhone v1.0

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

WebCore

CVE-ID: CVE-2007-2401

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: iPhone v1.0

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-2399

Available for: iPhone v1.0

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

Re:A Description of the Patches from Apple: (1, Insightful)

toleraen (831634) | more than 6 years ago | (#20066035)

What, did you expect Apple's servers to get slashdotted by this post? Somehow I don't think news about a security update will generate as much traffic to their site as say, a steve jobs keynote would.

Copy and Paste from linked article - karma whore (-1, Troll)

Whiney Mac Fanboy (963289) | more than 6 years ago | (#20066039)

WTF?

Why is a copy & paste from the linked article (hosted on a site unlikely to be slashdotted) informative?

Re:Copy and Paste from linked article - karma whor (0)

Anonymous Coward | more than 6 years ago | (#20066103)

You must be new here...

Re:Copy and Paste from linked article - karma whor (1)

iluvcapra (782887) | more than 6 years ago | (#20066165)

Yes, but you can't argue with success ;)

It's nice just to have it on the page to look at. Besides, how many people are going to actually read it anyways?

Re:Copy and Paste from linked article - karma whor (0)

Anonymous Coward | more than 6 years ago | (#20066203)

WTF? Because PPL don't RTFA.

Copy/paste (5, Funny)

Anonymous Coward | more than 6 years ago | (#20066409)

It's informative because he did it on an iPhone! (Haha, I made a funny! You can't copy/paste on an iPhone!!) :-P

Re:A Description of the Patches from Apple: (0)

Anonymous Coward | more than 6 years ago | (#20066207)

You omitted the part of the announcement where Apple indicates the list consists of the "security related" bugs fixed. Implicitly this says other, non-security related bugs fixed may be fixed by the update, too. I know for one, that the calculator in 1.0.1 works as expected.

I always wanted... (1, Funny)

Anonymous Coward | more than 6 years ago | (#20066297)

a phone that I have to hook up to my computer and open a music player so that it doesn't get owned.

Thanks Apple!

My iPhone seems fine... (5, Funny)

qualidafial (967876) | more than 6 years ago | (#20065997)

I'm writing this message from my iPhone and haven't noticed any problems at ~£]+~}2(&"@NO CARRIER

Re:My iPhone seems fine... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066215)

lamest comment ever

fuck you

NO CARRIER (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066591)

The reason nerds are downmodding your comment isn't (just) because they have no sense of humor but likely because your misapplication of the old NO CARRIER joke is painful to read. Equipped with both Wi-Fi and GSM, the iPhone neither contains nor requires a telephone modem, let alone a controller-equipped smart serial modem that uses the Hayes command set.

(You could conceivably use a bluetooth modem with the iPhone someday, assuming they add support for this, but that would be so you could type your messages from your laptop when you weren't near a Wi-Fi hot spot -- the iPhone itself wouldn't be needing or using it.)

RoughlyDrafted? Where are you? (0, Offtopic)

mattgreen (701203) | more than 6 years ago | (#20066127)

I'm expecting a fifteen page writeup on why these issues are not that big of a deal by tomorrow on my desk. Double spaced, Arial 9 point.

Oh, and this time, please don't use Wingdings in the footnotes. I can't tell you how disorienting it is to find a jogging man icon be used as a marker in the middle of a rant.

My iPhone got me laid (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#20066131)

Chicks dig the iPhone.

Re:My iPhone got me laid (3, Funny)

Anonymous Coward | more than 6 years ago | (#20066323)

So you held the iPhone in the other hand?

Remind me not to borrow your iPhone.

Re:My iPhone got me laid (1)

Crimsonjade (1011329) | more than 6 years ago | (#20066413)

So you held the iPhone in the other hand?

Remind me not to borrow your iPhone.
No, he used it as a toy.

Re:My iPhone got me laid (2, Funny)

sqrt(2) (786011) | more than 6 years ago | (#20066583)

Informative? Informative!?

Yes, waiter, another glass of kool-aid please.
(captcha: ravening)

Re:My iPhone got me laid (4, Funny)

AmberBlackCat (829689) | more than 6 years ago | (#20066749)

An iPhone will work, but really it could be any item that indicates to the woman that you're willing to spend hundreds of dollars on something pretty.

updated (5, Funny)

Fluk3 (742259) | more than 6 years ago | (#20066175)

Feels Snappier(TM)

Re:updated (1, Informative)

Anonymous Coward | more than 6 years ago | (#20066295)

I agree. (For all the sense of the score you received, this should earn me a score of -2!)

Uh... (0, Redundant)

daveschroeder (516195) | more than 6 years ago | (#20066339)

One source speculated that Apple wanted to get fixes in users' hands ahead of the Black Hat conference where details of early iPhone vulnerabilities could be revealed.

And this would be surprising why, exactly?

Is this not a good thing?

Re:Uh... (3, Insightful)

dfghjk (711126) | more than 6 years ago | (#20066601)

Where did the author say it was surprising(, exactly)?

Of what use is your comment, exactly?

Clarification on my speculation. (2, Insightful)

lancejjj (924211) | more than 6 years ago | (#20066441)

One source speculated that Apple wanted to get fixes in users' hands ahead of the Black Hat conference where details of early iPhone vulnerabilities could be revealed.
Admittedly, I had speculated this, but I have no basis to believe that Apple "rushed out" these fixes or had a timeline based on the conference. Instead, my speculation was that Apple merely wanted these fixes out earlier than later, and that some on the inside were happy that the fixes were released in such a timely manner.

Interesting... (4, Interesting)

Anonymous Freak (16973) | more than 6 years ago | (#20066447)

The first step after hitting go involves the iPhone going into a "Software Update" screen, then immediately going to an Apple logo with progress bar. On the computer, while the progress bar is going by, is displayed "Verifying Current iPhone Software"... Does this mean it's checking the existing install to make sure it's not hacked?

Anyone with a hacked iPhone try this yet, and if so, any problems? I expect any hacks will have to be re-applied (or even re-discovered, if the hole that allowed them was patched.)

(I haven't hacked my iPhone yet, but I would like to make sure Apple doesn't lock hacked ones out of updates.)

Re:Interesting... (4, Informative)

wannasleep (668379) | more than 6 years ago | (#20066595)

Yes it is checking the install for integrity... and it looks like it wipes out phones with some mods. It is not clear yet what mods trigger a complete wipe. It looks like ringtones and minor mods will survive the update. People are still testing.

Re:Interesting... (1)

TechForensics (944258) | more than 6 years ago | (#20066715)

Isn't a hacked phone likely to fail updating because what was to have been updated has been hacked or removed?

Now that I'm thinking about it... (3, Funny)

chris_eineke (634570) | more than 6 years ago | (#20066557)

Isn't the iPhone a Newton 2.0?

Nope, Palm 10.0 (1)

SuperKendall (25149) | more than 6 years ago | (#20066693)

It's Palm 10.0, if you think about how it really works... fundamentally, a device dervied from a newton would be all about handwriting recognition taken to the next level. the iPhone is about replacing the Grafitti input squares with a virtual keyboard, with some hint of the gesture recognition dispersed throughout the device.

Also, it's what Palm should have developed about two years ago, if they hadn't lost focus on making great small device OSe's

Re:Nope, Palm 10.0 (1)

amper (33785) | more than 6 years ago | (#20066821)

The funny thing is, if there's enough of Mac OS X in there, it should be theoretically possible to port Inkwell to the iPhone. I'm sure Apple is thinking about this.

And Palm? It seems to me that about the only chance Palm has for continued existence is to go back to their roots and release Graffiti (v1, not v2, now that the lawsuit is settled) for the iPhone. You *do* know that Palm's original product was Graffiti, right? And that one of the platforms it ran on was the Newton MessagePad?

Honestly, I hope Palm does well with the Foleo, because it embodies in many ways ideas that I've had about the future of mobile computing for a long time. It's just that given Palm's recent history, I doubt that it's going to thrive.

Great, now where's update v1.0.2? (1)

DeepZenPill (585656) | more than 6 years ago | (#20066599)

Still waiting for copy and paste, custom ringtones, and bluetooth file transfers... :(

One fix that I found (3, Informative)

jht (5006) | more than 6 years ago | (#20066665)

VPN connections work correctly now. Before, it wouldn't save my PPTP password and then when it connected it would bring up a password entry box with only numeric characters allowed. I didn't try VPN with a password not saved, but at least saved password behavior is correct.

The update took around 7-8 minutes altogether. Left a ".ipsw" file in my ~/Library/iTunes/iPhone Software Updates folder which presumably contains the image.

iPhone is the new PSP? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20066681)

Sony constantly releases updates to the firmware for the PSP to counter the constant streams of hacks that allow people to put their own software on the PSP (and pirate games). This is generally considered on slashdot to be another sign of Sony's inherent evil nature.

Now Apple seems to be releasing updates to the software for the iPhone to counter the constant streams of hacks that allow people to put their own software on the iPhone (possibly pirated games if the iPhone did games and in any case Apple doesn't make games). I wonder how the slashdot crowd will see this. The attempts of an evil company to lock people out of using the hardware they bought in the way they see fit?

Oh okay, so you could say that these patches fix genuine flaws that could put the user at risk. This is just the first patch. We will have to see how often this happens to see if it starts to follow the PSP patch path.

Still it is intresting to see just how the attitudes change on slashdot depending on the company name. Oh and the bot-checking image containted the word adders. In dutch there is a saying, "addertje onder het gras" (adder under the gras) which means roughly beware of something nasty being hidden in something which seems nice and safe.

My rotary dial phone is still on 1.0 (0)

Anonymous Coward | more than 6 years ago | (#20066803)

It would be retro-chic if it didn't date back to AT&T 1.0.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...