iPhone Firmware 1.0.1 released

With little fanfare, lots of anticipation and a bit of a letdown, the first firmware update from Apple for the iPhone was officially released. It looks like it was primarily a security update with no truly outwardly visible modifications. Details on what was included in the release are below…but first a couple of thoughts.

It makes sense to me that this was not the huge feature-filled upgrade that everyone is waiting for. This, in my opinion, was more of a test of the distribution mechanisms (namely iTunes). So, this push was relatively small, I think only a couple of MB. Apple will probably be running a bunch of algorithms to figure out distribution times and load for a larger release yet to come. There are rumors of one coming soon (next few weeks) and I debunk someone’s random posting in my previous story.

Normally I’m a big advocate of getting in and tinkering under the hood, so to speak, as I did with my previous phone, a Windows Mobile 5/6 Tmobile MDA. I always had a “cutting edge” firmware, got Windows Mobile 6 prior to its release, over-clocked it, tweaked it and it eventually crapped out due to some sort of hardware issue with the antenna. There are already hacks out there for the iPhone but I’m holding off on doing that a bit, at least until people understand the firmware and the upgrade process. I think there are quite a few people who were using iFuntastic or some other mod-ing program who have to now re-install it and re-do all of their ringtones and custom apps. Just the sheer volume of web apps that are being developed, quickly followed by hacks/tweaks apps suggests that Apple should really try to figure out a way to allow for installable apps AND web apps. Danger, Inc (the makers of the SideKick phones – I have owned a few iterations of those) did this in a very controlled environment, they released an SDK and then people made their own apps which end-users could then download and install for a few dollars. It will be interesting to see which direction Apple goes, but it will probably be one of those “why didn’t I think of that” times again.

Anyway, back to the update. Here is the official update information from Apple:

iPhone v1.0.1 Update

  • SafariCVE-ID: CVE-2007-2400Available for: iPhone v1.0Impact: Visiting a malicious website may allow cross-site scriptingDescription: Safari’s security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.
  • SafariCVE-ID: CVE-2007-3944Available for: iPhone v1.0Impact: Viewing a maliciously crafted web page may lead to arbitrary code executionDescription: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
  • WebCoreCVE-ID: CVE-2007-2401Available for: iPhone v1.0Impact: Visiting a malicious website may allow cross-site requestsDescription: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
  • WebKitCVE-ID: CVE-2007-3742Available for: iPhone v1.0Impact: Look-alike characters in a URL could be used to masquerade a websiteDescription: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
  • WebKitCVE-ID: CVE-2007-2399Available for: iPhone v1.0Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

Full info can be found here. The installation took me about 5 minutes. All status updates were displayed within iTunes. For me, it was a quick, painless process. I wonder what the next upgrade has in store???

- Advertisement -
- Advertisement -
- Advertisement -

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other articles of interest

Global Product Review Disclosure

Disclosure: This is a global disclosure for product review articles on HighTechDad. It does not apply to Automobile reviews and there are other exceptions. Therefore, it may or may not be applicable to this particular article. I may have a material connection because I may have received a sample of a product for consideration in preparing to review the product and write this or other content. I was/am not expected to return the item after my review period. All opinions within this and other articles are my own and are typically not subject to the editorial review from any 3rd party. Also, some of the links in the post above may be “affiliate” or “advertising” links. These may be automatically created or placed by me manually. This means if you click on the link and purchase the item (sometimes but not necessarily the product or service being reviewed), I will receive a small affiliate or advertising commission. More information can be found on my About page.

About HighTechDad

Michael Sheehan (“HighTechDad”) is an avid technologist, writer, journalist, content marketer, blogger, tech influencer, social media pundit, loving husband and father of 3 beautiful girls living in the San Francisco Bay Area. This site covers technology, consumer electronics, Parent Tech, SmartHomes, cloud computing, gadgets, software, hardware, parenting “hacks,” and other tips & tricks.

Recent Articles

Explore Categories

– Advertisement –

Shop Now!

My Favorite Setapp Apps


  • Shop Mount-It!
  • Save 15% Off at Incase

– Advertisement –

– Advertisement –