site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-07-31 iPhone v1.0.1 Update iPhone v1.0.1 Update is now available and addresses the following issues: Safari CVE-ID: CVE-2007-2400 Available for: iPhone v1.0 Impact: Visiting a malicious website may allow cross-site scripting Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue. Safari CVE-ID: CVE-2007-3944 Available for: iPhone v1.0 Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issues, which may lead to arbitrary code execution. This update addresses the issues by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues. WebCore CVE-ID: CVE-2007-2401 Available for: iPhone v1.0 Impact: Visiting a malicious website may allow cross-site requests Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue. WebKit CVE-ID: CVE-2007-3742 Available for: iPhone v1.0 Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check. Credit to Tomohito Yoshino of Business Architects Inc. for reporting this issue. WebKit CVE-ID: CVE-2007-2399 Available for: iPhone v1.0 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd for reporting this issue. Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "don't install" will present the option the next time you connect your iPhone. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the "Check for Update" button within iTunes. After doing this, the update can be applied when your iPhone is docked to your computer. To check that the iPhone has been updated: * Navigate to Settings * Select General * Select About * The Version after applying this update will be "1.0.1 (1C25)" Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRq+71cgAoqu4Rp5tAQiWTQf/RTY0EVLWg3Q2tu6qrSMqadFRmKC/eLAI KPN3FjqeBgI3NuikZcEk1G7Y4JxmPpbfP6naKjj0s84e2uuQh2g9diclyeuUGcOi OTrz/nM/Z4oK2G2q/zt4ip477blZtzLBP7l560PCCx4kKiK4KfEnCaayY9IdtkmX M6X4EeJI5RiwxN0mnGXWXgVuZ+GPsCbHxIfVOOAZdDCGW7yiyEumsLpZigqqshm3 CAKFvVp1rMt1wOyHp+BfnIVDSTpZ+D5iS4fuKQfvgT2Npo3V3iHe3VQ/G/TW+9b1 fJkWZa9ogA7lBr/ubITeo9uBTjv7yQI1GEAXM4xA8JBjY7GVMUaY6g== =MIKk -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com