fscklog

« Macworld-Keynote-Aufzeichnung online | Start | MacBook Air: Akkutausch [Update] »

15.01.2008

Software-Update 1.1.3 (4A93) für iPhone und iPod touch [Update]

Für iPhone und iPod touch steht das Software-Update 1.1.3 bereit, das die hinlänglich bekannten neuen Funktionen umfasst und einige weitere Feinheiten mitbringt (wie z.B. Videokapitel und Unterstützung für Liedtexte). iPhone-Bob erklärt die Neuerungen ausführlich in einem Video. Der iTunes-Update-Server spinnt derzeit, hier sind die Direktdownload-Links für iPhone 1.1.3 und iPod touch 1.1.3.
Update: Das 1.1.3-Update beseitigt außerdem eine Sicherheitslücke in MobileSafari, eine in WebKit und eine weitere bei der Passcode-Sperre des iPhones. Details nach dem Klick.

Foundation
CVE-ID: CVE-2008-0035
Available for: iPhone v1.0 through v1.1.2,
iPod touch v1.1 through 1.1.2
Impact: Accessing a maliciously crafted URL may lead to an
application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari's handling
of URLs. By enticing a user to access a maliciously crafted URL, an
attacker may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue by performing
additional validation of URLs.

Passcode Lock
CVE-ID: CVE-2008-0034
Available for: iPhone v1.0 through v1.1.2
Impact: An unauthorized user may bypass the Passcode Lock and launch
iPhone applications
Description: The Passcode Lock feature is designed to prevent
applications from being launched unless the correct passcode is
entered. An implementation issue in the handling of emergency calls
allows users with physical access to an iPhone to launch an
application without the passcode. This update addresses the issue
through an improved check on the state of the Passcode Lock.

Safari
CVE-ID: CVE-2007-5858
Available for: iPhone v1.0 through v1.1.2,
iPod touch v1.1 through 1.1.2
Impact: Visiting a malicious website may result in the disclosure of
sensitive information
Description: WebKit allows a page to navigate the subframes of any
other page. Visiting a maliciously crafted web page could trigger a
cross-site scripting attack, which may lead to the disclosure of
sensitive information. This update addresses the issue by
implementing a stricter frame navigation policy.

Posted by Leo at 22:03 | Permalink

TrackBack

TrackBack-Adresse für diesen Eintrag:
https://www.typepad.com/services/trackback/6a00d83451c7b569e200e54fe03fc98833

Listed below are links to weblogs that reference Software-Update 1.1.3 (4A93) für iPhone und iPod touch [Update]: