Security updates for Mac OS X, iPhone

Stephen Withers
Wednesday, 01 August 2007 08:09

Your IT - Mobility

As for the iPhone, the 1.0.1 update can only be downloaded via iTunes, which is also used to install it.

"We recommend applying the update immediately if possible," said Apple officials. iTunes normally checks weekly for updates, so that would mean connecting the iPhone to a computer and selecting Check for Updates in the iTunes menu.

Changes to Safari protect against a cross-site scripting attack and a heap buffer overflow that could be exploited simply by attracting users to a maliciously crafted web page.

The latter was attributed to Charlie Miller and Jake Honoroff of Independent Security Evaluators, as previously reported by iTWire.

Other patches apply to WebCore (to fix another cross-site scripting issue) and WebKit (checking for Unicode characters in URLs and avoiding memory corruption).

There are no indications so far from Apple that the update contains anything other than security updates. Some users of the company's iPhone support forum report improvements in earpiece and speaker volume, VPN connectivity, using the iPhone as a storage device, and Exchange connectivity. Whether these are genuine changes, the result of resetting the iPhone or just wishful thinking remains to be seen.