iPhone Update 1.1.1 brings features and fixes

Stephen Withers
Friday, 28 September 2007 02:10

Your IT - Mobility

The 1.1.1 update also includes fixes for several security issues affecting the iPhone.

The Bluetooth software now performs additional checks on Service Discovery
Protocol packets to avoid maliciously crafted packets to cause a denial of service or arbitrary code execution.

Mail now helps protect against man-in-the-middle attacks on SSL connections  by warning when the identity of the remote mail server has changed, and requires user confirmation before dialling in response to tel: links in messages.

The update prevents Safari from disclosing the URL of a page being viewed
to another unrelated page, and from being spoofed into displaying a different phone number to the one that will actually be dialled by a tel: link,

The new version protects against three cross-site scripting vulnerabilities and causes Safari to immediately enable or disable JavaScript on user request instead of waiting for the next restart. JavaScript access between HTTP and HTTPS pages in the same domain has also been restricted.

The update is downloaded and installed using iTunes.

The iPhone Dev Team recommends iPhones that have been unlocked using its AnySIM software should not be updated until a new version of AnySIM has been released. Apple recently warned that applying the update to an unlocked iPhone could render it useless.