Difference between revisions of "IPhone Firmware Versions"

From ivc wiki
Jump to navigationJump to search
 
Line 1: Line 1:
== 1.0.0 ==
== 1.0.0 - 2007-06-29 ==
* Initial production software version.
* Initial production software version.


== 1.0.1 ==
== 1.0.1 - 2007-07-31 ==
* Updated Safari's JavaScript handling to prevent cross-site scripting.
* Minor update - [http://docs.info.apple.com/article.html?artnum=306173 Apple's changelog]
* Fixed buffer overflow in the Perl code library.
** Visiting a malicious website may allow cross-site scripting.
** Viewing a maliciously crafted web page may lead to arbitrary code execution.
** Visiting a malicious website may allow cross-site requests.
** Look-alike characters in a URL could be used to masquerade a website.
 
== 1.0.2 - 2007-08-21 ==
* Minor update - Changes unknown
** Possibly fixing some multitouch issues for some. [http://cre.ations.net/blog/post/iphone-firmware-102-released-and-analyzed-hopes-for-new-features]
** Possibly addressing some synchronization or activation issues. [http://cre.ations.net/blog/post/iphone-firmware-102-released-and-analyzed-hopes-for-new-features]
** Reporting improvements to WiFi reception.
 
== 1.1.1 - 2007-10-01 ==
* Major update - [iPhone v1.0.1 Update Apple's changelog]
** An attacker within Bluetooth range may be able to cause an unexpected application termination or arbitrary code execution.
** Checking email over untrusted networks may lead to information disclosure via a man-in-the-middle attack.
** Following a telephone ("tel:") link in Mail will dial a phone number without confirmation.
** Visiting a malicious website may lead to the disclosure of URL contents.
** Visiting a malicious website may lead to unintended dialing or dialing a different number than expected.
** Visiting a malicious website may lead to cross-site scripting.
** Disabling JavaScript does not take effect until Safari is restarted
** Visiting a malicious website may result in cross-site scripting
** Visiting a malicious website may result in cross-site scripting
** JavaScript on websites may access or manipulate the contents of documents served over HTTPS

Revision as of 20:52, 9 October 2007

1.0.0 - 2007-06-29

  • Initial production software version.

1.0.1 - 2007-07-31

  • Minor update - Apple's changelog
    • Visiting a malicious website may allow cross-site scripting.
    • Viewing a maliciously crafted web page may lead to arbitrary code execution.
    • Visiting a malicious website may allow cross-site requests.
    • Look-alike characters in a URL could be used to masquerade a website.

1.0.2 - 2007-08-21

  • Minor update - Changes unknown
    • Possibly fixing some multitouch issues for some. [1]
    • Possibly addressing some synchronization or activation issues. [2]
    • Reporting improvements to WiFi reception.

1.1.1 - 2007-10-01

  • Major update - [iPhone v1.0.1 Update Apple's changelog]
    • An attacker within Bluetooth range may be able to cause an unexpected application termination or arbitrary code execution.
    • Checking email over untrusted networks may lead to information disclosure via a man-in-the-middle attack.
    • Following a telephone ("tel:") link in Mail will dial a phone number without confirmation.
    • Visiting a malicious website may lead to the disclosure of URL contents.
    • Visiting a malicious website may lead to unintended dialing or dialing a different number than expected.
    • Visiting a malicious website may lead to cross-site scripting.
    • Disabling JavaScript does not take effect until Safari is restarted
    • Visiting a malicious website may result in cross-site scripting
    • Visiting a malicious website may result in cross-site scripting
    • JavaScript on websites may access or manipulate the contents of documents served over HTTPS