Apple iPhone update 1.0.1 released!
By Ryan Block 
posted Jul 31st 2007 8:13PM
posted Jul 31st 2007 8:13PM
[Thanks, BGR]
Update: Ok, updating took about five or six minutes. Noticing anything specifically? Let us know in comments, we'll list the fixes here (since Apple wasn't courteous enough to tell us what, exactly, it repaired in the device).
Ah, Apple's added the fix / changelog. Noice! Just looks like Safari-related security updates. That's fine and good, now howsabout the constant, mind-popping crashing going on with that app?
Oh, and good news everybody! iFuntastic (v2) still functions with the 1.0.1 update! We tested it, and it worked beautifully.
Also, is it just us or did all these Safari security fixes come along with stability fixes as well? We've never seen mobile Safari perform so admirably with eight full ajaxy pages open as we have since loading up 1.0.1.
It just says 'bug fixes' in the window that popped up in iTunes. Wonder what bugs, specifically?
I don't know but it hasn't crashed on me since!
@ Joe: LOL it sounds like before the update your iPhone used to crash a lot.
Don't "see" anything new.
Oh man, are you kidding? It's like 1.01 times better than the original!!
Don't exagerate, it's only 1.0.1 times better than the original. :)
By the number of comments here, it looks like everyone is off updating their iPhones.
I have no plans to update anything, until the guinea pigs get done testing it. I have no desire to see my custom ringtones and all that go down the drain just yet.
I completely agree with LegendZ28.
Hey Apple, give us some new features instead of JUST bug fixes (like Sony with the PSP...)
I'm gonna guess this kills all the hacking that has been going on (which is why I'm not updating)
woot!
The damn thing wouldn't update until I restored it, I'm guessing that it has to do with the iFuntastic crap I put on there. :(
that was fast
I am going to wait to hear what this update does.
I hope it is doesn't mess up my ringtones (how lame does that sound) - I can't go back to those lame default ringtones. I need my White Stripes! Thanks iFuntastic!
As far as i can tell it is unfortunetly indeed a hack kill it forced me to restore my iphone hence deleting the Ifuntastics updates to my phone. The downside is if it is a legit bug fix for the other security issues it will kill hacks as well to be on the safe side i restored it anyway.
i had to do a restore as well...
Not much is new in the update...err.
Sooooo, the big question on everyones mind for anyone that updated, does iFuntastic still work? :)
I don't know is iFuntastic works or not. I am trapped using Windows Vista right now, so I haven't used it yet. ;(
No sign of any new features... and i got all excited
Yeah, screw that. I went through the trouble of making great ringtones with iFuntastic... no way I'm letting The Man take them away from me. screw you The Man!
OMG i just started the update and it went about a quarter way through and then it came up with an error message on itunes, and then on my iPhone it has a caution sign and says "please connect to iTunes" Now when i do it says i need to restore my iphone. I did nothing wrong and it was connected fine. So I am restoring it now and I will keep you guys updated.
Well that was cool, the progress bars on iTunes and the iPhone went along at the same time. It took a long time for the progress bar to move though, so I was a little worried for a bit. But now apparently my iPhone has fewer 'bugs'...
Custom ringers definitely still work!!! Still looking for fixes...
Agree. Still have custom ringtones. haven't seen any changes
Custom ringtones should be constrained to headphones so we don't have to be subjected to people's latest idea of "cool" while sharing public space.
they aren't already? i thought they were.
Has anyone that has custom ringtones restored, updated and tried hacking it again?
Does it work?!
I just updated and also had to restore. But I just logged back into my iphone using jailbreak and iPhoneIterface and was able to put everything back on no problem. I then synced my iPhone with itunes no issues. Custom ringtones and buttons live!
I had to do a restore too because of the custom ring tone thing I am guessing
According to TUAW, the iPhone update is for Safari- and goes along with the Safari 3.0.3 update. It's for security.
if there is really nothing major with this update.... my guess is that they just did a small update just to check to see if the update system worked correctly... you know... before they did anything major
Huh??? It better work... Apple just sold X-amount of them at $600 a pop!
"vague comparison here"
That’s like when Microsoft release Windows 95 to the public with out anybody beta testing it. Then small minor updates, Win 95a, Win95b etc... Then m$oft release the REAL product Windows 98! Of course by that time people got smart and starting to demand beta testing! This is almost like some sort of pre-Aprils fools joke? Seriously!
I spent 6 months beta testing Windows 95 ... I have a stack of 50 CDs to prove it! You should've seen what *didn't* get released :-)
Yawn anybody?
TUAW.com says the update is just for safari "security issues"....what a tease! No improvements at all. I noticed safari is still slow as shit even on WiFi.
I also noticed that scrolling is still terribly unresponsive while a page is loading.
Does anyone else have the issue where (iPhone) safari will load about 90% of a page and then just sit there "forever"?
Yes. quite annoying
I agree that safari can be slow and annoying, but I have to say that I’m not surprised. The keynote speech that debuted the iphone showed the safari browser as sluggish. Jobs even tried to play off the fact by saying something like "this site has a lot of images" to the audience while waiting for a page to load. The commercials are a bit deceiving I admit, but I don't believe that someone should judge whether to buy a $500-$600 phone (or anything for that matter) based on the commercials alone. The iphone is what I expected and a little more. I'm sure the following updates will add greater value to this revolutionary device.
About the security content of iPhone v1.0.1 Update
This document describes the security content of iPhone v1.0.1 Update, which can be downloaded and installed via iTunes as described below.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
iPhone v1.0.1 Update
Safari
CVE-ID: CVE-2007-2400
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site scripting
Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.
Safari
CVE-ID: CVE-2007-3944
Available for: iPhone v1.0
Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution
Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.
WebCore
CVE-ID: CVE-2007-2401
Available for: iPhone v1.0
Impact: Visiting a malicious website may allow cross-site requests
Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.
WebKit
CVE-ID: CVE-2007-3742
Available for: iPhone v1.0
Impact: Look-alike characters in a URL could be used to masquerade a website
Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.
WebKit
CVE-ID: CVE-2007-2399
Available for: iPhone v1.0
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.
Installation note
This update is only available through iTunes, and will not appear in your computer's Software Update application, or on the Apple Support Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from (www.apple.com/itunes).
iTunes automatically checks Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "don't install" will present the option the next time you connect your iPhone. The automatic update process may take up to a week depending on the day that iTunes checks for updates.
You can manually obtain the update via the "Check for Updates" button or menu choice in iTunes. After doing this, the update can be applied when your iPhone is docked to your computer.
To check that the iPhone has been updated:
Navigate to Settings on the iPhone.
Click General.
Click About. The version after applying this update will be "1.0.1 (1C25)".
At the very least, here's the list of the SECURITY fixes in this update:
http://docs.info.apple.com/article.html?artnum=306173
But the above document does not make it clear if there's anything else (non-security stuff) that's new in this update.
Time will tell, I'm sure...
Hey guys I just restored it and it is fine. Im guessing it was because of the iFuntastic hack I did.
No noticeable changes.
This is a "Bug Fixer"
I think Apple did this just to remind people that
this is the new era for Cellphone updates. Where if something is not
working right Apple will try to help with Software updates.
I think this is a great start for being Apple's First phone.
And I'm so proud to be an iPhone owner!
Phones and devices have been doing firmware updates for ages. Nothing new...
But... maybe it's a new era in terms of how accessible firmware updates for phones are. Is that what you meant?
Yeah in a way, but what I mean is
that Apple's new Phone will be easier to manage rather than having the cellphone company make a "massive" update to the network or cellphone itself (I don't know how that is managed)
BUt I think apple is great on how they manage their updates.
So this adds more reliability to the cellphone and the company just because if anything needs to be changed on an application or anything like that Apple can add it without a problem...
Makes sense, at all?
No. Like Carlo said other phones has been provided firmware updates, some through free over the air (Nokia for minor updates) or through USB without having to send of the device to a service centre.
However even as an iPhone hater I am impressed by the ease on which this patch was applied.
@Jon
If you're a hater, why are you here reading about the object of your disdain? Get a life, man.
_________________
Sure, firmware updates have been available on other devices since the beginning of time, but were they routinely applied. Phone nerds scouring Howard Forums apply patches... Even look forward to them. But does your dad? Your sister?
With iPhone, every user will get the prompt when syncing and I'm guessing most will walk through the super-easy process... And have a better device for it.
Don't pretend every Tom, Dick & Harry is out there hooking up a USB cable to his RAZR. He's not.
LOL @ el
If you think people still look at forums for patches you need to learn. For a year now all we need to do is plug our phones in and fire up the update manager or just download patches over the air.
@ El in AZ: Get your head out of your ass and take a look around. Perhaps, it was in there a bit too long for you to realize that firmware upgrade is not new anymore. OTA or otherwise. Now if that makes you uncomfortable, please resume.
"@El in AZ"
Dude... Either you have issues or your just upset because you couldn't afford an iPhone.
Hum... maybe both?
Damn, El in AZ's comment was effing perfect. Game.Set.Match.
There appear to be more than just security updates in this release. I checked a bug that I knew about that related to the pages view in Safari and how it works when in landscape mode (if you opened a couple of sites in portait mode, then change to landscape, then hit the pages icon, the portait pages still show in portait orientation in the previews and you can't click the close icon). This bug is fixed! The Apple website talks about the security context of v1.0.1, but says nothing that would imply that this is the only content in v1.0.1. I would guess that they fixed a number of the easy things that caused the most common safari, maps and ipod crashes.
This update fixed the Wi-Fi issues I had been having at my home. Worth the update just for that.
well duh!!
will this negatively affect iphones activated with anderson hack?
Yep, that happens here.
And sometimes it'll jump around the page randomly.
Looks like not only iPhone updates were thrown at us.
But also a "Safari 3 Beta Update" was released...
Along with "Security Update 2007-007"
Keep the updates coming Apple!!
http://www.myitablet.com/1294-271294.php#more-1294
27 Jul
iPhone to get security patch next week?
Posted by Chris Davies in Apple, Apple Firmware, Apple iPhone Rumor, Apple iPhone
Speculation froths that Apple will be releasing a sweet little iPhone patch next week which, although not making your handset look like a pirate, will plug a few of those embarrassing security holes: one of which is set to be detailed at next week’s Black Hat 2007 conference.
Will an iPhone security patch come next week?
As Spiderman said, "with great power comes great responsibility" and security professionals have been calling for Apple to step up and patch the iPhone’s vulnerabilities. Few believe the handset to be any more leaky than its non-Apple smartphone brethren, but are more concerned with seeing how well the company handles updates.
Currently it’s not expected that any update released next week will contain anything other than security patches, rather than the extra features many are hoping for.
I did the update, it didn't ask me to do a restore but I don't have anything clever like iFuntastic.
Can't see any of the bugs I have found fixed.
My folders from Mail.app are now showing up...
same here. Glad they got that worked out, I was dissipointed that only the inbox was there before
Wow. An incredibly minor patch (.0.1, no less) that adds nothing new is announced and in Engadget world that becomes A Big Story.
I hope you get over your iPhone infatuation soon because it's ruining a great site.
Boo hoo. The site is called enGADGET and the iPhone is the newest big thing around. Find a hobby instead of hating a tech company.
Yeah, man. Calm the fuck down, huh? Keep it together. When your Treo does something interesting, we'll read about that shit, too, 'kay?
no one likes a whiner, mike :p
yeah, mine wouldn't update until i restored it. but it took two tries to restore it. I got a little worried there. I used ifuntastic 2 and changed my logo, layout, and ringtones.
youtube - Most Viewed - "all" and "Today" been corrected.
Indeed they have, the today one now reflects what you see if you go to youtube.com
I don't know if this is new or I might of Just noticed it,
but when you have a link on a TXT message sent to you.
You have a small ">" arrow pointing which gives you more information about the link.
and also gives you the option to select "Visit" link.
...Again, just noticed that on a txt message, was that there before?
Okay so I installed 1.0.1 and I pressed the home button and my iPhone took off like a helicopter. Anybody else get this?
Mine transformed into a yellow corvette...
Mine turned into a kitchen sink! Whoever said the iPhone had everything but the kitchen sink is eating their words now, haha!!
Mine slid out a real keyboard after the update.
This is a ridiculous thing to say. Of course they're gonna fix bugs they find this quickly. This is just a plug for your site.
iPod used to stop (crash) when running Safari...that problem has been corrected on my phone :)
I can confirm update did NOT affect anderson activation
WTF? They removed the hex WEP key option so now your choices are WEP (password), WPA, and WPA2. So the fix for somewhat flaky wifi support is to just remove the option? Thanks, Apple.
It appears that you can use the phone while syncing. Found that out after doing a restore. :)
your so fat. you have to CANCEL the sync to do that. shut up.
It comes up with the "Slide to Cancel" screen, but once it starts syncing it goes back to what you were doing before, without canceling it. I've done this a couple times already. And I'm not fat, dummy.
I don't think Apple will get rid of homebrew:
1. It is restriced to a small percentage of the iPhone user base. Not a big threat to user experience.
2. It has not led to anything risking Apple's relationships with partners (e.g. unlocking)
That could all change if malicious apps start appearing for the iPhone. Like something that steals your contact list for marketing data, or records your conversations or whatever. Or anything that unlocks the iPhone. In the case of the former, Apple will have to fix the hole to ensure device reliability and ensure consumers trust the device. In the case of the latter, it would damage Apple's partnerships, and they would have contractual obligations to close the hole.
So long as these are not done (anyone working on unlocking the iPhone should stop for the greater good of the community), I don't see Apple removing what is otherwise harmless. Although to be fair, Apple should have allowed applications to be run in a sandbox with limited device API.
I noticed that the word "Minutes" in the Usage>Call Time information panel has been abbreviated to "Min.". It used to be cut off and displayed as "Minut..." or something like that.
It also appears the calculator issues were corrected. I've messed with the calculator a bit and it seems to have been fixed. Can anyone else confirm this?
They fixed at least one annoyance in Calculator. Before, when you launched calculator and started tapping numbers, they would append to the end of whatever number was still on the display from previous usage. Now, when you tap, it replaces. Nice.
Also, they fixed at least one bug in Google Map. Before when you stretched your fingers to expand the map, if you touched the URL bar or the bottom command bar, the map would shoot off to a new center point. Very annoying. That is all fixed now.
Also, Safari is MUCH more stable on heavy javascript pages. Also, Safari used to EASILY crash the iPod if you surf while playing music. That seems to be completely fixed.
MUCH BETTER EXPERIENCE now!
I'm happy.
Jim
Check out the new email people.
is it just me or does this post sound like the author is currently painting the inside of his pants white while updating his iphone.
@absurdio:
You find a minor patch interesting? You Apple-fanbois are so easy to entertain. :)
I guess you Micro$uck boys like viruses and hardware problems.
:)
You M$ fanbois are so arrogant.
it's possible to dislike Apple and not like Microsoft. I mean, just because someone hates chocolate ice cream doesn't mean they like vanilla... and for all you know, they could enjoy those crazy ben and jerry's icecreams (if you weren't following the metaphor, Ben and Jerry are Linux. And yes, I know Ben and Jerry sold out).
I want an iPhone, stupid verizon
Why not swtich to AT&T then?
Damn hater.
So they won't stop the dumbass hackers who are breaking the law?
Pathetic.
I feel like throwing my iPhone at the wall, but I won't since I payed $3000 to get it from someone in line.
Idiot, how are they breaking the law again? But then if you paid $3k you truly are a moron.
They are breaking their contract with AT&T by running applications on AT&T's network.
That's illegal due to the EULA
"They are breaking their contract with AT&T by running applications on AT&T's network.
That's illegal due to the EULA"
Wrong again quiz kid.
Are you claiming that all the Palm OS and Windows Mobile phones are prohibited from running 3rd party apps on AT&T's network? If so, I was already "breaking the law" for years before the iPhone.
I don't know what's dumber: you wanting to throw your iPhone at the wall because "they" won't stop hackers or the fact that you just announced you were a moron who paid $3000 for a $600 device that has been pretty much readily available.
Wow the update made the battery changeable! After pressing the home button, two tiny lightsaber-ish things came out the back cutting me a nice lid. May the force be with you Steve!
Exactly how many times have you replaced the battery on your previous phones? I have owned 6 so far (I tend to keep them a year or two) and have NEVER replaced a battery.
I see this as a non-issue, just some FUD people that can't afford an iPhone use to pretend they wouldn't get one if they could afford it.
I also love hearing people claim that 3rd party apps will be "fixed" by an update. The Apple TV shows that Apple has no interest in fighting hackers. Just remember, if you hack a device, you have no right to expect it to work as reliably as before you modified it (although, there's no reason it can't still be just as reliable). I think Apple assumes people understand they don't support hacking and has no interest in ensuring hacks continue to work or not. This means, you're on your own, you break it, tough luck.
Calm down buddy! I had 5 phones up to now and I had to replace batteries on 2 of them because standby time was reducing from a week to merely a day (the good old nokia days). Batteries are attrition parts so people should be able to change em. Amen.
Ooh, thanks to whoever confirmed the Google Maps fix. The whole shooting off to the side randomly was really annoying.
Passcode Lock feature changed. I think it used to provide only two choices (Immediate and 1 minute), now there are several.
What about these new Exchange public email folders that have started showing up since I installed the 1.01 update? Is there a way to not show them?