Apple has released iPhone v1.0.1 Update, the company’s first revision to the software included in its much-discussed mobile phone. The update is exclusively a collection of security fixes to the version of the Safari Web browser built into the iPhone, as well as a selection of security fixes to the underlying WebKit display engine.
Users can install the update using Apple’s iTunes software; when users connect their iPhone to an Internet-connected Mac or PC running iTunes, the software will prompt users to download and install the update. Unlike many Apple software updates, iPhone v1.0.1 Update is only available via iTunes: it can’t be downloaded separately, or accessed via the Mac OS X Software Update feature. iTunes checks for software updates once a week; users can manually obtain the update with iTunes’ “Check for Updates” command.
According to Apple’s release notes, the update addresses issues with cross-site scripting vulnerabilities (enabling one site to access or modify content from another without a user’s knowledge), addresses two buffer overflow conditions, and fixes issues were “look-alike” URLs using special character sets could be used to enable a Web site to masquerade as another. At first glance, the iPhone v1.0.1 update does not appear to address a call redirection issue in Safari, whereby users telling the iPhone to dial a number which appears on a Web page can potentially be directed to a different number entirely.
