DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 3, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 61 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Apple iPhone gets updated - some security patches

Posted on Wednesday, August 01 2007 @ 19:04:57 CEST by


Apple released update 1.0.1 for the iPhone. This patch fixes several security flaws.

iPhone v1.0.1 Update:
  • Safari

    CVE-ID: CVE-2007-2400

    Available for: iPhone v1.0

    Impact: Visiting a malicious website may allow cross-site scripting

    Description: Safari's security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

  • Safari

    CVE-ID: CVE-2007-3944

    Available for: iPhone v1.0

    Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

    Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

  • WebCore

    CVE-ID: CVE-2007-2401

    Available for: iPhone v1.0

    Impact: Visiting a malicious website may allow cross-site requests

    Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2007-3742

    Available for: iPhone v1.0

    Impact: Look-alike characters in a URL could be used to masquerade a website

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

  • WebKit

    CVE-ID: CVE-2007-2399

    Available for: iPhone v1.0

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba