iPhone update 1.1.1. now available

We'd like to hear from the adventurous hackers, if "bricking" has occurred. SV

iPhone v1.1.1 Update

*

Bluetooth

CVE-ID: CVE-2007-3753

Impact: An attacker within Bluetooth range may be able to cause an unexpected application termination or arbitrary code execution

Description: An input validation issue exists in the iPhone's Bluetooth server. By sending maliciously-crafted Service Discovery Protocol (SDP) packets to an iPhone with Bluetooth enabled, an attacker may trigger the issue, which may lead to unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of SDP packets. Credit to Kevin Mahaffey and John Hering of Flexilis Mobile Security for reporting this issue.

*

Mail

CVE-ID: CVE-2007-3754

Impact: Checking email over untrusted networks may lead to information disclosure via a man-in-the-middle attack

Description: When Mail is configured to use SSL for incoming and outgoing connections, it does not warn the user when the identity of the mail server has changed or cannot be trusted. An attacker capable of intercepting the connection may be able to impersonate the user's mail server and obtain the user's email credentials or other sensitive information. This update addresses the issue by properly warning when the identity of the remote mail server has changed.

*

Mail

CVE-ID: CVE-2007-3755

Impact: Following a telephone ("tel:") link in Mail will dial a phone number without confirmation

Description: Mail supports telephone ("tel:") links to dial phone numbers. By enticing a user to follow a telephone link in a mail message, an attacker can cause iPhone to place a call without user confirmation. This update addresses the issue by providing a confirmation window before dialing a phone number via a telephone link in Mail. Credit to Andi Baritchi of McAfee for reporting this issue.

*

Safari

CVE-ID: CVE-2007-3756

Impact: Visiting a malicious website may lead to the disclosure of URL contents

Description: A design issue in Safari allows a web page to read the URL that is currently being viewed in its parent window. By enticing a user to visit a maliciously crafted web page, an attacker may be able to obtain the URL of an unrelated page. This update addresses the issue through an improved cross-domain security check. Credit to Michal Zalewski of Google Inc. and Secunia Research for reporting this issue.

*

Safari

CVE-ID: CVE-2007-3757

Impact: Visiting a malicious website may lead to unintended dialing or dialing a different number than expected

Description: Safari supports telephone ("tel:") links to dial phone numbers. When a telephone link is selected, Safari will confirm that the number should be dialed. A maliciously crafted telephone link may cause a different number to be displayed during confirmation than the one actually dialed. Exiting Safari during the confirmation process may result in unintentional confirmation. This update addresses the issue by properly displaying the number that will be dialed, and requiring confirmation for telephone links. Credit to Billy Hoffman and Bryan Sullivan of HP Security Labs (formerly SPI Labs) and Eduardo Tang for reporting this issue.

*

Safari

CVE-ID: CVE-2007-3758

Impact: Visiting a malicious website may lead to cross-site scripting

Description: A cross-site scripting vulnerability exists in Safari that allows malicious websites to set JavaScript window properties of websites served from a different domain. By enticing a user to visit a maliciously crafted website, an attacker can trigger the issue, resulting in getting or setting the window status and location of pages served from other websites. This update addresses the issue by providing improved access controls on these properties. Credit to Michal Zalewski of Google Inc. for reporting this issue.

*

Safari

CVE-ID: CVE-2007-3759

Impact: Disabling JavaScript does not take effect until Safari is restarted

Description: Safari can be configured to enable or disable JavaScript. This preference does not take effect until the next time Safari is restarted. This usually occurs when the iPhone is restarted. This may mislead users into believing that JavaScript is disabled when it is not. This update addresses the issue by applying the new preference prior to loading new web pages.

*

Safari

CVE-ID: CVE-2007-3760

Impact: Visiting a malicious website may result in cross-site scripting

Description: A cross-site scripting issue in Safari allows a maliciously crafted website to bypass the same-origin policy using "frame" tags. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue, which may lead to the execution of JavaScript in the context of another site. This update addresses the issue by disallowing JavaScript as an "iframe" source, and limiting JavaScript in frame tags to the same access as the site from which it was served. Credit to Michal Zalewski of Google Inc. and Secunia Research for reporting this issue.

*

Safari

CVE-ID: CVE-2007-3761

Impact: Visiting a malicious website may result in cross-site scripting

Description: A cross-site scripting issue in Safari allows JavaScript events to be associated with the wrong frame. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of another site. This update addresses the issue by associating JavaScript events to the correct source frame.

*

Safari

CVE-ID: CVE-2007-4671

Impact: JavaScript on websites may access or manipulate the contents of documents served over HTTPS

Description: An issue in Safari allows content served over HTTP to alter or access content served over HTTPS in the same domain. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of HTTPS web pages in that domain. This update addresses the issue by limiting access between JavaScript executing in HTTP and HTTPS frames. Credit to Keigo Yamazaki of LAC Co., Ltd. (Little eArth Corporation Co., Ltd.) for reporting this issue.

Installation note:

This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an internet connection and have installed the latest version of iTunes from www.apple.com/itunes

iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "Don't install" will present the option the next time you connect your iPhone.

Apple

Read more »

Truphone to demonstrate first VoIP-over-WiFi call on Apple's iPhone

Truphone breaks new ground. SV

Key facts

iPhone demonstration

1. Many people have called for true VoIP calling on Apple's iPhone. Truphone will today prove that it is possible using the iPhone's in-built Wi-Fi capability.
2. Truphone's demonstration will comprise two iPhones connected to Wi-Fi on the DEMOfall 07 stage. A VoIP call will be initiated from one handset, routed via Wi-Fi and the Internet to Truphone's servers, and then back again to the access point and onwards to the destination handset - a 100% IP phone call.
3. Today's event will be a live demonstration only and is not a commercial launch of Truphone on the iPhone.
4. Truphone does not need to unlock the SIM in order to operate its service for the iPhone.


Facebook demonstration

1. The company will also give a demonstration today of an application that mashes up social networking site Facebook with traditional telephony. The big differentiator between Truphone's demonstration and other applications for Facebook is that Truphone is the only one to embed an actual phone into the very heart of Facebook.
2. Facebook users will be able to drop their Truphone 'Call Me' button onto their friends' Walls and also embed it into Facebook messages. People will be able to allow other people to call them, while keeping their actual number confidential.
3. The Truphone 'Call Me' button for Facebook to be demonstrated today showcases the potential for additional innovative services enabled by Truphone's all-IP internet telephony infrastructure.
4. Truphone's Facebook application is currently in development.

Truphone

Read more »

Unlocked iPhone Warranty voiding

Hacking can be a risky business. SV

Saying it had found that many of the unlocking programs "cause irreparable damage to the iPhone's software," Apple spelled out the policy. "Users who make unauthorized modifications to the software on their iPhone violate their iPhone software license agreement and void their warranty," the company said in a statement. "The permanent inability to use an iPhone due to installing software is not covered under the iPhone's warranty."

Computerworld

Read more »

iPhone AutoSync

Making life a little less stressful, one product at a time. SV

iPhone AutoSync, What is it?

Out of the box, the iPhone does a great job of synchronizing with the Mac’s built in PIM applications, Address Book and iCal, and bookmarks, courtesy of Safari.
Enter iPhone AutoSync! iPhone AutoSync monitors your three synced applications, and, when changes are made, makes a note. After a few minutes, if no more changes have been made, it triggers a sync with your phone. Thus all your information in up to date in both places, pretty much all the time.

Standalone

Read more »

Apple's iPhone France: Launch November 29th

Mais oui, Apple et l'Orange.

Who said you can't talk about Apples and Oranges at the same time?
Orange has 2000 WiFi hotspots in Paris! SV


InformationWeek

Flicker

Read more »

IPhone Introduced to Europe, Where Standards Differ

By ERIC PFANNER
Published: September 19, 2007

LONDON, Sept. 18 — Apple introduced the iPhone to Europe on Tuesday, hoping to entice consumers with a sleek design and the power of the Apple brand, even as it flouts some of the technological and marketing conventions of the European mobile business.

Steve Jobs was in London on Tuesday to announce that Britain would be the first European country to get Apple's iPhone.
Steven P. Jobs, the Apple chief executive, said the iPhone would become available to British consumers in November in an exclusive arrangement with O2, a mobile network operator owned by Telefónica of Spain. Similar deals are expected to be announced with the T-Mobile subsidiary of Deutsche Telekom in Germany and with the Orange unit of France Télécom.
The iPhone, which allows users to make calls, browse the Internet, check e-mail and play songs and videos by running their fingers over a touch-sensitive screen, has been a hit in the United States, where more than one million were sold in the first three months of its release.
But analysts say Apple may have a tougher time in Europe. They expressed disappointment that the iPhone to be sold in Europe was identical to the one in the United States, meaning that it would be unable to take advantage of faster European wireless networks for Web browsing and media downloads.

Mr. Jobs said Apple had decided against making the phone compatible with the faster third-generation mobile networks because the chip sets for 3G-compatible phones used up battery power too quickly. “They’re real power hogs,” he said in London, adding that it might take until late next year for the technology to advance enough to make a 3G iPhone.
Mr. Jobs said the iPhone would overcome this hurdle by relying heavily on Wi-Fi technology, which provides broadband Internet access for laptop computers and other devices, though only when they are stationary. When iPhones are on the move, they will shift to a mobile technology called Edge, which is also use by AT&T, Apple’s exclusive network partner in the United States.
But Matthew Key, chief executive of O2 in Britain, said Edge would be available in areas covering only about 30 percent of the British population when the phone is introduced in Britain on Nov. 9.

Also, 20 percent of British mobile users already have 3G-enabled phones, according to M:Metrics, a research firm. “There’s no doubt it’s going to be an obstacle for Apple,” said Paul Goode of M:Metrics. “You’re going to be asking people to downgrade in terms of capability.”
Apple is also going against the grain of the European mobile business by charging £269 ($538) for the phone in Britain, and locking customers in to 18-month contracts at monthly rates of £35 to £55 ($70 to $110). Typically, carriers discount even high-end cellphones in Europe.
“Sometimes you get what you pay for,” Mr. Jobs said.
O2 customers will also get unlimited data transfers with their iPhones, an effort to stimulate use of the mobile Internet and multimedia services.
T-Mobile planned to announce on Wednesday an exclusive agreement to sell the iPhone in Germany, according to a person briefed on the negotiations. There, the phone will sell for 399 euros ($555), this person added.
Carolyn Owen, a spokeswoman for Orange, declined to confirm reports that Apple would soon announce a similar agreement in France.
Europe has generally been a trickier place than the United States for Apple to do business. The company’s iPod music player has a roughly 20 percent market share in Europe, including 40 percent in Britain, compared with 60 percent in the United States, according to M:Metrics.
Regulators and consumer groups in several countries have also objected to some of Apple’s business practices.
This week, for instance, the European Commission plans hearings on a complaint that Apple’s iTunes online music store violates competition rules by charging Britons more than other Europeans for downloads. Apple has said its agreements with music companies and the organizations that oversee musical copyrights are to blame.
Despite Apple’s struggles in Europe, analysts say the region could still turn into a lucrative market for the iPhone.
Europeans, for instance, are more likely to opt for high-end multimedia phones than Americans. In June, according to M:Metrics, only 6 percent of cellphones sold in the United States were so-called smartphones, compared with 12 percent in Britain and 24 percent in Italy — a market where Apple has not yet indicated its iPhone plans.
Kevin J. O’Brien contributed reporting from Berlin.

Read more »

Apple iPhone - It Will Change Your Life

The apple iPhone is a latest mobile phone that allows you to make a call by simply pointing your finger at a name or number in your address book, a favorites list, or a call log. It also automatically syncs all your contacts from a PC, Mac, or Internet service. And it lets you select and listen to voicemail messages in whatever order you want — just like email. With iPhone, making a call is as simple as touching a name or number. In addition, you can easily construct a favorites list for your most frequently made calls, and quickly merge calls together to create conference calls.
It is unique phone with slim profile and no keys - it has 3.5 inches touch display that uses multy-touch technology for navigation. A sensor controls the orientation of the display, and MAC OS X controls the smart phone’s functionality. It is quad-band GSM/EDGE device with WiFi and Bluetooth, and features 8GB of memory.
Visual Voicemail allows you to go directly to any of your messages without listening to the prior messages. So you can quickly select the messages that are most important to you. IPhone includes an SMS application with a predictive QWERTY soft keyboard that prevents and corrects mistakes, making it easier and more efficient to use than the small plastic keyboards on many smart phones. The iPhone features a 2-megapixel camera and a photo management application that goes far beyond anything on a phone today. Sync photos from your PC or Mac, and you’re ready to browse or email them with the flick of a finger. With iPhone, making a call is as simple as touching a name or number. In addition, you can easily construct a favorites list for your most frequently made calls, and quickly merge calls together to create conference calls.
Handheld and mobile digital electronic devices for the sending and receiving of telephone calls, faxes, electronic mail, and other digital data; MP3 and other digital format audio players; handheld computers, personal digital assistants, electronic organizers, electronic notepads. And there are a number of nice touches as well, including a motion sensor that rotates photos when you turn the phone, and voicemails displayed visually that you can click on and listen to. As we all expect from Apple, this is a seriously buttoned up device.
Apple iphone
Adam Caitlin is expert author of Mobile Phone. Please have a look at Contract Phones
Article Source: http://EzineArticles.com/?expert=Adam_Caitlin

Read more »