In addition to the
AirPort Extreme update released earlier today, Apple has released updates for the iPhone, Safari 3 beta and Security Update 2007-007 1.0.
iPhone 1.0.1 was released and is available through iTunes when the iPhone is connected. According to Apple, the iPhone update fixes two security issues in Safari, two in WebKit and one issue with WebCore.
WebCore was update to fix an issue that allowed a malicious website to permit cross-site requests. Similar to the Safari issue, an attacker could trigger a cross-site scripting using this flaw.
The WebKit issues that were fixed involved look-alike characters in a URL that could be used to masquerade a website and a maliciously crafted website that could lead to an unexpected application termination or arbitrary code execution.
It was widely reported that
security researchers were set to reveal details of a critical security flaw
in the iPhone at the Black Hat 2007 conference this week. The iPhone update fixed the flaw before the conference.
The notes provided with Safari beta 3.0.3 only say that the update improves security and stability. The update is available via the software update mechanism in Mac OS X.
Security Update 2007-007 1.0
improves the security for several components of the operating system including bzip2, CFNetwork, Core Audio, cscope, gnuzip, Kerberos, mDNSResponder, PDFKit, PHP, Quartz Composer, samba, WebKit and WebCore
Added more information about the security updates on the iPhone.