About the security content of the iPhone 1.1.1 Update



The Apple Product Security website:

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security"

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

To learn about other Security Updates, see "Apple Security Updates."

iPhone v1.1.1 Update

Bluetooth

Impact: An attacker within Bluetooth range may be able to cause an unexpected application termination or arbitrary code execution

Description: An input validation issue exists in the iPhone's Bluetooth server. By sending maliciously-crafted Service Discovery Protocol (SDP) packets to an iPhone with Bluetooth enabled, an attacker may trigger the issue, which may lead to unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of SDP packets. Credit to Kevin Mahaffey and John Hering of Flexilis Mobile Security for reporting this issue.

Mail

Impact: Checking email over untrusted networks may lead to information disclosure via a man-in-the-middle attack

Description: When Mail is configured to use SSL for incoming and outgoing connections, it does not warn the user when the identity of the mail server has changed or cannot be trusted. An attacker capable of intercepting the connection may be able to impersonate the user's mail server and obtain the user's email credentials or other sensitive information. This update addresses the issue by properly warning when the identity of the remote mail server has changed.

Mail

Impact: Following a telephone ("tel:") link in Mail will dial a phone number without confirmation

Description: Mail supports telephone ("tel:") links to dial phone numbers. By enticing a user to follow a telephone link in a mail message, an attacker can cause iPhone to place a call without user confirmation. This update addresses the issue by providing a confirmation window before dialing a phone number via a telephone link in Mail. Credit to Andi Baritchi of McAfee for reporting this issue.

Safari

Impact: Visiting a malicious website may lead to the disclosure of URL contents

Description: A design issue in Safari allows a web page to read the URL that is currently being viewed in its parent window. By enticing a user to visit a maliciously crafted web page, an attacker may be able to obtain the URL of an unrelated page. This update addresses the issue through an improved cross-domain security check. Credit to Michal Zalewski of Google Inc. and Secunia Research for reporting this issue.

Safari

Impact: Visiting a malicious website may lead to unintended dialing or dialing a different number than expected

Description: Safari supports telephone ("tel:") links to dial phone numbers. When a telephone link is selected, Safari will confirm that the number should be dialed. A maliciously crafted telephone link may cause a different number to be displayed during confirmation than the one actually dialed. Exiting Safari during the confirmation process may result in unintentional confirmation. This update addresses the issue by properly displaying the number that will be dialed, and requiring confirmation for telephone links. Credit to Billy Hoffman and Bryan Sullivan of HP Security Labs (formerly SPI Labs) and Eduardo Tang for reporting this issue.

Safari

Impact: Visiting a malicious website may lead to cross-site scripting

Description: A cross-site scripting vulnerability exists in Safari that allows malicious websites to set JavaScript window properties of websites served from a different domain. By enticing a user to visit a maliciously crafted website, an attacker can trigger the issue, resulting in getting or setting the window status and location of pages served from other websites. This update addresses the issue by providing improved access controls on these properties. Credit to Michal Zalewski of Google Inc. for reporting this issue.

Safari

Impact: Disabling JavaScript does not take effect until Safari is restarted

Description: Safari can be configured to enable or disable JavaScript. This preference does not take effect until the next time Safari is restarted. This usually occurs when the iPhone is restarted. This may mislead users into believing that JavaScript is disabled when it is not. This update addresses the issue by applying the new preference prior to loading new web pages.

Safari

Impact: Visiting a malicious website may result in cross-site scripting

Description: A cross-site scripting issue in Safari allows a maliciously crafted website to bypass the same-origin policy using "frame" tags. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue, which may lead to the execution of JavaScript in the context of another site. This update addresses the issue by disallowing JavaScript as an "iframe" source, and limiting JavaScript in frame tags to the same access as the site from which it was served. Credit to Michal Zalewski of Google Inc. and Secunia Research for reporting this issue.

Safari
Impact: Visiting a malicious website may result in cross-site scripting

Description: A cross-site scripting issue in Safari allows JavaScript events to be associated with the wrong frame. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of another site. This update addresses the issue by associating JavaScript events to the correct source frame.

Safari

Impact: JavaScript on websites may access or manipulate the contents of documents served over HTTPS

Description: An issue in Safari allows content served over HTTP to alter or access content served over HTTPS in the same domain. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of HTTPS web pages in that domain. This update addresses the issue by limiting access between JavaScript executing in HTTP and HTTPS frames. Credit to Keigo Yamazaki of LAC Co., Ltd. (Little eArth Corporation Co., Ltd.) for reporting this issue.

Installation note:
This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an internet connection and have installed the latest version of iTunes from www.apple.com/itunes

iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "Don't install" will present the option the next time you connect your iPhone.

The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the "Check for Update" button within iTunes. After doing this, the update can be applied when your iPhone is docked to your computer.

To check that the iPhone has been updated:

Navigate to Settings >>General>>About.
The Version after applying this update will be 1.1.1 (3A109a)

Source [securitylab.ru]

RAID-1 Volume Using SVM on x86 Platform

This will provide full protection against one disk failure, and complete redundancy. In the same time, this will have the effect to speed read requests (since there exists multiple backing devices hosting the same data), but write performance is generally degraded. First, know your running system, particularly on which disk it is currently installed and which other device is available for the second mirror side.

# df -hF ufs
Filesystem size used avail capacity Mounted on
/dev/dsk/c1d0s0 7.9G 5.2G 2.6G 67% /
# swap -lh
swapfile dev swaplo blocks free
/dev/dsk/c1d0s1 102,65 4K 4.0G 4.0G
#
# echo | format
Searching for disks...done

AVAILABLE DISK SELECTIONS:
0. c1d0
/pci@0,0/pci-ide@8/ide@0/cmdk@0,0
1. c2d0
/pci@0,0/pci-ide@8/ide@1/cmdk@0,0
[...]
Well, we will use the c2d0 as the second submirror. So, we need to default to one Solaris partition that uses the whole disk and make it bootable (we are using GRUB in this case). The slice for the second submirror must have a slice tag of root and the root slice must be slice 0 (so, we will duplicate the label's content from the boot disk to the mirror disk).
# fdisk -B /dev/rdsk/c2d0p0
# fdisk /dev/rdsk/c2d0p0
Total disk size is 36483 cylinders
Cylinder size is 16065 (512 byte) blocks

Cylinders
Partition Status Type Start End Length %
========= ====== ============ ===== === ====== ===
1 Active Solaris2 1 36482 36482 100

SELECT ONE OF THE FOLLOWING:
1. Create a partition
2. Specify the active partition
3. Delete a partition
4. Change between Solaris and Solaris2 Partition IDs
5. Exit (update disk configuration and exit)
6. Cancel (exit without updating disk configuration)
Enter Selection:
#
# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c2d0s0
stage1 written to partition 0 sector 0 (abs 16065)
stage2 written to partition 0, 260 sectors starting at 50 (abs 16115)
#
# prtvtoc /dev/rdsk/c1d0s2 | fmthard -s - /dev/rdsk/c2d0s2
fmthard: New volume table of contents now in place.
Create replicas of the metadevice state database:
# metadb -a -c 3 -f c1d0s4 c2d0s4
# metadb
flags first blk block count
a u 16 8192 /dev/dsk/c1d0s4
a u 8208 8192 /dev/dsk/c1d0s4
a u 16400 8192 /dev/dsk/c1d0s4
a u 16 8192 /dev/dsk/c2d0s4
a u 8208 8192 /dev/dsk/c2d0s4
a u 16400 8192 /dev/dsk/c2d0s4
Flag -f is needed because it is the first invocation/creation of metadb(1m).

Set up the RAID-0 metadevices (stripe or concatenation volumes) corresponding to the / file system and the swap space, and automatically configure system files (/etc/vfstab and /etc/system) for the root metadevice.
# metainit -f d10 1 1 c1d0s0
d10: Concat/Stripe is setup
# metainit -f d11 1 1 c1d0s1
d11: Concat/Stripe is setup
# metainit d20 1 1 c2d0s0
d20: Concat/Stripe is setup
# metainit d21 1 1 c2d0s1
d21: Concat/Stripe is setup
# metainit d0 -m d10
d0: Mirror is setup
# metainit d1 -m d11
d1: Mirror is setup
#
# cp /etc/vfstab /etc/vfstab.beforesvm
# sed -e 's@/dev/dsk/c1d0s1@/dev/md/dsk/d1@' /etc/vfstab.beforesvm > /etc/vfstab
# metaroot d0
# diff /etc/vfstab /etc/vfstab.beforesvm
6,7c6,7
< /dev/md/dsk/d1 - - swap - no -
< /dev/md/dsk/d0 /dev/md/rdsk/d0 / ufs 1 no -
---
> /dev/dsk/c1d0s1 - - swap - no -
> /dev/dsk/c1d0s0 /dev/rdsk/c1d0s0 / ufs 1 no -
Flag -f is needed because the file systems created on the slice we want to initialize a new metadevice are currently mounted (in use).

Reboot on the metadevices: the operating system will now boot encapsulated, on a one-side mirror. Last, attach the second part of the mirror and adapt the system dump configuration.
# lockfs -af && shutdown -y -g 0 -i 6
[...]
# metattach d0 d20
d0: submirror d20 is attached
# metattach d1 d21
d1: submirror d21 is attached
#
# metastat -p
d1 -m /dev/md/rdsk/d11 /dev/md/rdsk/d21 1
d11 1 1 /dev/rdsk/c1d0s1
d21 1 1 /dev/rdsk/c2d0s1
d0 -m /dev/md/rdsk/d10 /dev/md/rdsk/d20 1
d10 1 1 /dev/rdsk/c1d0s0
d20 1 1 /dev/rdsk/c2d0s0
# metastat | grep %
Resync in progress: 41 % done
Resync in progress: 46 % done
#
# rmdir /var/crash/*
# mkdir /var/crash/`hostname`
# chmod 700 /var/crash/`hostname`
# dumpadm -s /var/crash/`hostname` -d /dev/md/dsk/d1
Dump content: kernel pages
Dump device: /dev/md/dsk/d1 (swap)
Savecore directory: /var/crash/bento
Savecore enabled: yes
Last, define the alternative boot path in the menu.lst GRUB configuration file: the Solaris/BSD slice 0 on the first fdisk partition on the second BIOS disk.
cat <<>> /boot/grub/menu.lst
title Solaris Nevada snv_65 X86 (Alternate Boot Path)
root (hd1,0,a)
kernel$ /platform/i86pc/kernel/$ISADIR/unix
module$ /platform/i86pc/$ISADIR/boot_archive
EOF
#
# bootadm list-menu
The location for the active GRUB menu is: /boot/grub/menu.lst
default 0
timeout 10
0 Solaris Nevada snv_65 X86
1 Solaris failsafe
2 Solaris Nevada snv_65 X86 (Alternate Boot Path)
For further (and deeper) information on this subject, please refer to the excellent Sun Microsystems Documentation on Solaris Volume Manager, and particularly x86: Creating a RAID-1 Volume From the root (/) File System.