Network News

X My Profile
View More Activity

Apple Ships iPhone Security Updates

Apple today issued a software update to plug at least 10 security holes in the iPhone, including at least seven fixes for Safari, the device's built-in Web browser.

The updates are available only through iTunes, recent versions of which are programmed to check Apple's update server every week or so and download any updates. Alternatively, iPhone users can download the updates manually via the "Check for Update" button within iTunes and then docking the device to the computer.

A word of caution to anyone who has installed special third-party software to "unlock" their iPhone so that it can be used with multiple wireless carriers. This update will likely turn your iPhone into an expensive paperweight, assuming this patch bundle is the firmware update Apple warned was coming earlier this week.

By Brian Krebs  |  September 27, 2007; 4:47 PM ET
Categories:  New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Calculating the Costs of Cyber Crime
Next: Microsoft's Stealth Update Backfires for Some Users

Comments

Apple should be disgusted. People pay for the right to use the phone, and apple should not be deliberately trying to break their own hardware. I hope some people sue apple not to get the warranty reinstated, but for intentionally damaging the iphone product with an update.

Posted by: Jon | September 28, 2007 10:52 AM | Report abuse

What ARE you talking about? Apple should be disgusted if you cracked open your iPhone, modified the motherboard, and then expect a bios update to work perfectly?

If you want the phone manufacturers to stop locking phones to a service - change the laws. Right now it's not only legal, it is pretty much encouraged by the telecom laws. So stop yelling at Apple, and call your Senator.

Posted by: Jonathan | September 28, 2007 11:21 AM | Report abuse

I believe that apple put out this update to break the crackers and went out of it way to turn Iphones into Ibricks. I find that to be a joke.

Posted by: Jon | September 28, 2007 2:09 PM | Report abuse

if they do that they are idiots . same mistake again.

Posted by: mohd | September 28, 2007 5:18 PM | Report abuse

Johnathan, you are mistaken.
Most people are using a 100% SOFTWARE patch; not hardware modification involved.

Posted by: wng_z3r0 | September 28, 2007 7:09 PM | Report abuse

Y'know, I remember back to a time that, once you bought something, it actually became your own private property, and you could do whatever you wanted to do with it as long as it didn't hurt anybody else.

American cell phone carriers are very oppressive, prohibiting unlocking, third-party programming, and in the case of Verizon full use of your Bluetooth feature. This situation does not prevail elsewhere, but for some reason here in the United States it seems as if we mere people are considered vassals of our corporate overlords.

Now comes Apple and their "exclusive agreement" with AT&T, and their expectation that those who purchase their product will help to enforce that agreement, on pain of having their phone basically destroyed.

I've never been a big fan of Apple because of the archly proprietary nature of their products, but this goes one step too far. Evedently the only way to keep them from controlling how you use what you buy from them is not to buy from them, an option I shall forever exercise.

Posted by: Woody Smith | September 29, 2007 5:07 PM | Report abuse

Excuse us, but your entire vocabulary is wrong. First, the iPhone's weren't "hacked". At least hey weren't "hacked" by the customers that bought them. They are OWNED by those people, they having paid full retail for them. The hacking was done by Apple, who took a look at the modifications done by users, and purposeful and deliberately wrote software to disable or otherwise render those phones inoperable. This, as you ought to understand by now, is the central and core meaning of deliberate and malicious hacking. If it were done someone to Apple's corporate computer system, to the Pentagon's computer systems, to any individuals computer, then the FBI and every law enforcement agency in he country would arrest and prosecute the hacker. In this case, common sense tells us that being done by a corporation is no different. Apple needs to be prosecuted and the person or persons at Apple ordered this deliberate hacking needs to go to prison. You, Apple, ATT and everyone else involved in this mess have succeeded in turning the term "hacking" on it's head...along with the whole notion of what is legal and illegal.

Posted by: MikeB | September 30, 2007 1:08 PM | Report abuse

@MikeB -- who are you ranting against? I don't see a single comment here that talks about "hacking" the iPhone

Posted by: Bk | September 30, 2007 4:02 PM | Report abuse

Evidently, you don't read the headlines in your newspaper, then. It reads "Software Update Disables Hacked IPhones". In fact, all over the MSM, since Friday, the headlies and articles are about user "hacked" iPhones. This really p*sses me off, since he people who have those iPhone *paid* for them, paid retail for them. Those ohones belong to those purchasers, not to Apple, not to AT&T, not to anyone. If a user modified their phone to use some third party free software, if they modified them to use a provider other than AT&T, if they modified them for any reson whatsoever, that is their business. Now, in the stories on this I have read, it is starting to appear to be pretty clear that Apple took a look at those modications and wrote software that would break those phones. That, by meets that meets the definition of a "malicious hack". Instead of writing about this as some sort of new and interesting "business move", you and the rest of the techological writers ought to be calling for Apple's corporate head. If not, then you are going to be very hard pressed in the future to define what malicious hacking is.

Posted by: MikeB | September 30, 2007 7:31 PM | Report abuse

I have been a longtime Apple user (back with my original Apple II), and purchased an iPhone the day it came out. I got burned by the $200 price drop, and the shaft from AT&T not allowing me to add the phone to my corporate account (rather requiring me to get a new account and pay $100 more). Still I believe that everyone should be able to at least install 3rd party apps on their phone. And Apple could have made this work, without 'bricking' their phone. I also understand Apple's position on unlocked phones, but at least allow us to install 3rd party apps that add value to the iPhone.

Posted by: Nick from Detroit | October 1, 2007 10:02 AM | Report abuse

If you want an iPhone that works reliably, don't mess with it. How is a company to support cutting edge technology when it can't control the hardware and software. I personally look foward to Apple's updates and enhancements and can wait until they are tested and released. There is a reason Apple controls its hardware and chose one carrier...reliability, which is an Apple trademark. Those who mess with the design and funtion on their own, get what they deserve. I suggest you read your service and license agreement. If you don't like it, pick another carrier and another phone.

Posted by: WilliamR | October 2, 2007 9:46 AM | Report abuse

WilliamR> How is a company to support cutting edge technology when it can't control the hardware and software.

Uh, the same way every company, including Apple, does on every device other than the iPhone? For some reason, I can attach arbitrary devices to, or run third-party software on, a Mac, and Apple doesn't release an update that deliberately breaks the OS. Blackberry and Treo providers don't seem to have any issues with third-party software.

To quote the SANS @RISK newsletter's writeup on the issues addressed by the updates:

"A specially crafted Bluetooth packet sent by an attacker within physical Bluetooth range could trigger a buffer overflow vulnerability and allow an attacker to execute arbitrary code on the iPhone. Specially crafted web pages or email messages could cause phone numbers to be dialed without confirmation, or could spoof phone numbers such that the number dialed is different from the number displayed for confirmation. Other vulnerabilities include cross site scripting vulnerabilities and information disclosure vulnerabilities."

Now do you really think that security updates to fix these various software problems rendering iPhones distinctly unreliable *necessitated* bricking unlocked phones? MikeB's point is a good one: the updates must have been specifically engineered to break the phones, not merely a natural consequence of the updates, and thus border on malice. Of course, whoever bought an iPhone will have no recourse, since they may have purchased actual ownership of the hardware, but no doubt the software purchase was for a revocable license. Presumably the hardware itself is undamaged; Apple has simply revoked the software license for those users who didn't toe the line. Message: Apple loves AT&T more than it does its customers.

Posted by: antibozo | October 2, 2007 11:08 AM | Report abuse

He learned about justice or rather injustice early in his life. Cesar grew up in Arizona; the small adobe home, where Cesar was born was swindled from them by dishonest Anglos. Cesar's father agreed to clear eighty acres of land and in exchange he would receive the deed to forty acres of land that adjoined the home. The agreement was broken and the land sold to a man named Justus Jackson. Cesar's dad went to a lawyer who advised him to borrow money and buy the land. Later when Cesar's father could not pay the interest on the loan the lawyer bought back the land and sold it to the original owner. Cesar learned a lesson about injustice that he would never forget. Later, he would say, The love for justice that is in us is not only the best part of our being but it is also the most true to our nature.

Posted by: Cesar Chavezz | October 3, 2007 9:49 AM | Report abuse

Well, I agree with Apple, I buy apple products, and I believe they should be used the way Apple had Intended them to be. Plus, do you think is Apple who is putting the squeeze on, or was it AT&T who undoubtedly funded part of the iPhone Project, thinking they were going to be an exclusive carrier?

Posted by: BLOGZILLA | October 3, 2007 7:37 PM | Report abuse

BLOGZILLA> Plus, do you think is Apple who is putting the squeeze on, or was it AT&T who undoubtedly funded part of the iPhone Project, thinking they were going to be an exclusive carrier?

Doesn't matter. Apple is selling out its customers. They're either selling them out now, or they sold them out when they made the deal with AT&T. Either way, it's clear who's more important to them. And that's fine as long as people don't harbor illusions about Apple putting their users first.

Posted by: antibozo | October 3, 2007 11:07 PM | Report abuse

cnatrdr

Posted by: monsitalge | October 9, 2007 11:04 AM | Report abuse

roracaldo

Posted by: c4tvielt | October 27, 2007 4:44 AM | Report abuse

monladar

Posted by: ricvarerbocd | October 27, 2007 10:11 AM | Report abuse

Good site! I'll stay reading! Keep improving!

Posted by: Nika | November 10, 2007 6:45 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company