iPhone software update 1.0.1 released (updated)

Apple this evening released iPhone Software Update 1.0.1 (1C25, 7.1 MB). Just like Greg Jozwiak promised and just under the deadline set by a group who threatened to release their iPhone vulnerability at the Black Hat conference in Las Vegas.

The update (see gallery) is only available if you connect your iPhone to iTunes and click on the Check for Update button on the summary screen. No information has been published about what, if any, feature enhancements are included in the update. At the present time it appears that it's just a security fix.

Update: Apple has posted a knowledge base article (#306173) describing the security content of iPhone v1.0.1 Update. The update fixes five vulnerabilities in the Safari Web browser on iPhone:

Safari CVE-ID: CVE-2007-2400 Impact: Visiting a malicious website may allow cross-site scripting Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc.

Safari CVE-ID: CVE-2007-3944 Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators

WebCore CVE-ID: CVE-2007-2401 Impact: Visiting a malicious website may allow cross-site requests Credit to Richard Moore of Westpoint Ltd.

WebKit CVE-ID: CVE-2007-3742 Impact: Look-alike characters in a URL could be used to masquerade a website

WebKit CVE-ID: CVE-2007-2399 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Credit to Rhys Kidd of Westnet for reporting this issue.

I have posted a gallery of the installation and update process of the first ever iPhone Software Update.