beqiraj.net

iPhone OS 3.1 und iPhone OS 3.1.1 für iPod touch verfügbar

• iPhone OS 3.1.3 für iPhone und iPod touch verfügbar
• iPhone OS 3.1.2 für iPhone und iPod touch verfügbar

Apple hat neben iTunes 9.0 und QuickTime 7.6.4 auch das iPhone OS 3.1 für alle iPhone-Generationen und iPhone OS 3.1.1 für alle iPod Touch-Geräte zum Download über iTunes bereitgestellt. Dazu muss das Gerät mit dem Computer verbunden werden.

Das kostenlose iPhone OS 3.1 und iPhone OS 3.1.1 für iPod Touch Software-Update enthält neben alle vorherigen Updates auch zahlreiche Verbesserungen und neue Funktionen und schliesst zudem mehrere Sicherheitslücken, von denen einige kritisch sind. Einen Überblick über die Neuerungen und Verbesserungen finden Sie weiter unten.

iPhone OS 3.1 umfasst auch die folgenden Funktionen und Updates:

• Verbesserte Synchronisierung für Musik, Filme, Fernsehsendungen, Podcasts und Fotos
• Anordnen von iTunes U Inhalten
• Einlösen von iTunes Geschenkkarten, Geschenkcodes und Gutscheinen im App Store
• Anzeigen verfügbarer Guthaben für iTunes Accounts im App Store und iTunes Store
• Speichern von Videos aus Mail und MMS unter "Film"
• Option "Als neuen Clip sichern" beim Schneiden von Videomaterial auf dem iPhone 3GS
• Verbesserte iPhone 3G Wi-Fi-Leistung bei aktiviertem Bluetooth
• Sperren des iPhone durch Eingabe eines Codes via MobileMe per Fernzugriff
• Verwenden der Sprachsteuerung auf dem iPhone 3GS mit Bluetooth-Headsets
• Einfügen von Telefonnummern über das Tastenfeld
• Option zur Verwendung der Hometaste, um Bedienungshilfen auf dem iPhone 3GS zu aktivieren
• Warnung bei Besuch von betrügerischen Websites in Safari (Anti-Phishing-Funktion)
• Verbesserte Synchronisierung und Handhabung von Einladungen für den Exchange Kalender
• Behebung des Problems der inkorrekten Anzeige einiger App-Symbole

Die iPhone 3.1 Software für den iPod touch ist bereits auf allen iPod touch Modellen, die nach dem 9. September 2009 gekauft werden.

Gestern wurde festgestellt dass das iPhone OS 3.1 nicht nur die versprochenen Verbesserungen sondern auch einige Nebenwirkungen mit sich bringt. Dazu mehr bei heise online - Internet-Tethering unter iPhone OS 3.1 reglementiert:

• Wer sein iPhone mit T-Mobile-Karte unter der OS-Version 3.0 noch als Funkmodem nutzen konnte, guckt nach dem Update auf 3.1 erst einmal in die Röhre. Die Internet-Tethering genannte Funktion hatte Apple bereits mit der Version 3.0 seines Betriebssystems mitgeliefert. Zwar konnten T-Mobile-Kunden dieses Extra noch nicht ohne Weiteres nutzen, aber mit ein paar Handgriffen aktivierten findige Nutzer diese Option. Mit der Version 3.1 ist dieser Weg nun zunächst wieder versperrt. Eine Meldung fordert den Nutzer zum Aktivieren des Tetherings dazu auf, T-Mobile zu kontaktieren.

About the security content of iPhone OS 3.1 and iPhone OS 3.1.1 for iPod touch

CoreAudio - CVE-ID: CVE-2009-2206

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: Opening a maliciously crafted AAC or MP3 file may lead to an unexpected application termination or arbitrary code execution
• Description: A heap buffer overflow exists in the handling of AAC or MP3 files. Opening a maliciously crafted AAC or MP3 file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.

Exchange Support - CVE-ID: CVE-2009-2794

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: A person with physical access to a device may be able to use it after the timeout period specified by an Exchange administrator
• Description: iPhone OS provides the ability to communicate via services provided by a Microsoft Exchange server. An administrator of an Exchange server has the ability to specify a "Maximum inactivity time lock" setting. This requires the user to reenter their passcode after the expiration of the inactivity time in order to use the Exchange services. iPhone OS allows a user to specify a "Require Passcode" setting that may extend up to 4 hours. The "Require Passcode" setting is not affected by the "Maximum inactivity time lock" setting. If the user has "Require Passcode" set to a value higher than the "Maximum inactivity time lock" setting, this would allow a window of time for a person with physical access to use the device, including Exchange services. This update addresses the issue by disabling user choices for "Require Passcode" values greater than the "Maximum inactivity time lock" setting. This issue only affects iPhone OS 2.0 and later, and iPhone OS for iPod touch 2.0 and later. Credit to Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies for reporting this issue.

MobileMail - CVE-ID: CVE-2009-2207

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: Deleted email messages may still be visible through a Spotlight search
• Description: Spotlight finds and allows access to deleted messages in Mail folders on the device. This would allow a person with access to the device to view the deleted messages. This update addresses the issue by not including the deleted email in the Spotlight search result. This issue only affects iPhone OS 3.0, iPhone OS 3.0.1, and iPhone OS for iPod touch 3.0. Credit to Clickwise Software and Tony Kavadias for reporting this issue.

Recovery Mode - CVE-ID: CVE-2009-2795

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: A person with physical access to a locked device may be able to access the user's data
• Description: A heap buffer overflow exists in Recovery Mode command parsing. This may allow another person with physical access to the device to bypass the passcode, and access the user's data. This update addresses the issue through improved bounds checking.

Telephony - CVE-ID: CVE-2009-2815

• Available for: iPhone OS 1.0 through 3.0.1
• Impact: Receiving a maliciously crafted SMS message may lead to an unexpected service interruption
• Description: A null pointer dereference issue exists in the handling of SMS arrival notifications. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. This update addresses the issue through improved handling of incoming SMS messages. Credit to Charlie Miller of Independent Security Evaluators, and Collin Mulliner of Technical University Berlin for reporting this issue.

UIKit - CVE-ID: CVE-2009-2796

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: Passwords may be made visible
• Description: When a character in a password is deleted, and the deletion is undone, the character is briefly made visible. This may allow a person with physical access to the device to read a password, one character at a time. This update addresses the issue by preventing the character from being made visible. This issue only affects iPhone OS 3.0 and iPhone OS 3.0.1. Credit to Abraham Vegh for reporting this issue.

WebKit - CVE-ID: CVE-2009-2797

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: User names and passwords in URLs may be disclosed to linked sites
• Description: Safari includes the user name and password from the original URL in the referer header. This may lead to the disclosure of sensitive information. This update addresses the issue by not including user names and passwords in referer headers. Credit to James A. T. Rice of Jump Networks Ltd for reporting this issue.

WebKit - CVE-ID: CVE-2009-1725

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
• Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.

WebKit - CVE-ID: CVE-2009-1724

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
• Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

WebKit - CVE-ID: CVE-2009-2199

• Available for: iPhone OS 1.0 through 3.0.1, iPhone OS for iPod touch 1.1 through 3.0
• Impact: Look-alike characters in a URL could be used to masquerade a website
• Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by supplementing WebKit's list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar. Credit to Chris Weber of Casaba Security, LLC for reporting this issue.

Apple iPhone Apps, Firmware-Updates, User Guides, Manuals, product information and more

• iPhone OS 3.1.3 für iPhone und iPod touch verfügbar
• iPhone OS 3.1.2 für iPhone und iPod touch verfügbar
• Google Sync - Jetzt mit Push E-Mail für iPhone und Windows Mobile
• iPhone OS 3.1 Benutzerhandbuch für iPhone und iPod Touch verfügbar