1. JustinHorn's Avatar
    Seems like every time before a firmware comes out a new iTunes is a couple days before.
    11-20-2008 10:48 PM
  2. Jeremy's Avatar
    Well if the rumors are true from a few weeks back, tomorrow would be the day.

    iPhone 2.2 + Security Patch to Hit Tomorrow?! | The iPhone Blog
    11-20-2008 11:10 PM
  3. JustinHorn's Avatar
    It's out now!
    11-21-2008 12:45 AM
  4. Jeremy's Avatar
    Already downloaded...

    *Tried waking Rene up with a ton of emails but he must be a heavy sleeper... he missed all the fun last night.
    Last edited by Jeremy Sikora; 11-21-2008 at 01:33 PM.
    11-21-2008 12:46 AM
  5. JustinHorn's Avatar
    what do you think? Seems like the rumors covered everything.
    11-21-2008 01:43 AM
  6. Jeremy's Avatar
    Safari is SO much better... very stable. Here is a full list of bug fixes.

    iPhone OS 2.2 and iPhone OS for iPod touch 2.2

    *

    CoreGraphics

    CVE-ID: CVE-2008-2321

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Michal Zalewski of Google for reporting this issue.

    *

    ImageIO

    CVE-ID: CVE-2008-2327

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple uninitialized memory access issues exist in libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of TIFF images.

    *

    ImageIO

    CVE-ID: CVE-2008-1586

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected device reset

    Description: A memory exhaustion issue exists in the handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected device reset. This update addresses the issue by limiting the amount of memory allocated to open a TIFF image. Credit to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.

    *

    Networking

    CVE-ID: CVE-2008-4227

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: The encryption level for PPTP VPN connections may be lower than expected

    Description: The encryption level for PPTP VPN connections may revert to a previous lower setting. This update addresses the issue by properly setting the encryption preferences. Credit to Stephen Butler of the University of Illinois of Urbana-Champaign for reporting this issue.

    *

    Office Viewer

    CVE-ID: CVE-2008-4211

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution

    Description: A signedness issue in Office Viewer's handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the affected index values are not negative. Credit: Apple.

    *

    Passcode Lock

    CVE-ID: CVE-2008-4228

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Emergency calls are not restricted to emergency numbers

    Description: iPhone provides the ability to make an emergency call when locked. Currently, an emergency call may be placed to any number. A person with physical access to an iPhone may take advantage of this feature to place arbitrary calls which are charged to the iPhone owner. This update addresses the issue by restricting emergency calls to a limited set of phone numbers.

    *

    Passcode Lock

    CVE-ID: CVE-2008-4229

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Restoring a device from backup may not re-enable the Passcode Lock

    Description: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. A race condition in the handling of device settings may cause the Passcode Lock to be removed when the device is restored from backup. This may allow a person with physical access to the device to launch applications without the passcode. This update addresses the issue by improving the system's ability to recognize missing preferences. This issue does not affect systems prior to iPhone OS 2.0 or iPhone OS for iPod touch 2.0. Credit to Nolen Scaife for reporting this issue.

    *

    Passcode Lock

    CVE-ID: CVE-2008-4230

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Short Message Service (SMS) messages may be revealed before the passcode is entered

    Description: If an SMS message arrives while the emergency call screen is visible, the entire SMS message is displayed, even if the "Show SMS Preview" preference was set to "OFF". This update addresses the issue by, in this situation, displaying only a notification that a SMS message has arrived, and not its content.

    *

    Safari

    CVE-ID: CVE-2008-4231

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of HTML table elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of HTML table elements. Credit to Haifei Li of Fortinet's FortiGuard Global Security Research Team for reporting this issue.

    *

    Safari

    CVE-ID: CVE-2008-4232

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Websites with embedded iframe elements may be vulnerable to user interface spoofing

    Description: Safari allows an iframe element to display content outside its boundaries, which may lead to user interface spoofing. This update addresses the issue by not allowing iframe elements to display content outside their boundaries. This issue does not affect systems prior to iPhone OS 2.0 or iPhone OS for iPod touch 2.0. Credit to John Resig of Mozilla Corporation for reporting this issue.

    *

    Safari
    CVE-ID: CVE-2008-4233

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Visiting a maliciously crafted website may initiate a phone call without user interaction

    Description: If an application is launched via Safari while a call approval dialog is shown, the call will be placed. This may allow a maliciously crafted website to initiate a phone call without user interaction. Additionally, under certain circumstances it may be possible for a maliciously crafted website to block the user's ability to cancel dialing for a short period of time. This update addresses the issue by properly dismissing Safari's call approval dialog when an application is being launched via Safari. Credit to Collin Mulliner of Fraunhofer SIT for reporting this issue.

    *

    Webkit

    CVE-ID: CVE-2008-3644

    Available for: iPhone OS 1.0 through 2.1, iPhone OS for iPod touch 1.1 through 2.1

    Impact: Sensitive information may be disclosed to a person with physical access to an unlocked device

    Description: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a person with physical access to an unlocked device. This update addresses the issue by properly clearing the form data. Credit to an anonymous researcher for reporting this issue.
    11-21-2008 01:44 AM
  7. MrP's Avatar
    hoorah! If you find any extra goodies post em!
    11-21-2008 02:33 AM
  8. Reaktor5's Avatar
    I love if you're on a different homepage and hit the home button it brings you back to the first page of apps.
    11-21-2008 09:36 AM
  9. jamesus's Avatar
    Any word from the Dev Team?
    11-21-2008 10:32 AM
  10. gludington's Avatar
    Did you apply the update to your jailbroken phone, or do you have a non-jailbroken one handy as well?
    11-21-2008 10:51 AM
  11. Jeremy's Avatar
    Any word from the Dev Team?
    Yes, don't update if you want to jailbreak or unlock. Post will be appearing soon with more info on the front page.
    11-21-2008 12:38 PM
  12. Jeremy's Avatar
    11-21-2008 12:58 PM
  13. jamesus's Avatar
    What timing!
    11-21-2008 01:17 PM
  14. Frozen001's Avatar
    So it looks like eventually they will have a full jailbreak for the 2.2, just not in the "near future".

    I did the update to 2.2

    I did jail break my phone for like a week, but thre wasn't anything that I considered a "must have" to keep it that way, so I went stock...

    I just hope the next update comes with push notifications...
    11-21-2008 01:18 PM
  15. Jeremy's Avatar
    Some of the lesser features added to 2.2 screen shots.

    -Streaming or downloading TiPb podcast - Priceless

    -Having the app store organized much better - Nice touch

    -More pics added to each individual app - could go along with the above comment but oh well. Still a nice feature.
    11-21-2008 01:31 PM
  16. sethclifford's Avatar
    Quick question - if I want to update and I jailbroke 2.1, can I just run the new installer and that will be ok? Or do I need to restore to a clean device and then install and re-add all my apps and settings and such?
    11-21-2008 01:46 PM
  17. Jeremy's Avatar
    Quick question - if I want to update and I jailbroke 2.1, can I just run the new installer and that will be ok? Or do I need to restore to a clean device and then install and re-add all my apps and settings and such?
    You can update with no issues but you will not be able to jailbreak 2.2 with the current pwnage tool. You will have to wait until the new release.
    11-21-2008 01:48 PM
  18. sethclifford's Avatar
    Nice. Ok. I'm gonna test drive 2.2, I don't think I'll miss the jb too much. Not running much. Thanks Ash!
    11-21-2008 01:50 PM
  19. Jeremy's Avatar
    Something else people should be aware of that I posted in Jailbreak Central but I'll comment on it here... all of you with hardware SIM unlocks are dead in the water with the 2.2 firmware. Apple has solved that and if you update your sim unlock will not work. Just a bit of a warning before you update.
    11-21-2008 02:15 PM
  20. jamesus's Avatar
    Some of the lesser features added to 2.2 screen shots.

    -Streaming or downloading TiPb podcast - Priceless

    -Having the app store organized much better - Nice touch

    -More pics added to each individual app - could go along with the above comment but oh well. Still a nice feature.
    So I take it you decided to update and wait to re-jailbreak?
    11-21-2008 03:40 PM
  21. Jeremy's Avatar
    So I take it you decided to update and wait to re-jailbreak?
    I have not jailbroke this particular iPhone I am using. So I updated last night around 11:30 or so. Will I jailbreak 2.2 on another iPhone? Yes.
    11-21-2008 03:42 PM
  22. sethclifford's Avatar
    Well, it's great so far. Seriously. Safari is responsive and not crashy (so far). UI seems a little smoother (?) or maybe I'm hallucinating. Have not tried to dl a podcast yet, but my jailbroken Podcaster app was SUPER crashy, so as long as it works, I won't be complaining... Seems very stable. Thumbs up.
    11-21-2008 04:24 PM
  23. Tunnelrunner's Avatar
    This is all preliminary (I just upgraded to 2.2 a few hours ago) but so far, so good. Safari DOES seem more stable and snappy. I'll see how it does on Facebook (desktop version)...
    11-21-2008 08:17 PM
  24. Tunnelrunner's Avatar
    I forgot to mention: has anyone noticed that the battery life is MUCH improved as well?
    11-21-2008 08:18 PM
  25. marcol's Avatar
    Safari stability, overall device speed and podcast downloads OTA are all great, but I'm quite cross that the audio for third-party apps mutes when the screen locks. WunderRadio was one of my favourite apps but how am supposed to use it now? With screen lock disabled? I can't see that working too well - lots of random screen taps as you walk down the street, lots of battery drain too with the screen always on. I hope there's a solution to this.
    11-21-2008 09:25 PM
41 12
LINK TO POST COPIED TO CLIPBOARD