http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/2008/11/20/iphone-vulnerability-fix-coming-on-november-21st-in-firmware-2-2/)

German publication Spiegel.de (http://www.spiegel.de/netzwelt/mobil/0,1518,591707,00.html) reports an newly announced iPhone vulnerability that can force a (potentially expensive) phone call to be made simply by visiting a webpage in Safari. The vulnerability was to be announced in ComputerBild (http://www.computerbild.de/) on Monday but was detailed today in a press release (http://www.sit.fraunhofer.de/pressedownloads/pressemitteilungen/iPhoneHack.jsp) from the Fraunhofer Institute for Secure Information Technology (SIT). A video of the exploit (http://www.sit.fraunhofer.de/pressedownloads/pressemitteilungen/iPhoneHack.jsp) is also available.

SIT reports that they notified Apple of the issue a month ago and that a fix will become available on November 21st through a firmware upgrade.

This seems to confirm (http://www.macrumors.com/2008/11/11/iphone-2-2-firmware-10-days-away/) an earlier report that we would see iPhone Firmware 2.2 released on that date. The iPhone 2.2 firmware contains a number of small new features we have previously detailed (http://www.macrumors.com/2008/11/11/iphone-2-2-firmware-10-days-away/).

Article Link: iPhone Vulnerability, Fix Coming on November 21st in Firmware 2.2? (http://www.macrumors.com/2008/11/20/iphone-vulnerability-fix-coming-on-november-21st-in-firmware-2-2/)

Wonder if the firmware upgrade apart from containing the bug fix, and known potential feature, will have any surprises (a week before thanksgiving, and Black Friday - from the reaction i've seen from friends being shown Google Street View, having this on the iPhone might be a great way to boost iPhone sales)

iPhoneHellas.gr's claims being that 2.2 firmware will contain


New look Safari (Google search bar now occupying its own space on the title bar - some not really thinking this is for the best).
On/Off toggle to disable auto-correction.
461 Japanese emoji icons.
Support for new languages.
Line-in audio activated & able to be used through the headphone jack.
Google Street View, Google Transit info
App Store: 'Categories' showing icons of apps instead of the list; 'Tell A Friend' & 'Report A Problem' buttons added, also adding ability to score an app when it's deleted from an iPhone; added ability to directly download podcasts from the iTunes Wi-Fi Music Store (though what size maximums over cell net vs wifi remains to be confirmed afaik)

Awesome news! Firmware tomorrow!!! :D

copypastecopypastecopypastecopypastecopypastecopypastecopypaste

That's a really bad exploit.

copypastecopypastecopypastecopypastecopyp

WTF :confused:

copypastecopypastecopypastecopypastecopypastecopypastecopypaste
copypastecopypastecopypastecopypastecopypastecopypastecopypaste

It's nice to see you using copy and paste to ask for copy and paste...

I'm of the opinion that maliciousness should be fixed at the first available opportunity, not in the next major release, myself.

Can someone please explain to me again why I should be excited for this? Emojicons, street view, line in audio, new broswer look....

Wasn't there something in there that should say MMS enabled, cut and paste....

I am pretty sure that the old nokia brick phones have a few features the iphone doesnt have still, and that is sad.

no, wtf won't be included in the 2.2 update :P

Wonder if 10.5.6 would be released with it.

Wasn't there something in there that should say MMS enabled, cut and paste....

Apple has decided you don't need MMS.

You just need reeducation to understand why they know you better than you do.

I'm hoping for more than this.. otherwise a sad update.

Good to see a security fix, but it should have been released sooner (maybe 2.1.1)

I would like the iPhone to stop after one podcast!

Ever since 2.0 came out, podcasts would automatically play one after the other, or you could set looping to make a single podcast start over after it ends.

Back in the olden days, a podcast would play and then stop at the end. I want that behavior back again!

Wonder if 10.5.6 would be released with it.

Yeah and maybe the 17 inch Mac Book Pro too!!!! :D

Where's Push Notification for apps? I'm more excited to use aim while it's closed than anything else. This needs to come soon!

no, wtf won't be included in the 2.2 update :P

Wonder what functionality that would have :)

I'm all for new features, but mainly I want vulnerabilities and problems to be fixed first. Oh, I could use it, but I HONESTLY hope Apple NEVER EVER releases Copy/Paste, just out of spite. :D

all i want is mms, copy paste, video recording app in app store, and landscape mail and sms. PLZ!

wonder if they will ever fix the 3G dropped call problem????

i have to switch 3G off in order to send or receive calls... 3G just plain sucks on the iphone, imo.

Apple has decided you don't need MMS.

You just need reeducation to understand why they know you better than you do.

Actually they are allowing its regional wireless partner, Telia in Sweden to go ahead with developing it's own MMS app for the iPhone. (source AppleInsider)

So it is possible and in time will happen.

The title of this article is a little ambiguous... as I thought both a new vulnerability and a new fix were each coming with the new 2.2 firmware.

From what I've heard about this update I think I'll be happy. That is if Safari works a lot better. Audio in is nice too as that opens up more app posibilities.

Frankly the first thing tomorrow I find a fast WiFi spot. Better syncing and Safari are good enough reasons for an update.


Dave

wonder if they will ever fix the 3G dropped call problem????

i have to switch 3G off in order to send or receive calls... 3G just plain sucks on the iphone, imo.

IN your area maybe. Mine is fine.

I would like the iPhone to stop after one podcast!

Ever since 2.0 came out, podcasts would automatically play one after the other, or you could set looping to make a single podcast start over after it ends.

Back in the olden days, a podcast would play and then stop at the end. I want that behavior back again!

This is a surprisingly annoying problem. Since I always keep the three oldest episodes on my iphone and don't have the option to put them in chrono order, from oldest to newest (the way it makes sense to view more than 1), I always end up listening to old podcasts after I finish, which is just annoying. Maybe they will change it, though I haven't heard enough about it to think that they have. Complain more!

i'd also like the option to turn of automatic SMS preview.
i find that to be extremely annoying.... (and kind of dangerous considering the private stuff that can get sent via text)

Apple wants you to use e-mail instead of MMS. E-Mails are free (if you have an unlimited contract) and you can attach image that are reasonably sized. MMS is potentially fun, but very few people know how to set it up right...

As for copy and paste, things should be designed it a way so you don't need copy and paste. The iPhone does that fairly well, but there's still no comfortable way to insert a phone number into a text message.


My iPhone has been very slow and buggy after upgrading form fw 1.4.4. It's probably because of the unnecessary bloat software (can't deselect it when jailbraking the thing) but even brand new 3G iPhone in the store were much less responsive than my 1.1.4 iPhone at the time.

If there's a way to jaibreak an EDGE iPhone (fw 2.1) without having those performance issues afterwards, let me know. :-)

oh wow, so i'll be podcast catching tomorrow. great.

now give me some damn copy and paste.

That video is crazy, what a dangerous exploit. Good to see Apple is mere days away from a fix. Imagine if Windows Mobile had a similar problem. Hah!

I really don't know what all the fuss about MMS really is. After all, you've got e-mail people! I would have thought copy and paste would be a bigger issue - considering the cool interface, this is seems a bit left out (flogging the dead horse, I know).

Categories' showing icons of apps instead of the list; 'Tell A Friend' & 'Report A Problem

tell a friend is always in the app store(on the phone), showing icons instead of the list will surely make it a massive page to scroll down if I'm thinking straight???

what I want is to simply be able to add a new album from my itunes to my phone without plugging it in???????
i know airsharing does it but come on apple:cool:

:confused:I thought line in audio already worked? I use it on the Four Track app all the time?

IN your area maybe. Mine is fine.

i'm in chicago and i cannot make calls via 3g with any reliability. it's a really really terrible situation. edge seems to work fine.

i'd also like the option to turn of automatic SMS preview.
i find that to be extremely annoying.... (and kind of dangerous considering the private stuff that can get sent via text)

You can disable that in Settings / Passcode Lock / Show SMS Preview

If your phone is jailbroken, use Pysl (free). It lets you hide text messages and calls from numbers you can define. Keeps your secret life secret, you can set a password to access the messages and missed calls. The notifications is very discrete, too (square in the menu bar).

I use it mainly to redirect people I don't want calls from to my mailbox.

i'd also like the option to turn of automatic SMS preview.
i find that to be extremely annoying.... (and kind of dangerous considering the private stuff that can get sent via text)

go to settings>general>passcode lock and tap "off" where it says "show sms preview". That's been there since the first phone was released, i think. ;)

i'd also like the option to turn of automatic SMS preview.
i find that to be extremely annoying.... (and kind of dangerous considering the private stuff that can get sent via text)

Errr, I'm pretty sure that's already in the iPhone...at least I thought it was.

Errr, I'm pretty sure that's already in the iPhone...at least I thought it was.


Err, I'm pretty sure he/she was talking about turning off the SMS preview WITHOUT having to enter your passcode every time. :rolleyes:

I would like the iPhone to stop after one podcast!

Ever since 2.0 came out, podcasts would automatically play one after the other, or you could set looping to make a single podcast start over after it ends.

Back in the olden days, a podcast would play and then stop at the end. I want that behavior back again!
Good to see that I'm not the only one annoyed by this. I have a smart playlist for new podcasts that runs them oldest to newest but if there's one that I particularly want to listen to or that's time sensitive I'd like to be able to listen to it straight from the podcast list without running into the next one. It doesn't do this with the essentially identical TV episodes menu or with video podcasts so it makes no sense.

alright! looking forward to a firmware upgrade tomorrow!

beat you by 3hrs ;)

http://forums.macrumors.com/showthread.php?t=603499

i'd also like the option to turn of automatic SMS preview.
i find that to be extremely annoying.... (and kind of dangerous considering the private stuff that can get sent via text)

tried settings/general/passcode lock/show sms preview?!

edit: and now ive been beaten. lol

All I want is landscape SMS and email, but god only knows how many years that'll take:(

At this point, I'm happy with anything that Apple wants to add as long as they keep the iPhone fast and easy to use. I don't see how they could add copy and paste and still keep the iPhone easy to use for everyone (and yes, that includes your aunt Luddy). I hope they can add PUSH while keeping the iPhone at least as fast as it currently is.

:confused:I thought line in audio already worked? I use it on the Four Track app all the time?

I think Sonoma's app enables that ability. I've attempted to use an external mic with QuickVoice, but to no avail. I assume when Apple enables it in firmware, any app will be able to take advantage of it.

Edit: I'm beginning to wonder what other hidden goodies (like video recording) are locked away dormant in the iPhone, waiting for Apple to unleash them....

anyone here with 2.2beta can let us know which additional languages are now supported? thanks!

How about fixing the BROKEN WiFi plaguing many users since 2.1?
:confused::confused::confused:

I'd just really like to see some stability. Safari crashes for me whilst it's not even loading. It's almost nothing like the 1.X firmwares, which were really solid.

It's not just Safari either. Some of the APIs that it shares with other apps must have bugs, because lots of apps have been crashing.

Copy and paste would also be welcome, although I've sort of resigned myself to never seeing it on an iPhone. Push notifications would be great to see, though.

I am confused by the video.

So there was a confirmation dialog ("Do you want to call this number?") prior to the call being made but it dismissed itself and called automatically. I've never seen that behavior on my iPhone. Or maybe I'm not waiting long enough. Does the dialog time-out and default to making the call? If so, that was a dumb decision of Microsoft-like proportions on the part of Apple, similar to the "let's make Outlook easier by opening all attachments automatically" decision.

The dialog should either not time-out or it should default to the cancel operation. That's basic UI logic (default to the option that makes the least changes to data or takes the least action) and it's surprising that Apple did such a dumb thing.

Please Apple, add full CalDAV support to the iPhone / iPod Touch. I don't care whether its over-the-air or iTunes based syncing, just get it to work!

That's all I ask... on the other hand, landscape mail and notes keyboards would be cool as well. As would be a stabler Safari.

But, that's all I ask... for now.

So are there any rumored/known devices/companies that will be taking advantage of said Audio In?
Links?

If this was known a month ago, it should've been fixed a month ago... kind of stupid if we have to wait for a supposed good-enough-for-a-dot update, which according the "known" features, this is not.

If it has the PNS, then I'll be happy. Anything else is bogus and is totally disregarding their promise.

Apple wants you to use e-mail instead of MMS. E-Mails are free (if you have an unlimited contract) and you can attach image that are reasonably sized. MMS is potentially fun, but very few people know how to set it up right...

Yes, but most of us I think want to use MMS to send a photo to another person not using an iphone or sitting directly in front of a computer so they can check their email. I had to email my mom a photo today, then call her to tell her I sent it so she could go to her computer to check her email.

And so that when I receive an MMS I don't have to write down the username and password for viewmymessage.com, then start safari and type in the username and password. I wish the viewmymessage.com sms would just contain a link with the username and password on the url.

Great, many more "features" as people call them.

I have enough features, I want 1.1.4 stability. Screw the new features at this point. I have two iphones and both are much slower than Iphone v1 with 1.1.4.

All in due time some of you may say? This will be firmware update #4 if im not mistaken, ITS TIME APPLE.

Is it 1.1.4 or 1.4? you all know what i mean!

So are there any rumored/known devices/companies that will be taking advantage of said Audio In?
Links?

I e-mailed Belkin a while back asking if they had any plans to make their stereo iPod mic work with the Touch/iPhone. Their response was that if Apple enabled recording on those devices, they would produce a compatible product. So now we'll wait and see....

my suggestion to everyone is to backup you iphone NOW, since if its anything like last time, you will be frustrated if you want the update and it takes ages to backup before you can update.
I just did one and it took nearly 30 mins

Copy and Paste is not included. My suggestion for all of 1.1.5's to upgrade to 2.0 you can find bunch of links online. And then upgrade to 2.2 tomorrow at 9am via iTunes.

I've been trying to Check for Update for my iPod touch for about 10 mins, and it's now available. It adds:

iPhone 2.2 Software Update for iPod touch

This update contains many bug fixes and improvements, including the following:
• Enhancements to Mail
- resolved isolated issues with scheduled fetching
of email
- improved formatting of wide HTML email
• Fixed issues where some users could not connect to
secure WPA Wi-Fi networks
• Improved stability and performance of Safari
• Podcasts are now available for download in iTunes
application
• Pressing the Home button from any Home screen takes
you to the first Home screen
• Preference to turn on/off auto-correction in Keyboard
Settings

iPhone 2.2 and ipod touch is ready for download

see

http://www.livecrunch.com/2008/11/21/iphone-22-firmware-is-ready-for-download/

.

From PCMag's Security Watch (http://blogs.pcmag.com/securitywatch/2008/11/updates_for_iphone_os_22_and_i.php)
Friday November 21, 2008
Updates For iPhone OS 2.2 and iPhone OS for iPod touch 2.2
Categories:
Apple, Known Vulnerabilities, Networking, Office, Software Patches
Tags:
apple, iPhone, iPod, vulnerabilities
Apple has released iPhone OS 2.2 and iPhone OS for iPod touch 2.2 fixing a dozen vulnerabilities in the older versions.

There are three major categories of vulnerabilities in this update. There are a few malicious content fixes, where viewing such content can cause "unexpected application termination or arbitrary code execution." CoreGraphics, ImageIO and, interestingly, the Excel file viewer, are all in this category.

There are three fixes to Safari. One is a malicious content bug, like the ones above. One allows malicious iframes to spoof the user interface: "Safari allows an iframe element to display content outside its boundaries" which is a bank scamming site's dream feature. The update disallows this. The final one could allow a malicious program launched through Safari to initiate a call without the user's permission, and even to stop them from canceling it for a period of time. None of these three appear in last week's update to Safari on Windows and the Mac.

Three vulnerabilities are fixed in the Password Lock feature, a feature which has had at least two other bug fixes for not-dissimilar problems in the past (here and here). One new bug could allow user of a locked phone to call anyone with the emergency call feature. A second one could disable the Passcode Lock during a device restore and a third one means that SMS messages sent to a locked phone display in their entirety. All these are addressed in the update.

Two remaining bugs could lower the level of encryption in the PPTP VPN app or reveal form field data.