Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iPhone security posting suggests 2.2 firmware tomorrow

Germans documenting an exploit that forces an iPhone to dial an unwanted number have also potentially tipped users off to the imminent release of Apple's widely anticipated 2.2 firmware upgrade.

The Fraunhofer Institute for Secure Information's official release describes an attack which, after fooling users into visiting a maliciously crafted website, automatically kicks the phone into its dialer and composes a number without a chance to interrupt.

The trick theoretically allows the site owner to set up a 900 number or other calling destination that costs money or otherwise causes a problem.

Fraunhofer's Collin Mulliner notes that the exploit only requires three lines of code and is simple enough that anyone with "basic HTML knowledge" could add the formatting to a page and trigger the compromise.

While dangerous, the exploit was demonstrated to Apple a month ago with an understanding that it would be fixed soon.

The security experts, however, have also revealed that the necessary patch will surface in upcoming firmware from Apple — code which Fraunhofer claims is due on November 21st.

Although the chance exists that the update in question is a minor maintenance update, the announcement comes just as Apple is generally believed to be wrapping up development of its major iPhone 2.2 upgrade, prompting speculation that the security fix is being rolled into the larger revision and is on the verge of being released.

After converting version 2.1 into a primarily bug-focused update, the electronics giant is known to be using 2.2 as a vehicle for several important feature requests. Among these will be a complete Google Maps refresh with Street View and non-driving directions, the ability to download podcasts over the air, an altered Safari and App Store client, and emoji icons for Japanese cellphone owners that often depend on them for text messaging.



15 Comments

ipodrulz 16 Years · 38 comments

That's nice Apple, but how bout Push Notification? Calendar + To Do syncing with Gmail? Actual Push mail? Not 15 minute fetch! Or most importantly Dvorak keyboard support!?

mrsteveman1 16 Years · 28 comments

Quote:
Originally Posted by ipodrulz

That's nice Apple, but how bout Push Notification? Calendar + To Do syncing with Gmail? Actual Push mail? Not 15 minute fetch! Or most importantly Dvorak keyboard support!?

hmmmm

I THINK IT STINKS

Feel better? That should tide you over for a while

danacameron 16 Years · 337 comments

Quote:
Originally Posted by ipodrulz

That's nice Apple, but how Dvorak keyboard support!?

I use the Dvorak keyboard layout on full-sized keyboards, and much prefer it over QWERTY. But do you really think it would bring the same benefits to the virtual keyboard of the iPhone?

mariofreak85 18 Years · 202 comments

Quote:
Originally Posted by DanaCameron

I use the Dvorak keyboard layout on full-sized keyboards, and much prefer it over QWERTY. But do you really think it would bring the same benefits to the virtual keyboard of the iPhone?

It probably wouldn't bring the same benefits, but at least their keyboards would be consistent across devices.

My Garmin GPS has a keyboard that is laid out in alphabetical order. It drives me batty.

eai 19 Years · 407 comments

I'm still waiting for TomTom for my iPhone. Once I've got that I can get rid of my damn HP iPaq Windows Mobile PDA... Apple really should allow it, they'd make a load of money from it, based on the amount TomTom generally charge for their software...

Beyond that, I'd like Safari not to crash so much. Fed up with filling in web forms and it crashing just as I'm about to submit it. I'd like it to perform a bit better too, needs more snappy. Sometimes it can really get slow (then crash generally)...