Numerous vulnerabilities addressed, including:

Safari - XSS vulnerability due to race condition in JavaScript implementation. Another issue, this time heap overflows in PCRE support can lead to arbitrary code execution.

WebCore - HTTP injection in XMLHttpRequest allowing XSS.

WebKit - Poor IDN support allows for URL obfuscation. An additional issue, this time affecting the handling of framesets may lead to arbitrary code execution.

Description:

Yesterday Apple released Update 1.0.1 for the iPhone, addressing a number of serious vulnerabilities. Vulnerabilities addressed include issues that would allow for remote control over the iPhone by convincing a victim to view a malicious web page in the iPhone Safari browser and possible temporary loss of phone functionality.

Due to the integration with iTunes, the only way that this update is available is to connect the phone to iTunes and allow its update process to run.

Mitigation:

Update to iPhone 1.0.1 via the iTunes updater.

Updates:

Via iTunes

Source:

http://docs.info.apple.com/article.html?artnum=61798

Exploits:

CVE-ID: CVE-2007-2400 CVE-ID: CVE-2007-3944 CVE-ID: CVE-2007-2401 CVE-ID: CVE-2007-3742 CVE-ID: CVE-2007-2399