Apple's first iPhone software update addresses security, bugs

Targeting vulnerabilities that could be exploited through malicious websites, version 1.0.1 (build 1C25) of the handset's software updates Safari's JavaScript handling to prevent cross-site scripting and a buffer overflow in the Perl code library.

The latter scripting flaw was heavily publicized last week when consultants from Independent Security Evaluators used it to effectively hijack the phone's core functions.

Also addressed by software patch were three separate issues within the company's WebCore and WebKit platforms that form the backbone of Safari. Two of the fixes guard against false XML requests and frame rendering glitches that could be used to control the phone or crash the browser through memory errors.

Like recent iPod updates, the iPhone fix is downloadable solely through iTunes and can be installed the next time the phone is docked or detected by the jukebox software.

In a brief set of release notes, Apple said the iPhone software update also includes several "bug fixes." The company recommends that users install the patch "immediately."