www.iTunes.com/download » 0S 3.1

iPhone OS 3.1: ‘Policy Requirement’ error when adding Microsoft Exchange account

iTunes Guru — Tue, 16 Feb 2010 00:00:00 +0000

Symptoms

When using a Microsoft Exchange account on an iPhone or iPod touch, the following error message may appear:

Policy Requirement
The account "______________" requires encryption which is not supported on this iPhone.

Products Affected

iPhone, iPod touch, iPhone 3G

Resolution

iPhone OS (beginning with the iPhone OS 3.1 update) can enforce the Exchange ActiveSync mailbox policy requiring encryption on the device. If your Exchange Server administrator has selected this option, only devices that support device-level encryption are allowed to sync Mail, Contacts, and Calendars.

To reestablish syncing, have your Exchange Server administrator change the mailbox policy to no longer require device encryption.

Additional Information

Note that iPhone 3GS supports device encryption.

Managing Exchange ActiveSync with Policies

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

MobileMe, iPhone OS 3.1: Troubleshooting Find My iPhone and Remote Wipe

iTunes Guru — Thu, 11 Feb 2010 00:00:00 +0000

Symptoms

With MobileMe and iPhone OS 3.1 or later you can locate, display a message on, remotely lock or wipe (erase) your iPhone or iPod touch. If these do not work as expected, use the troubleshooting steps below.

Important: iPhone OS 3.0 or later is required to use Find My iPhone or Remote Wipe; iPhone OS 3.1 is recommended and required for Remote Passcode Lock.

Products Affected

iPhone, MobileMe

Resolution

General issues

The Find My iPhone icon does not appear at www.me.com/account or the Map does not contain any data

This feature may not be available in all countries due to technical limitations and/or local law. If the feature is not available in your country or region, the Find My iPhone icon will not appear in the left column of Account. Google Maps data may also not be available from certain countries. Click here to see a list of countries that provide map data via the Google Maps API.

iPhone/iPod touch does not appear at me.com/account

This can occur if:

Your iPhone/iPod touch is not running iPhone OS 3.1. Update your iPhone/iPod touch to iPhone OS 3.1 or later.
Your MobileMe account is not configured on your iPhone/iPod touch. Enter your MobileMe account information in Settings > Mail, Contacts, Calendars.
Push is not enabled on your iPhone/iPod touch, and your Fetch settings are set to Manual. Push is recommended for all MobileMe members.
You have multiple MobileMe accounts entered on your iPhone/iPod touch. Only one account will work with the Find My iPhone features (the same account that is using Push Mail or syncing of Contacts, Calendars, and Bookmarks). Log in to www.me.com/account with your other membername(s) until your device is listed.
You have already initiated a wipe of the iPhone/iPod touch from me.com/account. The device will not appear back on the page until it is reconfigured with your MobileMe account information.
If you have access to your device and it appears to have an active internet connection, enable and then disable Airplane mode. If you continue to have issues, turn the device off and back on.

iPhone/iPod touch appears at me.com/account but is offline

This can occur if:

Your cellular service has been terminated by your wireless service provider. If you contacted your service provider to report your device lost/stolen before locating/wiping your phone, and they deactivated the SIM, you will no longer be able to locate, display a message on, or remotely wipe your iPhone.
Your iPhone/iPod touch is not connected to the Internet. You can still display a message on its screen or initiate a remote wipe, and it will be received once your iPhone/iPod touch comes back online. If you have access to your device and it appears to have an active internet connection, enable and then disable Airplane mode. If you continue to have issues, turn the device off and back on.
Your iPhone/iPod touch is powered off (for example, the battery has run out). You can still send a message to, issue a Remote Passcode Lock request, or initiate a remote wipe of your iPhone/iPod touch, and it will be received once the iPhone/iPod touch is turned on and regains its Internet connection.
Your iPod touch is asleep. You can still send a message to, issue a remote lock request, or initiate a remote wipe of the iPod touch, and it will be received once the iPod touch is awakened and connects to the Internet.
You recently changed your MobileMe password. If you recently changed your MobileMe password, but have not updated your MobileMe password on your iPhone/iPod touch, change your MobileMe password back to its previous setting and try again.

iPhone/iPod touch appears at me.com/account but has the wrong name

This can occur if your recently changed the name of your iPhone/iPod touch in iTunes. You will still be able to successfully locate, display a message, and remotely wipe the device, even if it is displaying the incorrect name. If you have access to the iPhone/iPod touch, you can turn it off and then back on, and the name that appears at www.me.com/account will be updated.

Previously-owned iPhone/iPod touch appears at me.com/account

If your iPhone/iPod touch was linked with your MobileMe account, it may still appear when you log in to www.me.com/account, even if you no longer possess the iPhone/iPod touch. If the device is offline, you can choose to remove the device from the Find My iPhone section of www.me.com/account by clicking Remove below the name of the iPhone or iPod touch.

Note: If your device is still configured with your MobileMe membername and password, the next time the device connects to the internet, it will be added to the Find My iPhone page again.

I removed a device, how do I add it back?

Once you remove a device, it will automatically be added again the next time the device connects to the Internet, as long as your MobileMe membername and password are configured on the device. If this does not occur, see the "iPhone/iPod touch does not appear at me.com/account" section above.

"Unable to process your request." alert

You may receive this alert if there is an issue with the Internet connection on the computer you are using, or if the device you are trying to message/wipe was removed from the list of devices while you were logged in.

Issues finding an iPhone/iPod touch

"Location is not enabled" alert

This can occur if:

The Find My iPhone slider is not enabled on your iPhone/iPod touch in Settings > Mail, Contacts, and Calendars > your MobileMe account.
Location Services is not enabled on your iPhone/iPod touch in Settings > General.

"Location is not available" alert

This can occur if:

Your iPhone is currently off or not connected to a data network (Edge, 3G or Wi-Fi) Wait a few minutes and try again.
Your iPod touch is currently off or not connected to a Wi-Fi network. On iPod touch, Find My iPhone enables you to locate your device only when it is on and connected to a registered Wi-Fi network.
You are living in a country where we do not offer this feature. This feature may not be available in all countries due to technical limitations and/or local law.

Location appears to be old or inaccurate

This can occur if:

You previously located your iPhone/iPod touch, and your iPhone/iPod touch has not yet provided an updated located to MobileMe. Wait a few minutes and try again.
Note: Your previous location will be available for seven days; if your iPhone/iPod touch comes back online during these seven days, its location will be refreshed in the map with the time and date at which it was retrieved.

Location circle is too large to be useful

This can occur if:

Your iPhone/iPod touch is unable to provide a more accurate location.
Your iPhone/iPod touch is still determining a more accurate location. Wait a few minutes and refresh the map.

Issues with Display a Message

Message not received

This can occur if your iPhone/iPod touch has been offline since the message was sent. See the General Issues section above for more information. Once the message is displayed on your iPhone/iPod touch, you will receive a confirmation email at your MobileMe email address.

Message received, but no sound played on iPhone/iPod touch

This can occur if:

You are sending a message to an original iPod touch. No message sound alert is played on an original iPod touch. (There is no checkbox to play a sound when sending a message to an original iPod touch.)
When writing a message to your iPhone/iPod touch, you did not select to include an alert sound with the message. The next time you display a message, you can select the checkbox to include an alert sound that will play for two minutes.
The volume of the iPhone/iPod touch is turned down.

Unable to turn off sound when a message is received

If a message is sent with sound to an iPhone or iPod touch, the sound will play along with the message until the message has been dismissed, the device turned off, or two minutes has passed. If the device is locked, it must be unlocked to dismiss the message (or wait for two minutes to pass).

Issues with Remote Passcode Lock

Unable to choose a new passcode

If you iPhone is configured with a custom profile (generally done in Enterprise environments), you may have a passcode lock longer than 4 characters. If this is the case, you will not be prompted to set the passcode when locking your iPhone/iPod touch (but you can still remotely lock the device).

Newly entered passcode is not applied

Some configurations may allow for a 4 digit passcode lock, but require that it be more secure (for example, it can’t be something like "1234"). If the new passcode lock you are attempting to apply does not adhere to the restrictions in place on your device, the passcode lock will not be changed.

If you are not sure if the passcode lock was successfully changed, look at the confirmation email you received after locking the device. The email will confirm if the passcode has been successfully changed or not.

Issues with Remote Wipe

No confirmation that the remote wipe occurred

This can occur if your iPhone/iPod touch has been offline since the remote wipe request was sent. See the General Issues section above for more information. Once a Remote Wipe has successfully been initiated, you will receive a confirmation email.

I found my phone after a Remote Wipe

If this occurs, wait for the Remote Wipe to complete (during the wipe, an Apple logo will be visible on the iPhone/iPod touch screen). After the wipe is complete, connect it to your computer and restore from a recent backup using iTunes.

Safari 3.1, Mac OS X 10.5.2: Bookmark-syncing issues with iPhone, iPod touch, MobileMe

iTunes Guru — Sat, 09 Jan 2010 00:00:00 +0000

Symptoms

After installing Safari 3.1 in Mac OS X 10.5.2, you may have issues syncing bookmarks with MobileMe, an iPhone, or an iPod touch.

Products Affected

.Mac, iPhone, iPod touch, Safari 3.1, MobileMe Sync, Mac OS X 10.5.2

Resolution

Download and install Mac OS X v10.5.3 or later, which includes Safari 3.1.1.

About the security content of Xcode tools 3.1

iTunes Guru — Fri, 06 Nov 2009 00:00:00 +0000

Summary

This document describes the security content of Xcode tools 3.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Products Affected

Product Security

Xcode tools 3.1

CoreImage Examples

CVE-ID: CVE-2008-2304

Available for: Mac OS X v10.5.x

Impact: Opening a Fun House document may lead to an unexpected application termination or arbitrary code execution

Description: Xcode tools contain an example application called Core Image Fun House that handles content with the ".funhouse" extension. A buffer overflow may occur in this application when processing ".funhouse" files. Opening a maliciously-crafted ".funhouse" file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Kevin Finisterre of Netragard for reporting this issue.

WebObjects

CVE-ID: CVE-2008-2318

Available for: Mac OS X v10.5.x

Impact: WebObjects session IDs may be disclosed to other web sites

Description: WebObjects contains an API to generate URLs in HTML documents via the WOHyperlink dynamic element. When WOHyperlink is used, it always appends a session ID to the generated URL, even for absolute URLs. Using WOHyperlink to create URLs that point at other web sites may result in the disclosure of the current user’s session ID to those sites. This update addresses the issue by appending session IDs to absolute URLs only when explicitly requested.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

About the security content of Safari 3.1.1

iTunes Guru — Thu, 15 Oct 2009 00:00:00 +0000

Summary

This document describes the security content of Safari 3.1.1, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Products Affected

Product Security, Safari 3.1, Safari 3 (Windows)

Safari 3.1.1

Safari
CVE-ID: CVE-2007-2398
Available for: Windows XP or Vista
Impact: A maliciously crafted website may control the contents of the address bar
Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.

Safari
CVE-ID: CVE-2008-1024
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.

WebKit
CVE-ID: CVE-2008-1025
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Visiting a malicious website may result in cross-site scripting
Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.

WebKit
CVE-ID: CVE-2008-1026
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller, Jake Honoroff, and Mark Daniel working with TippingPoint’s Zero Day Initiative for reporting this issue.

About the security content of Safari 3.1

iTunes Guru — Sun, 11 Oct 2009 00:00:00 +0000

Summary

This document describes the security content of Safari 3.1, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Products Affected

Product Security, Safari 3 (Mac OS X 10.5)

Safari 3.1

Safari

CVE-ID: CVE-2007-4680

Available for: Windows XP or Vista

Impact: A remote attacker may be able to cause an untrusted certificate to appear trusted

Description: An issue exists in the validation of certificates. A man-in-the-middle attacker may be able to direct the user to a legitimate site with a valid SSL certificate, then re-direct the user to a spoofed web site that incorrectly appears to be trusted. This could allow user credentials or other information to be collected. This update addresses the issue through improved validation of certificates. This issue is addressed for Mac OS X in Security Update 2007-008, and is incorporated into Mac OS X v10.4.11 and Mac OS X v10.5 or later. Credit to Marko Karppinen, Petteri Kamppuri, and Nikita Zhuk of MK&C for reporting this issue.

Safari

CVE-ID: CVE-2008-0050

Available for: Windows XP or Vista

Impact: A malicious proxy server may spoof secure websites

Description: A malicious HTTPS proxy server may return arbitrary data to CFNetwork in a 502 Bad Gateway error, which could allow a secure website to be spoofed. This update addresses the issue by returning an error on any proxy error, instead of returning the proxy-supplied data. This issue has already been addressed in Mac OS X 10.5.2, and in Security Update 2008-002 for Mac OS X 10.4.11 systems.

Safari

CVE-ID: CVE-2008-1001

Available for: Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: A cross-site scripting issue exists in Safari’s error page. By enticing a user to open a maliciously crafted URL, an attacker may cause the disclosure of sensitive information. This update addresses the issue by performing additional validation of URLs. This issue does not affect Mac OS X systems. Credit to Robert Swiecki of Google Information Security Team for reporting this issue.

Safari

CVE-ID: CVE-2008-1002

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: A cross-site scripting issue exists in the processing of javascript: URLs. Enticing a user to visit a maliciously crafted web page could allow the execution of JavaScript in the context of another site. This update addresses the issue by performing additional validation of javascript: URLs. Credit to Robert Swiecki of Google Information Security Team for reporting this issue.

WebCore

CVE-ID: CVE-2008-1003

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: An issue exists with the handling of web pages that have explicitly set the document.domain property. This could lead to a cross-site scripting attack in sites that set the document.domain property, or between HTTP and HTTPS sites with the same document.domain. This update addresses the issue by improving same-origin checks. Credit to Adam Barth and Collin Jackson of Stanford University for reporting this issue.

WebCore

CVE-ID: CVE-2008-1004

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Using Web Inspector on a maliciously crafted website may result in cross-site scripting

Description: An issue in Web Inspector allows a page being inspected to escalate its privileges by injecting script that will run in other domains and read the user’s file system. This update addresses the issue by preventing Javascript code on remote pages from being run. Credit to Collin Jackson and Adam Barth of Stanford University for reporting this issue.

WebCore

CVE-ID: CVE-2008-1005

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Using Kotoeri reverse conversion on a password field displays the password

Description: The content of password fields on web pages is normally hidden to guard against disclosing it to others with the ability to see the display. An issue exists with the use of the Kotoeri input method, which could result in exposing the password field content on the display when reverse conversion is requested. This update addresses the issue by no longer exposing the content of password fields when using Kotoeri reverse conversion.

WebCore

CVE-ID: CVE-2008-1006

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: The window.open() function may be used to change the security context of a webpage to the caller’s context. Enticing a user to open a maliciously crafted page could allow an arbitrary script to be executed in the user’s security context. This update addresses the issue by not allowing the security context to be changed. Credit to Adam Barth and Collin Jackson of Stanford University for reporting this issue.

WebCore

CVE-ID: CVE-2008-1007

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting using Java

Description: The frame navigation policy is not enforced for Java applets. By enticing a user to open a maliciously crafted web page, an attacker may obtain elevated privileges through a cross-site scripting attack using Java. This update addresses the issue by enforcing the frame navigation policy for Java applets. Credit to Adam Barth and Collin Jackson of Stanford University for reporting this issue.

WebCore

CVE-ID: CVE-2008-1008

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: A cross-site scripting issue exists in Safari’s handling of the document.domain property. Enticing a user to visit a maliciously crafted web page may lead to the disclosure of sensitive information. This update addresses the issue through additional validation of the document.domain property. Credit to Feng Qian for reporting this issue.

WebCore

CVE-ID: CVE-2008-1009

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: A JavaScript injection issue exists in the handling of the history object. This may allow frames to set history object properties in all other frames loaded from the same web page. An attacker may leverage this issue to inject JavaScript that will run in the context of other frames, resulting in cross-site scripting. This update addresses the issue by no longer allowing webpages to alter the history object.

WebKit

CVE-ID: CVE-2008-1010

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow issue exists in WebKit’s handling of JavaScript regular expressions. Enticing a user to visit a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Eric Seidel of the WebKit Open Source Project, and Tavis Ormandy and Will Drewry of Google Security Team for reporting this issue.

WebKit

CVE-ID: CVE-2008-1011

Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista

Impact: Visiting a maliciously crafted website may result in cross-site scripting

Description: A cross-site scripting issue in WebKit allows method instances from one frame to be called in the context of another frame. Enticing a user to visit a maliciously crafted web page may lead to the disclosure of sensitive information. This update addresses the issue through improved handling of cross-domain method calls. Credit to David Bloom for reporting this issue.