• Ability to change voicemail password directly from the iPhone. Tap “Settings,” thereupon “Phone,” next “Change Voicemail Password.”
• You can now change the sound that is played when a new text knowledge is received. Tap “Settings,” soon after “Sounds,” soon after “New Text report.”
• Mobile Safari “Debug console”, showing HTML errors encountered when rendering Web pages. Tap “Settings,” next “Safari,” next “Developer”
• New video playback options, including selectable resume functionality to start playing videos where they left off or from the beginning, as well as closed captioning support. Tap “Settings,” next “iPod.”

Finally, proving that nobody – even the Jesus phone – is perfect, there are a handful of protection fixes and “refinements”:

• Bluetooth
  • An attacker within Bluetooth range may be able to cause an unexpected application termination or arbitrary cipher execution. “An input validation issue exists in the iPhone’s Bluetooth server. By sending maliciously-crafted Service Discovery Protocol (SDP) packets to an iPhone with Bluetooth enabled, an attacker may trigger the issue, which may lead to unexpected application termination or arbitrary cipher execution. that update addresses the issue by performing additional validation of SDP packets.”
• Mail
  • Checking e mail by untrusted networks may lead to data disclosure via a man-in-the-middle attack “When Mail is configured to use SSL for incoming and outgoing connections, it does not warn the user when the identity of the mail server has changed or cannot be trusted. An attacker capable of intercepting the connection may be able to impersonate the user’s mail server and obtain the user’s mail credentials or other sensitive data. that update addresses the issue by properly warning when the identity of the remote mail server has changed.”
  • Following a telephone (”tel:”) link in Mail will dial a phone number without confirmation “Mail supports telephone (”tel:”) urls to dial phone numbers. By enticing a user to follow a telephone link in a mail report, an attacker can cause iPhone to place a shout without user confirmation. that update addresses the issue by providing a confirmation window before dialing a phone number via a telephone link in Mail.”
• Safari
  • Visiting a malicious website may lead to the disclosure of URL contents “A design issue in Safari allows a web page to read the URL that is currently being viewed in its parent window. By enticing a user to visit a maliciously crafted web page, an attacker may be able to obtain the URL of an unrelated page. that update addresses the issue through an improved cross-domain safety measure check.”
  • Visiting a malicious website may lead to unintended dialing or dialing a different number than expected “Safari supports telephone (”tel:”) urls to dial phone numbers. When a telephone link is selected, Safari will confirm that the number should be dialed. A maliciously crafted telephone link may cause a different number to be displayed during confirmation than the one actually dialed. Exiting Safari during the confirmation process may conclusion in unintentional confirmation. that update addresses the issue by properly displaying the number that will be dialed, and requiring confirmation for telephone urls.”
  • Visiting a malicious website may lead to cross-site scripting “A cross-site scripting vulnerability exists in Safari that allows malicious websites to set JavaScript window properties of websites served from a different domain. By enticing a user to visit a maliciously crafted website, an attacker can trigger the issue, resulting in getting or setting the window status and location of pages served from other websites. that update addresses the issue by providing improved access controls on these properties.”
  • Disabling JavaScript does not take effect until Safari is restarted “Safari can be configured to enable or disable JavaScript. that preference does not take effect until the next day Safari is restarted. that usually occurs when the iPhone is restarted. that may mislead users into believing that JavaScript is disabled when it is not. that update addresses the issue by applying the new preference prior to loading new web pages.”
  • Visiting a malicious website may aftermath in cross-site scripting “A cross-site scripting issue in Safari allows a maliciously crafted website to bypass the same-origin policy using ‘frame’ tags. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue, which may lead to the execution of JavaScript in the context of another site. that update addresses the issue by disallowing JavaScript as an “iframe” source, and limiting JavaScript in frame tags to the same access as the site from which it was served.”
  • Visiting a malicious website may conclusion in cross-site scripting “A cross-site scripting issue in Safari allows JavaScript events to be associated with the wrong frame. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of another site. that update addresses the issue by associating JavaScript events to the exact source frame.”
  • JavaScript on websites may access or manipulate the contents of documents served by HTTPS “An issue in Safari allows substance served by HTTP to alter or access substance served by HTTPS in the same domain. By enticing a user to visit a maliciously crafted web page, an attacker may cause the execution of JavaScript in the context of HTTPS web pages in that domain. that update addresses the issue by limiting access amidst JavaScript executing in HTTP and HTTPS frames.”

As with any defense update, reading the worst-case-scenario description makes you fearful of ever using the device; in reality, I’m certain few society have been affected by any of these issues.  Still, it’s good to know Apple have addressed them!

What’s more complicated is advising the large number of folks who, having added third-party software to their iPhone, are wondering whether it’s worth installing 1.1.1 and losing all that flexibility.  At the end of the day, only you know precisely what you want from your iPhone, and while the hacking community is working on a compatible Jailbreak fix there’s no guarantee when (or even if) they’ll produce it.  Speaking for myself (and you must remember I’m still waiting even for the option to buy an iPhone come launch day in the UK) the headline mobile iTunes store wouldn’t be decent for me to sacrifice all of the incredible mods being churned out.

To reiterate, whether you’ve unlocked your iPhone soon after don’t perform the 1.1.1 firmware upgrade until you’ve replaced the AT&T SIM lock, else you could end up with a recalcitrant iPhone that won’t work at all.