February 2, 2010, 2:05PM

Apple Plugs Critical iPhone Security Holes

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.

Here's the skinny on the vulnerabilities being patched with this iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod Touch update:

  • CoreAudio (CVE-2010-0036) -- A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution.
  • ImageIO (CVE-2009-2285) --  A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
  • Recovery Mode (CVE-2010-0038) -- A memory corruption issue exists in the handling of a certain USB control message. A person with physical access to the device could use this to bypass the passcode and access the user's data.
  • WebKit (CVE-2009-3384) -- Multiple input validation issues exist in WebKit's handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code.
  • WebKit (CVE-2009-2841) -- When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read.

This iPhone/iPod Touch update is only available through iTunes and will not appear in the software update utility available in Mac and Windows systems.

Commenting on this Article is closed.

Comments

  Great work! I really enjoyed this article! Hope to read more from you soon!

 

Copyright © 2012 threatpost.com | Terms of Service | Privacy