Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller’s Expulsion

Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program.

iPhone patchApple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program.

As reported by threatpost, Miller recently demonstrated an kernel exploit that allowed him to circumvent the iTunes App Stores’ code-signing restrictions. The multiple Pwn2Own Champion created a benign demo application called Instastock that displayed real-time stock price information, while collecting and transferring data from the IOS device to a server under Miller’s control.

Apple says it has now patched the flaw, which is described in a security bulletin as a “logic error in the mmap system call’s checking of valid flag combinations” that enabled applications to bypass the company’s codesigning checks. 

The patch on Thursday also fixed another widely publicized iPad passcode flaw linked to the attached Smart Cover. That security hole allowed users access to the content of a given device without first requiring them to enter a passcode.

Four remaining patches resolve some less well-known vulnerabilities that include:

  • An issue in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server.
  • A memory corruption vulnerability in CoreGraphics’ FreeType that could lead to arbitrary code execution when processing a maliciously crafted font. 
  • A revocation of DigiCert Malaysia’s trusted root certificate status. 
  • A flaw in libinfo that could lead to the disclosure of sensitive information when visiting a maliciously crafted website.

Suggested articles

Discussion

  • Anonymous on

    The expulsion was probably due to Miller violating the TOS rather than finding a bug. He didn't have to actually post the app in the Store to demo the bug.

  • Chris on

    @Anon: "He didn't have to actually post the app in the Store to demo the bug."

    I agree on the explusion due to violation of the TOS, but IMO he did have to upload the POC, otherwise there would have been no "proof" element. "Unsigned, unreviewed code can be distributed via Apple's content delivery system under the guise of a legit app" was the exploit. Putting it up as a jailbreak-required POC would have invited calls of "Apple will catch this if anyone ever tried, total non-issue."

    /just my opinion

  • stymnkermit on

    you definitely love for gift for more detail

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.