Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
c8e4ee214c4a6f425a8d43cd344f1f495fb9a5bed932c7ce468ca794047f2809----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38362
VERIFY ADVISORY:
http://secunia.com/advisories/38362/
DESCRIPTION:
Some vulnerabilities and weaknesses have been reported in Apple
iPhone and iPod touch, which can be exploited by malicious people to
bypass certain security restrictions, disclose sensitive information,
or potentially compromise a user's system.
1) An input validation error in CoreAudio can potentially be
exploited to compromise a user's system.
For more information see vulnerability #1 in:
SA38241
2) A vulnerability in ImageIO can be exploited to potentially
compromise a user's system.
For more information:
SA35515
3) An error in the handling of a certain USB control message can be
exploited to bypass the passcode and access the user's data.
Successful exploitation requires physical access to the device.
4) An error in Webkit can be exploited to disclose sensitive
information, cause a crash, or potentially compromise user's system.
For more information see vulnerability #4 in:
SA37346
5) An error in WebKit can be exploited to bypass remote image loading
restrictions.
For more information see vulnerability #5 in:
SA37346
SOLUTION:
Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3
(downloadable and installable via iTunes).
PROVIDED AND/OR DISCOVERED BY:
1) Tobias Klein, trapkit.de
The vendor credits:
4) Michal Zalewski, Google Inc.
CHANGELOG:
2010-02-03: Updated "Description", credits, and "Original Advisory"
section.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4013
Tobias Klein:
http://trapkit.de/advisories/TKADV2010-002.txt
OTHER REFERENCES:
SA35515:
http://secunia.com/advisories/35515/
SA37346:
http://secunia.com/advisories/37346/
SA38241:
http://secunia.com/advisories/38241/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed