what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

TEHTRI-Security Multiple Advisories

TEHTRI-Security Multiple Advisories
Posted Jul 3, 2010
Authored by Laurent Oudot | Site tehtri-security.com

TEHTRI-Security has released advisories discussing a stack overflow inside the iPhone iOS4 CFNetwork API, a client-side attack for BlackBerry devices, a client-side attack for HTC Windows Mobile cellphones, a client-side attack for the iPad and security issues related to trains.

tags | advisory, overflow
systems | windows, apple, iphone
SHA-256 | 4b42d73c1aadeaf9de7a51b6a9001fd83e5cb88bb700f472dc1f03987ad68017

TEHTRI-Security Multiple Advisories

Change Mirror Download

TEHTRI-Security was invited to give a talk called "Web In The Middle,
Attacking Clients", at the first Hack In The Box Europe, Amsterdam (
http://conference.hackinthebox.org/hitbsecconf2010ams/ ).

During our talk, we released multiple advisories and we explained many
issues related to some vulnerabilities. You can find more public
information through the slides available online. Here are some related
details that we wanted to share with you through this mailing list :

o CVE-2010-1752: TEHTRI-Security inside the iPhone iOS4
TEHTRI-Security found a stack overflow in CFNetwork API, through the
code used to handle URL. By visiting a maliciously crafted website, we
found that it might lead to an unexpected application termination or
arbitrary code execution. This issue has been addressed by Apple through
improved memory handling. CFNetwork is shared by most applications from
the App Store, that need to talk over the web. Check the User-Agent of
your applications to be sure (example: Facebook/3.12 *CFNetwork/459*
Darwin/10.0.0d3 ). Update to iOS4 to improve your security.
More information here:
CVE-2010-1752 in http://support.apple.com/kb/HT4225

o Security-Advisory: TEHTRI-SA-2010-028 - 0day on BlackBerry
TEHTRI-Security found a security issue, and created a client-side attack
0day for BlackBerry cellphone devices (Hotspot Browser). The code was
shared with RIM who handled this vulnerability quickly, so that a fix
might be added in a future release. It allows an attacker to crash the
remote web application. This was scored with a CVSS of 5.

o Security-Advisory: TEHTRI-SA-2010-027 - 0day on HTC
TEHTRI-Security found a security issue, and created a client-side attack
0day for HTC Windows Mobile cellphone devices (Opera). HTC was contacted.

o Security-Advisory: TEHTRI-SA-2010-026 - 0day on iPad
TEHTRI-Security found a security issue, and created a client-side attack
0day for the (awesome) iPad device. The code was shared with Apple who
handled this vulnerability quickly, so that a fix might be added to a
future release. A demo was done during our talk, without giving
dangerous details to the attendees. It was only shown for attendees of
HITB Europe. No further information will be shared to the public before
Apple release a patch.

o Security-Advisory: TEHTRI-SA-2010-026 - 0day on ThalysNet
TEHTRI-Security found some security issues on Thalys European trains,
with the Internet access on board. To us, many Internet access shared on
airports, stations, trains, in-flights, hotels, etc, are full of
security vulnerabilities, because no penetration test were organized
with IT Security experts before the service is open to the public.
Dealing with ThalysNet, it concerns half a million of end-users.
ThalysNet was contacted.

We also glanced at the differences related to the use of http and https
on worldwide web services like hotmail, yahoo, twitter, facebook,
linkedin, google mail, apple mobile me... A table on slide 32 might help
beginners who would like to check the current situation. Dealing with
https issues, as we said, we encourage you to have a look at initiatives
like the one from the EFF: https://www.eff.org/https-everywhere

Some of our security advisories were already covered by the local press
from NL:

The HITB crew have put slides of our conference on their web site:

If you want to get more details & technical secrets from
TEHTRI-Security, feel free to join us "in real life" during our next
trainings sessions & talks, or feel free to contact us for specific
needs. We have public events planned next months (Asia, Europe).
Check-out our public agenda here:

See you soon.
Thanks. Take care.

Laurent Oudot, founder & CEO of TEHTRI-Security
TEHTRI-Security, "This is not a game".

Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By