---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38362 VERIFY ADVISORY: http://secunia.com/advisories/38362/ DESCRIPTION: Some vulnerabilities and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. 1) An input validation error in CoreAudio can potentially be exploited to compromise a user's system. For more information see vulnerability #1 in: SA38241 2) A vulnerability in ImageIO can be exploited to potentially compromise a user's system. For more information: SA35515 3) An error in the handling of a certain USB control message can be exploited to bypass the passcode and access the user's data. Successful exploitation requires physical access to the device. 4) An error in Webkit can be exploited to disclose sensitive information, cause a crash, or potentially compromise user's system. For more information see vulnerability #4 in: SA37346 5) An error in WebKit can be exploited to bypass remote image loading restrictions. For more information see vulnerability #5 in: SA37346 SOLUTION: Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 4) Michal Zalewski, Google Inc. CHANGELOG: 2010-02-03: Updated "Description", credits, and "Original Advisory" section. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4013 Tobias Klein: http://trapkit.de/advisories/TKADV2010-002.txt OTHER REFERENCES: SA35515: http://secunia.com/advisories/35515/ SA37346: http://secunia.com/advisories/37346/ SA38241: http://secunia.com/advisories/38241/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------