SSL/VPN Connectivity, 4.0

Perhaps in an attempt to edge out Microsoft’s Windows Phone or to court to the enterprise-focused in the business sphere, the release of iOS 4 brought SSL and VPN connectivity. The feature, available through applications from Juniper Networks and Cisco Systems, came along with the operating...

ZDI-10-152: Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability

ZDI-10-152: Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-152 August 11, 2010 -- CVE ID: CVE-2010-0049 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- Vulnerability...

This Week in Security: Patchapalooza, iOS 4 and the Irrelevance of Full Disclosure

This week was one of the ones that my colleague Ryan Naraine often refers to as a Patchapalooza, with each day bringing a new set of fixes for Firefox, Opera, the iPhone or some other device or application. And it didn’t even include Microsoft or Adobe. Go figure. The week also included the...

Apple Releases iOS 4

Apple has released iOS 4 for iPhone 3G and later, and iPod touch 2nd generation and later, to address multiple vulnerabilities across several packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, bypas...

Hardcoded credentials

WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document...