Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller's Expulsion

2011-11-11T16:45:17
ID THREATPOST:7C4C29E076843AA3C5920B06033E3D9B
Type threatpost
Reporter Brian Donohue
Modified 2013-04-17T20:05:50

Description

iPhone patchApple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program.

As reported by threatpost, Miller recently demonstrated an kernel exploit that allowed him to circumvent the iTunes App Stores’ code-signing restrictions. The multiple Pwn2Own Champion created a benign demo application called Instastock that displayed real-time stock price information, while collecting and transferring data from the IOS device to a server under Miller’s control.

Apple says it has now patched the flaw, which is described in a security bulletin as a “logic error in the mmap system call’s checking of valid flag combinations” _that enabled applications to bypass the company’s codesigning checks. _

__The patch on Thursday also fixed another widely publicized iPad passcode flaw linked to the attached Smart Cover. That security hole allowed users access to the content of a given device without first requiring them to enter a passcode.

Four remaining patches resolve some less well-known vulnerabilities that include:

  • An issue in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server.
  • A memory corruption vulnerability in CoreGraphics’ FreeType that could lead to arbitrary code execution when processing a maliciously crafted font.
  • A revocation of DigiCert Malaysia’s trusted root certificate status.
  • A flaw in libinfo that could lead to the disclosure of sensitive information when visiting a maliciously crafted website.