Apple Plugs Critical iPhone Security Holes

2010-02-02T19:05:36
ID THREATPOST:87A00B01F9F51647FA037F1CED7DA5EF
Type threatpost
Reporter Ryan Naraine
Modified 2018-08-15T13:34:01

Description

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.

Here’s the skinny on the vulnerabilities being patched with this iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod Touch update:

  • CoreAudio (CVE-2010-0036) — A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution.
  • ImageIO (CVE-2009-2285) — A buffer underflow exists in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
  • Recovery Mode (CVE-2010-0038) — A memory corruption issue exists in the handling of a certain USB control message. A person with physical access to the device could use this to bypass the passcode and access the user’s data.
  • WebKit (CVE-2009-3384) — Multiple input validation issues exist in WebKit’s handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code.
  • WebKit (CVE-2009-2841) — When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read.

This iPhone/iPod Touch update is only available through iTunes and will not appear in the software update utility available in Mac and Windows systems.