Apple iOS Multiple Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Mac OS
Multiple vulnerabilities have been identified in Apple iOS for iPhone, iPod and iPad, which could be exploited by remote attackers to bypass restrictions, gain knowledge of sensitive information, or compromise a vulnerable device.
1. A use-after-free error in WebKit when handling text nodes, which could be exploited to execute arbitrary code via a malicious web page.
2. An integer overflow error in WebKit when handling certain style data, which could be exploited by remote attackers to execute arbitrary code via a specially crafted web page.
3. A memory corruption error in QuickLook when handling malformed Office files, which could be exploited to execute arbitrary code via malicious document.
4. An error in libxslt's implementation of the "generate-id()" XPath function, which may allow a malicious web site to disclosure addresses on the heap.
5. A fraudulent SSL certificates, which could allow information disclosure.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple iOS versions 3.0 through 4.3.1 for iPhone 3GS and later
- Apple iOS versions 3.1 through 4.3.1 for iPod touch (3rd generation) and later
- Apple iOS versions 3.2 through 4.3.1 for iPad
- Apple iOS versions 4.2.5 through 4.2.6 for iPhone 4 (CDMA)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Apple iOS version 4.3.2 for iPhone, iPod, and iPad, or version 4.2.7 for iPhone 4 (CDMA).
Vulnerability Identifier
Source
Related Link
Share with