Skip to main content

Apple iPhone and iPod Touch Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 4 Feb 2010 5380 Views

RISK: Medium Risk

Multiple vulnerabilitieshave been identified in Apple iPhone and iPod touch, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system.

1. Due to a buffer overflow error when processing malformed MP4 files, which could be exploited by attackers to execute arbitrary code.

2. Due to a buffer underflow error in ImageIO when handling malformed TIFF images, which could be exploited by attackers to execute arbitrary code.

3. Due to a memory corruption error when handling certain USB control messages, which could allow an attacker with physical access to a vulnerable device to bypass the passcode and access the user's data.

4. Due to input validation errors in WebKit when handling FTP directory listings, which could be exploited to disclose sensitive information or execute arbitrary code.

5. Due to WebKit automatically sending requests to remote servers when encountering an HTML 5 Media Element pointing to an external resource, which could allow attackers to gain knowledge of certain information (e.g. determine if a message was read).


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Apple iPhone OS versions 1.0 through 3.1.2
  • Apple iPhone OS for iPod Touch versions 1.1 through 3.1.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to iPhone OS 3.1.3 or iPhone OS for iPod Touch 3.1.3 (downloadable and installable via iTunes).


Vulnerability Identifier


Source


Related Link