Thursday, February 4, 2010

iPhone OS in this update Feb 2010

Several security issues are addressed for iPhone OS in this update. All of them are applicable to iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2. The update will bring your device up to OS 3.1.3

Almost all of the issues addressed are serious - many of them are buffer overflow conditions allowing arbitrary code execution for common iPhone activities:

* watching a maliciously crafted MP4 video
* viewing a malicious TIFF graphic
* accessing a (again, maliciously crafted) FTP site.
* There's also a particularly nasty one that uses a memory corruption issue to bypass the iPhone password (via a crafted USB control message), allowing access to user data on the phone.

These are referenced as CVE-2010-0036, CVE-2009-2285, CVE-2010-0038, CVE-2009-3384 and CVE-2009-2841

These updates are available on iTunes - more information on the issues and update procedure can be found at http://support.apple.com/kb/HT4013 , or the main security update site at http://support.apple.com/kb/HT1222

The recommendation is to update your device to OS 3.1.3 as soon as possible.

http://isc.sans.org/
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c

  • Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe
    In 2013 Android grew to a very large number: 87%. This was its share of the global smartphone market. It also grew to an even larger one: 97...
  • iVerify
    Pretty neat tool for iOS devices! iVerify is an integrity validator for iOS devices capable of reliably detecting modifications such as mal...
  • Tools/Info:ICMP Types
    ICMP TYPE NUMBERS (last updated 2008-02-13) Registries included below: - ICMP Type Numbers - Code Fields - ICMP Extension Objects Classes Th...