Secunia Advisory: SA31074
Release Date: 2008-07-14
Critical: Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
DoS
System access
Where: From remote
Solution Status: Vendor Patch
OS:
Apple iPhone
Apple iPod touch
CVE reference:
CVE-2006-2783 (Secunia mirror)
CVE-2007-6284 (Secunia mirror)
CVE-2008-0050 (Secunia mirror)
CVE-2008-0177 (Secunia mirror)
CVE-2008-1025 (Secunia mirror)
CVE-2008-1026 (Secunia mirror)
CVE-2008-1588 (Secunia mirror)
CVE-2008-1589 (Secunia mirror)
CVE-2008-1590 (Secunia mirror)
CVE-2008-1767 (Secunia mirror)
CVE-2008-2303 (Secunia mirror)
CVE-2008-2307 (Secunia mirror)
CVE-2008-2317 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system.
1) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.
2) A vulnerability in the handling of packets with an IPComp header can be exploited to cause a DoS.
For more information:
SA29130
3) An error within Safari in the handling of Unicode ideographic spaces can be exploited to spoof the URL of a trusted web site in the address bar.
4) An error exists in Safari within the handling of self-signed or invalid certificates. If a user clicks on the menu button while being prompted to accept or reject such a certificate, Safari automatically accepts the certificate on the next visit.
5) A signedness error in Safari when handling Javascript array indices can be exploited to trigger an out-of-bounds memory access and may allow execution of arbitrary code.
6) A vulnerability due to Safari ignoring Unicode Byte-order-Mark (BOM) sequences when parsing web pages can be exploited to bypass certain HTML and Javascript filtering mechanisms.
This is related to vulnerability #8 in:
SA20376
7) A vulnerability Safari can be exploited by malicious people to compromise a vulnerable system.
For more information see vulnerability #3 in:
SA30775
8) An unspecified error exists in WebKit in the processing of style-sheet elements. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page.
9) An error in Safari when handling xml documents can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA28444
10) An error in Safari when processing xml documents can potentially be exploited by malicious people to compromise a user's system.
For more information:
SA30315
11) An unspecified error exists in JavaScriptCore's handling of runtime garbage collection. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page.
12) Some vulnerabilities in Safari can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.
For more information:
SA29846
The vulnerabilities are reported in iPhone version 1.0 through 1.1.4, and iPod touch version 1.1 through 1.1.4.
Solution:
Upgrade to version 2.0 (downloadable and installable via iTunes).
Bollettino di Sicurezza
Release Date: 2008-07-14
Critical: Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
DoS
System access
Where: From remote
Solution Status: Vendor Patch
OS:
Apple iPhone
Apple iPod touch
CVE reference:
CVE-2006-2783 (Secunia mirror)
CVE-2007-6284 (Secunia mirror)
CVE-2008-0050 (Secunia mirror)
CVE-2008-0177 (Secunia mirror)
CVE-2008-1025 (Secunia mirror)
CVE-2008-1026 (Secunia mirror)
CVE-2008-1588 (Secunia mirror)
CVE-2008-1589 (Secunia mirror)
CVE-2008-1590 (Secunia mirror)
CVE-2008-1767 (Secunia mirror)
CVE-2008-2303 (Secunia mirror)
CVE-2008-2307 (Secunia mirror)
CVE-2008-2317 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system.
1) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server.
2) A vulnerability in the handling of packets with an IPComp header can be exploited to cause a DoS.
For more information:
SA29130
3) An error within Safari in the handling of Unicode ideographic spaces can be exploited to spoof the URL of a trusted web site in the address bar.
4) An error exists in Safari within the handling of self-signed or invalid certificates. If a user clicks on the menu button while being prompted to accept or reject such a certificate, Safari automatically accepts the certificate on the next visit.
5) A signedness error in Safari when handling Javascript array indices can be exploited to trigger an out-of-bounds memory access and may allow execution of arbitrary code.
6) A vulnerability due to Safari ignoring Unicode Byte-order-Mark (BOM) sequences when parsing web pages can be exploited to bypass certain HTML and Javascript filtering mechanisms.
This is related to vulnerability #8 in:
SA20376
7) A vulnerability Safari can be exploited by malicious people to compromise a vulnerable system.
For more information see vulnerability #3 in:
SA30775
8) An unspecified error exists in WebKit in the processing of style-sheet elements. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page.
9) An error in Safari when handling xml documents can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA28444
10) An error in Safari when processing xml documents can potentially be exploited by malicious people to compromise a user's system.
For more information:
SA30315
11) An unspecified error exists in JavaScriptCore's handling of runtime garbage collection. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page.
12) Some vulnerabilities in Safari can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.
For more information:
SA29846
The vulnerabilities are reported in iPhone version 1.0 through 1.1.4, and iPod touch version 1.1 through 1.1.4.
Solution:
Upgrade to version 2.0 (downloadable and installable via iTunes).
Bollettino di Sicurezza