Apple iPhone / iPod touch Multiple Vulnerabilities
Secunia Advisory: SA38362
Release Date: 2010-02-03
Critical: Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch
OS:
Apple iPhone
Apple iPod touch
Description:
Some vulnerabilities and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
1) An input validation error in CoreAudio can potentially be exploited to compromise a user's system.
For more information see vulnerability #1 in:
SA38241
2) A vulnerability in ImageIO can be exploited to potentially compromise a user's system.
For more information:
SA35515
3) An error in the handling of a certain USB control message can be exploited to bypass the passcode and access the user's data.
Successful exploitation requires physical access to the device.
4) An error in Webkit can be exploited to disclose sensitive information, cause a crash, or potentially compromise user's system.
Solution:
Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3 (downloadable and installable via iTunes).
Bollettino di Sicurezza
Dettagli
Secunia Advisory: SA38362
Release Date: 2010-02-03
Critical: Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch
OS:
Apple iPhone
Apple iPod touch
Description:
Some vulnerabilities and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
1) An input validation error in CoreAudio can potentially be exploited to compromise a user's system.
For more information see vulnerability #1 in:
SA38241
2) A vulnerability in ImageIO can be exploited to potentially compromise a user's system.
For more information:
SA35515
3) An error in the handling of a certain USB control message can be exploited to bypass the passcode and access the user's data.
Successful exploitation requires physical access to the device.
4) An error in Webkit can be exploited to disclose sensitive information, cause a crash, or potentially compromise user's system.
Solution:
Update to iPhone OS 3.1.3 or iPhone OS for iPod touch 3.1.3 (downloadable and installable via iTunes).
Bollettino di Sicurezza
Dettagli