SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (VoIP/Phone/FAX)  >   Apple iPhone Vendors:   Apple Computer
Apple iPhone Multiple Bugs Let Remote Users Execute Arbitrary Code and Redirect FaceTime Calls
SecurityTracker Alert ID:  1024413
SecurityTracker URL:  http://securitytracker.com/id/1024413
CVE Reference:   CVE-2010-1781, CVE-2010-1809, CVE-2010-1810, CVE-2010-1811, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1817   (Links to External Site)
Date:  Sep 9 2010
Impact:   Execution of arbitrary code via network, Modification of system information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple iPhone. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can redirect FaceTime calls.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a double free memory error in the processing of inline elements and execute arbitrary code on the target system [CVE-2010-1781].

James Robinson of Google, Inc. reported this vulnerability.

A remote user in a privileged network position may be able to exploit a certificate validation flaw to redirect FaceTime calls [CVE-2010-1810].

Aaron Sigel of vtty.com reported this vulnerability.

A remote user can create specially crafted TIFF image that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-1811].

Apple reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error in the processing of selections and execute arbitrary code on the target system [CVE-2010-1812].

Ojan Vafai of Google, Inc. reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system [CVE-2010-1813].

Jose A. Vazquez of spa-s3c.blogspot.com reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error in the processing of form menus and execute arbitrary code on the target system [CVE-2010-1814].

Csaba Osztrogonac of University of Szeged reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error in the processing of scrollbars and execute arbitrary code on the target system [CVE-2010-1815].

Tony Chang of Google, Inc reported this vulnerability.

A remote user can create specially crafted GIF image that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2010-1817].

Tom Ferris of Adobe PSIRT reported this vulnerability.

An application may use location services but not announce this through VoiceOver [CVE-2010-1809].

Robin Kipp of Forever Living Products Europe reported this vulnerability.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user may be able to redirect FaceTime calls.

Solution:   The vendor has issued a fix (4.1 (8B117)).

The vendor's advisory is available at:

http://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT1222 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error
Underlying OS:   iOS

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 18 2010 (Apple Issues Fix for Safari) Apple iPhone Multiple Bugs Let Remote Users Execute Arbitrary Code and Redirect FaceTime Calls
Apple has issued a fix for Safari.
Nov 22 2010 (Apple Issues Fix for iPad) Apple iPhone Multiple Bugs Let Remote Users Execute Arbitrary Code and Redirect FaceTime Calls
Apple has issued a fix for iPad.



 Source Message Contents

Date:  Thu, 09 Sep 2010 02:59:02 +0000
Subject:  Apple iPhone



APPLE-SA-2010-09-08-1 iOS 4.1 for iPhone and iPod touch


WebKit
CVE-ID:  CVE-2010-1781
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A double free issue exists in WebKit's rendering of
inline elements. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management. Credit to
James Robinson of Google, Inc. for reporting this issue.

Accessibility
CVE-ID:  CVE-2010-1809
Available for:  iOS 3.0 through 4.0.2 for iPhone 3GS and later,
iOS 3.0 through 4.0.2 for iPod touch (3rd generation)
Impact:  An application's use of location services may not be
announced through VoiceOver
Description:  A user interface accessibility issue exists in the
settings panel for Location Services. VoiceOver does not announce the
presence of the location services icon that is shown next to an
application that has requested the user's location within the last 24
hours. This issue is addressed by ensuring that VoiceOver announces
the presence of the icon. Credit to Robin Kipp of Forever Living
Products Europe for reporting this issue.

FaceTime
CVE-ID:  CVE-2010-1810
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  An attacker in a privileged network position may be able to
redirect FaceTime calls
Description:  An issue in the handling of invalid certificates may
allow an attacker in a privileged network position to redirect
FaceTime calls. This issue is addressed through improved handling of
certificates. Credit to Aaron Sigel of vtty.com for reporting this
issue.

ImageIO
CVE-ID:  CVE-2010-1811
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Processing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in the handling of
TIFF images. Processing a maliciously crafted TIFF image may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of TIFF images.
Credit: Apple.

WebKit
CVE-ID:  CVE-2010-1812
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue exists in WebKit's handling of
selections. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of selections. Credit to
Ojan Vafai of Google, Inc. for reporting this issue.

WebKit
CVE-ID:  CVE-2010-1813
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in WebKit's rendering
of HTML object outlines. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved memory
management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for
reporting this issue.

WebKit
CVE-ID:  CVE-2010-1814
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue exists in WebKit's handling
of form menus. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is fixed through improved handling of form menus. Credit to
Csaba Osztrogonac of University of Szeged for reporting this issue.

WebKit
CVE-ID:  CVE-2010-1815
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue exists in WebKit's handling of
scrollbars. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. Credit to Tony
Chang of Google, Inc for reporting this issue.

ImageIO
CVE-ID:  CVE-2010-1817
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  Processing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow exists in the handling of GIF images.
Processing a maliciously crafted GIF image may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved bounds checking. Credit to Tom Ferris of
Adobe PSIRT for reporting this issue.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC