Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Let Local Users Bypass Authentication
|
|
SecurityTracker Alert ID: 1026311 |
|
SecurityTracker URL: http://securitytracker.com/id/1026311
|
|
CVE Reference:
CVE-2011-3439, CVE-2011-3440, CVE-2011-3441
(Links to External Site)
|
Updated: Nov 11 2011
|
Original Entry Date: Nov 10 2011
|
Impact:
Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.0 and prior
|
Description:
Several vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A physically local user can bypass authentication. A remote user can obtain potentially sensitive information.
A remote user can create a specially crafted FreeType font that, when loaded by the target user, will execute arbitrary code on the target user's system [CVE-2011-3439].
A remote user can create specially crafted HTML that, when loaded by the target user, will cause libinfo to disclose potentially sensitive information via DNS name lookups [CVE-2011-3441]. Erling Ellingsen of Facebook and Per Johansson of Blocket AB reported this vulnerability.
A physically local user can open an iPad 2 Smart Cover while the device is confirming power off in the locked state to bypass the authentication passcode request [CVE-2011-3440]. The user cannot launch apps or access data protected by Data Protection.
|
Impact:
A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system.
A physically local user can bypass the iPad 2 authentication passcode request in certain cases.
|
Solution:
The vendor has issued a fix (5.0.1 (9A405)).
The vendor's advisory is available at:
http://support.apple.com/kb/HT5052
|
Vendor URL: support.apple.com/kb/HT5052 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 10 Nov 2011 22:15:33 +0000
Subject: Apple iOS
|
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
CoreGraphics
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Viewing a document containing a maliciously crafted font may
lead to arbitrary code execution
Description: Multiple memory corruption issues existed in FreeType,
the most serious of which may lead to arbitrary code execution when
processing a maliciously crafted font.
CVE-ID
CVE-2011-3439 : Apple
Passcode Lock
Available for: iOS 4.3 through 5.0 for iPad 2
Impact: A person with physical access to a locked iPad 2 may be able
to access some of the user's data
Description: When a Smart Cover is opened while iPad 2 is confirming
power off in the locked state, the iPad does not request a passcode.
This allows some access to the iPad, but data protected by Data
Protection is inaccessible and apps cannot be launched.
CVE-ID
CVE-2011-3440
libinfo
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in libinfo's handling of DNS name
lookups. When resolving a maliciously crafted hostname, libinfo could
return an incorrect result.
CVE-ID
CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of
Blocket AB
|
|
