(FreeType Issues Fix) Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Let Local Users Bypass Authentication - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > FreeType

Vendors: freetype.org

(FreeType Issues Fix) Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Let Local Users Bypass Authentication

SecurityTracker Alert ID: 1026326

SecurityTracker URL: http://securitytracker.com/id/1026326

CVE Reference: CVE-2011-3439 (Links to External Site)

Date: Nov 15 2011

Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.4.7 and prior versions

Description: Several vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A physically local user can bypass authentication. A remote user can obtain potentially sensitive information. FreeType is affected.

A remote user can create a specially crafted FreeType font that, when loaded by the target user, will execute arbitrary code on the target user's system [CVE-2011-3439].

A remote user can create specially crafted HTML that, when loaded by the target user, will cause libinfo to disclose potentially sensitive information via DNS name lookups [CVE-2011-3441]. Erling Ellingsen of Facebook and Per Johansson of Blocket AB reported this vulnerability.

A physically local user can open an iPad 2 Smart Cover while the device is confirming power off in the locked state to bypass the authentication passcode request [CVE-2011-3440]. The user cannot launch apps or access data protected by Data Protection.

Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on or obtain potentially sensitive information from the target user's system.

A physically local user can bypass the iPad 2 authentication passcode request in certain cases.

Solution: FreeType has issued a fix for CVE-2011-3439 (2.4.8).

The FreeType advisory is available at:

http://sourceforge.net/projects/freetype/files/freetype2/2.4.8/README/view

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry is a follow-up to the message listed below.

Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Let Local Users Bypass Authentication

Source Message Contents

Date: Tue, 15 Nov 2011 20:27:36 +0000
Subject: FreeType


http://sourceforge.net/projects/freetype/files/freetype2/2.4.8/README/view

CVE-2011-3439

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC