SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Apple iPhone Vendors:   Apple
Apple iPhone Multiple Bugs Let Remote Users Execute Arbitrary Code and Physically Local Users Access the Device
SecurityTracker Alert ID:  1024135
SecurityTracker URL:  http://securitytracker.com/id/1024135
CVE Reference:   CVE-2010-1751, CVE-2010-1752, CVE-2010-1753, CVE-2010-1754, CVE-2010-1755, CVE-2010-1756, CVE-2010-1775   (Links to External Site)
Date:  Jun 22 2010
Impact:   Denial of service via local system, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.0
Description:   Several vulnerabilities were reported in Apple iPhone. A remote user can cause arbitrary code to be executed on the target user's system. A physically local user can access data. An application can infer a user's location.

A remote user can create an application that, when loaded and executed by the target user, will determine visited locations without authorization [CVE-2010-1751]. Zac White reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a stack overflow in CFNetwork's URL and execute arbitrary code on the target system [CVE-2010-1752]. Laurent OUDOT of TEHTRI-Security reported this vulnerability.

A remote user can create a specially crafted JPEG image that, when loaded by the target user, will trigger a memory corruption error and execution arbitrary code on the target system [CVE-2010-1753]. Ladd Van Tol of Critical Path Software reported this vulnerability.

When MobileMe is used to Remote Lock the target device while the device is unlocked in response to an alert (e.g., alert for receiving text message, alert for receiving voicemail), the passcode will be already entered when the device is unlocked [CVE-2010-1754]. Sidney San Martin of DeepTech, Inc. reported this vulnerability.

In some cases, cookie preferences in Safari are not applied until Safari is restarted [CVE-2010-1755]. A remote user can exploit this to set cookies even if the Accept Cookies preference is set to "From visited" or "Never". Jason Dent of Street Side Software reported this vulnerability.

When a user is connected to a "hidden" wireless network, the Settings application may display a different wireless network [CVE-2010-1756]. Wilfried Teiken reported this vulnerability.

A physically local user can exploit a race condition in the pairing of a device with a computer to access data for a short period after the initial boot if the device was unlocked when last powered down [CVE-2010-1775].

Impact:   A remote user can create a file or HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A physically local user can access data.

An application can infer a user's location.

Solution:   The vendor has issued a fix (4.0), available via iTunes.

The vendor's advisory is available at:

http://support.apple.com/kb/HT4225

Vendor URL:  support.apple.com/kb/HT4225 (Links to External Site)
Cause:   Access control error, Boundary error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC