SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Other)  >   Blackberry OS Vendors:   Research In Motion Limited
(RIM Issues Fix for BlackBerry OS) Apple iTunes WebKit Memory Corruption Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1029022
SecurityTracker URL:  http://securitytracker.com/id/1029022
CVE Reference:   CVE-2013-1000   (Links to External Site)
Date:  Sep 11 2013
Impact:   Execution of arbitrary code via network, Modification of authentication information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.1.0.1392
Description:   Multiple vulnerabilities were reported in Apple iTunes. A remote user can execute arbitrary code on the target system. A remote user can spoof digital certificates. BlackBerry OS is affected by one vulnerability.

A remote user can conduct a man-in-the-middle attack to trigger a memory corruption error in WebKit and cause the target iTunes application to execute arbitrary code while the target user is browsing the iTunes Store [CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006,
CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011].

Atte Kettunen of OUSPG, Jay Civelli of the Chromium development community, Google Chrome Security Team (Martin Barbella), Google Chrome Security Team (Inferno), David German of Google, Vitaliy Toropov (via HP TippingPoint's Zero Day Initiative), pa_kt (via HP TippingPoint's Zero Day Initiative), Fermin J. Serna of the Google Security Team, Ryan Humenick, Sergey Glazunov, and miaubiz reported these vulnerabilities.

The system does not properly validate certificates. A remote user can conduct a man-in-the-middle attack to spoof HTTPS server certificates and obtain potentially sensitive information [CVE-2013-1014].

Christopher of ThinkSECURE Pte Ltd and Christopher Hickstein of University of Minnesota reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can spoof digital certificates.

Solution:   RIM has issued a fix for CVE-2013-1000 for BlackBerry OS (10.1.0.1392). BlackBerry Z10 smartphones are affected.

The RIM advisory is available at:

http://www.blackberry.com/btsc/KB35021

Cause:   Access control error, Authentication error

Message History:   This archive entry is a follow-up to the message listed below.
May 16 2013 Apple iTunes WebKit Memory Corruption Flaws Let Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC