Apple has released iPhone OS 2.2 with patches for 12 documented security flaws, some very serious. The vulnerabilities covered by the patch (which also affect iPod Touch) could allow remote code execution, information theft, software crashes and weakened encryption settings.
The updates include:
CVE-2008-2321: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-2327: Multiple uninitialized memory access issues exist in libTIFF’s handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-1586: A memory exhaustion issue exists in the handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected device reset.
CVE-2008-4227: The encryption level for PPTP VPN connections may revert to a previous lower setting. This update addresses the issue by properly setting the encryption preferences.
CVE-2008-4211: An issue in Office Viewer’s handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-4228: iPhone provides the ability to make an emergency call when locked. Currently, an emergency call may be placed to any number. A person with physical access to an iPhone may take advantage of this feature to place arbitrary calls which are charged to the iPhone owner.
CVE-2008-4229: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. A race condition in the handling of device settings may cause the Passcode Lock to be removed when the device is restored from backup. This may allow a person with physical access to the device to launch applications without the passcode.
CVE-2008-4230: If an SMS message arrives while the emergency call screen is visible, the entire SMS message is displayed, even if the “Show SMS Preview” preference was set to “OFF”. This update addresses the issue by, in this situation, displaying only a notification that a SMS message has arrived, and not its content.
CVE-2008-4231: A memory corruption issue exists in the handling of HTML table elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-4232: Safari allows an iframe element to display content outside its boundaries, which may lead to user interface spoofing.
CVE-2008-4233: If an application is launched via Safari while a call approval dialog is shown, the call will be placed. This may allow a maliciously crafted website to initiate a phone call without user interaction. Additionally, under certain circumstances it may be possible for a maliciously crafted website to block the user’s ability to cancel dialing for a short period of time.
CVE-2008-3644: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a person with physical access to an unlocked device.
There are still several known phishing and spamming flaws in iPhone that remain unfixed.
The updates include:
CVE-2008-2321: CoreGraphics contains memory corruption issues in the processing of arguments. Passing untrusted input to CoreGraphics via an application, such as a web browser, may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-2327: Multiple uninitialized memory access issues exist in libTIFF’s handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-1586: A memory exhaustion issue exists in the handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected device reset.
CVE-2008-4227: The encryption level for PPTP VPN connections may revert to a previous lower setting. This update addresses the issue by properly setting the encryption preferences.
CVE-2008-4211: An issue in Office Viewer’s handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-4228: iPhone provides the ability to make an emergency call when locked. Currently, an emergency call may be placed to any number. A person with physical access to an iPhone may take advantage of this feature to place arbitrary calls which are charged to the iPhone owner.
CVE-2008-4229: The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. A race condition in the handling of device settings may cause the Passcode Lock to be removed when the device is restored from backup. This may allow a person with physical access to the device to launch applications without the passcode.
CVE-2008-4230: If an SMS message arrives while the emergency call screen is visible, the entire SMS message is displayed, even if the “Show SMS Preview” preference was set to “OFF”. This update addresses the issue by, in this situation, displaying only a notification that a SMS message has arrived, and not its content.
CVE-2008-4231: A memory corruption issue exists in the handling of HTML table elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
CVE-2008-4232: Safari allows an iframe element to display content outside its boundaries, which may lead to user interface spoofing.
CVE-2008-4233: If an application is launched via Safari while a call approval dialog is shown, the call will be placed. This may allow a maliciously crafted website to initiate a phone call without user interaction. Additionally, under certain circumstances it may be possible for a maliciously crafted website to block the user’s ability to cancel dialing for a short period of time.
CVE-2008-3644: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a person with physical access to an unlocked device.
There are still several known phishing and spamming flaws in iPhone that remain unfixed.
No comments:
Post a Comment