On Friday, July 11, 2008, Apple released iPhone 2.0 and iPod touch 2.0 which addresses the following security issues:
CFNetwork
Type: Malicious proxy server; Spoofing; Unexpected application termination; Arbitrary code execution
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved proxy error condition handling
Credit: NA
Kernel
Type: Remote vulnerability; Unexpected device reset; Malicious packet; IPSec; IPv6
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved failure condition handling
Credit: NA
Safari
Type: Spoofing; Malicious Unicode URL
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved Unicode URL rendering
Credit: NA
Type: Information disclosure; self-signed or invalid SSL certificates
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved handling handling of SSL certificates
Credit: Hiromitsu Takagi
Type: JavaScript out-of-bounds memory access; Unexpected application termination; Arbitrary code execution
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Additional "validation of JavaScript array indices"
Credit: SkyLined of Google
Type: Cross-site scripting; Unicode byte order mark sequences
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved handling of byte order mark sequences
Credit: Chris Weber of Casaba Security, LLC
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; JavaScript
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved bounds checking
Credit: James Urquhart
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; CSS
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved garbage collection
Credit: Peter Vreudegnhil, TippingPoint Zero Day Initiative
Type: Denial of Service; Memory consumption; XML; UTF-8
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Update libxml2 to version 2.6.16
Credit: NA
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; XML
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Patch via xmlsonf.org
Credit: Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team
WebKit
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; JavaScript
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved garbage collection
Credit: Itzik Kotler and Jonathan Rom of Radware
Type: Cross-site scripting; Colon character in URLs
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved handling of URLs
Credit: Robert Swiecki of the Google Security Team, and David Bloom
Type: Unexpected application termination; Arbitrary code execution; Heap buffer overflow; JavaScript RegEx
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved validation of JavaScript RegEx
Credit: Charlie Miller of Independent Security Evaluators
Details can be found in the following Apple Knowledge Base document: http://support.apple.com/kb/HT2351
###
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441
CFNetwork
Type: Malicious proxy server; Spoofing; Unexpected application termination; Arbitrary code execution
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved proxy error condition handling
Credit: NA
Kernel
Type: Remote vulnerability; Unexpected device reset; Malicious packet; IPSec; IPv6
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved failure condition handling
Credit: NA
Safari
Type: Spoofing; Malicious Unicode URL
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved Unicode URL rendering
Credit: NA
Type: Information disclosure; self-signed or invalid SSL certificates
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved handling handling of SSL certificates
Credit: Hiromitsu Takagi
Type: JavaScript out-of-bounds memory access; Unexpected application termination; Arbitrary code execution
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Additional "validation of JavaScript array indices"
Credit: SkyLined of Google
Type: Cross-site scripting; Unicode byte order mark sequences
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved handling of byte order mark sequences
Credit: Chris Weber of Casaba Security, LLC
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; JavaScript
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved bounds checking
Credit: James Urquhart
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; CSS
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved garbage collection
Credit: Peter Vreudegnhil, TippingPoint Zero Day Initiative
Type: Denial of Service; Memory consumption; XML; UTF-8
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Update libxml2 to version 2.6.16
Credit: NA
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; XML
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Patch via xmlsonf.org
Credit: Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team
WebKit
Type: Unexpected application termination; Arbitrary code execution; Memory corruption; JavaScript
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved garbage collection
Credit: Itzik Kotler and Jonathan Rom of Radware
Type: Cross-site scripting; Colon character in URLs
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved handling of URLs
Credit: Robert Swiecki of the Google Security Team, and David Bloom
Type: Unexpected application termination; Arbitrary code execution; Heap buffer overflow; JavaScript RegEx
Platforms: iPhone 1.0 to 1.1.4, iPod touch 1.1 to 1.1.4
Resolution: Improved validation of JavaScript RegEx
Credit: Charlie Miller of Independent Security Evaluators
Details can be found in the following Apple Knowledge Base document: http://support.apple.com/kb/HT2351
###
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
Springfield, Oregon
--------------------
Office: 541-335-7441
[ reply ]