BugTraq
APPLE-SA-2011-10-12-6 Numbers for iOS v1.5 Oct 12 2011 06:34PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-10-12-6 Numbers for iOS v1.5

Numbers for iOS v1.5 is now available and addresses the following:

Numbers
Available for: iOS
Impact: Opening a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Excel
files. Opening a maliciously crafted Excel file in Numbers may lead
to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-3785 : Apple

Numbers
Available for: iOS
Impact: Opening a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
Excel files. Opening a maliciously crafted Excel file in Numbers may
lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs

Numbers for iOS v1.5 is available for download via the App Store.

To check the current version of software, select
"Settings -> Numbers -> Version".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOlcxCAAoJEGnF2JsdZQee7tMIAJtNNcOQFU52GXh/kqFm0fkL
Ag5iBQUViwUR2vfSCqRWkdWViNnLdoUW+mOYCkzsPiVdFtP50iaNRfxVlsuhq5CS
Ty/MJ1G6lVUZwGCc8T2qaJxa0dc2wOL01lTgL5cCz15uweaKw9aMfUh00p28xyXr
YaF44RTmcY/DDr66XB5Hilc8B8gvShOm9jSAiHeo1yWLEDmn18RQweXelHJCpyP/
kNf6ldO+ORfkGKXqInHXKE/O6VmeuqsYYMFPO43ZP34Dj/nKzuqHmCCsLCI6/S2G
UVhooJxJXa2XJ4/GxA1eI+pv0WJgIWWZu48xaRVMuZmmn089dIBgtQsKkZlTWPA=
=J04W
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus