Archive

Archive for August, 2010

iOS Security Updates

iPod, iPhone and iPad users MUST immediately apply the security updates.

Visit Apple Security Updates for details.

Reference:

iPad http://support.apple.com/kb/HT4291;

iPhone and iPod http://support.apple.com/kb/HT4292

Why important?

This will protect you from in-the-wild drive-by download hack attack!

JailBreakMe by comex (et al.) demonstrated a serious security hole that allows users to jailbreak their iOS devices simply by just visiting a website and/or tapping a link. This security hole is very dangerous, by just browsing the web users could be exposed from abusive sites that may harvest their credentials and information.

How it work?

Safari browser loads a crafted PDF that exploits the following vulnerabilities:

First, it is triggered by unrecognized font, the Compact Font Format (CFFType 1C, which causes the second exploit code to execute. This vulnerability is referred as CVE-2010-1797.

<</Subtype /Type1C

Second, the value is too large for the integer data type to handle(refer example IOSurface property list below), resulting to execution of malicious code running as user to escalate to system or root privilege.

This vulnerability is referred as CVE-2010-2973.

So, an attacker entice a targeted user to open a URL. Upon opening the URL in Safari the PDF file will be automatically parsed and exploitation will occur. The file may also arrive as an email attachment.

Stay safe!

Recommended reading:

iPhone 4 / iPad: The Keys Out Of Prison by Axelle Apvrille

Technical Analysis on iPhone Jailbreaking by Matt Oh