Home > Exploits, iPhone > iOS Security Updates

iOS Security Updates

iPod, iPhone and iPad users MUST immediately apply the security updates.

Visit Apple Security Updates for details.

Reference:

iPad http://support.apple.com/kb/HT4291;

iPhone and iPod http://support.apple.com/kb/HT4292

Why important?

This will protect you from in-the-wild drive-by download hack attack!

JailBreakMe by comex (et al.) demonstrated a serious security hole that allows users to jailbreak their iOS devices simply by just visiting a website and/or tapping a link. This security hole is very dangerous, by just browsing the web users could be exposed from abusive sites that may harvest their credentials and information.

How it work?

Safari browser loads a crafted PDF that exploits the following vulnerabilities:

First, it is triggered by unrecognized font, the Compact Font Format (CFFType 1C, which causes the second exploit code to execute. This vulnerability is referred as CVE-2010-1797.

<</Subtype /Type1C

Second, the value is too large for the integer data type to handle(refer example IOSurface property list below), resulting to execution of malicious code running as user to escalate to system or root privilege.

This vulnerability is referred as CVE-2010-2973.

So, an attacker entice a targeted user to open a URL. Upon opening the URL in Safari the PDF file will be automatically parsed and exploitation will occur. The file may also arrive as an email attachment.

Stay safe!

Recommended reading:

iPhone 4 / iPad: The Keys Out Of Prison by Axelle Apvrille

Technical Analysis on iPhone Jailbreaking by Matt Oh

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: