Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Zero-Day Monitor
  Search Engine
 
   

>> Apple iPhone Code Execution and Security Bypass Vulnerabilities

Title : Apple iPhone Code Execution and Security Bypass Vulnerabilities
Advisory ID : VUPEN/ADV-2008-2558
CVE ID : CVE-2008-1447 - CVE-2008-1806 - CVE-2008-1807 - CVE-2008-1808 - CVE-2008-3612 - CVE-2008-3631 - CVE-2008-3632 - CVE-2008-3633
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-09-15

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

Multiple vulnerabilities have been identified in Apple iPhone, which could be exploited by attackers to bypass security restrictions, poison DNS cache, cause a denial of service or compromise a vulnerable system.

The first issue is caused by an error in the Application Sandbox that does not properly enforce access restrictions between third-party applications, which may allow a third-party application to read files in another third-party application's sandbox and lead to the disclosure of sensitive information.

The second vulnerability is caused by errors in FreeType could be exploited to execute arbitrary code. For additional information, see : VUPEN/ADV-2008-1794

The third issue is caused by an error in mDNSResponder, which may allow DNS cache poisoning attacks.

The fourth weakness is caused due to predictable TCP initial sequence numbers being generated, which could allow a remote attacker to create a spoofed TCP connection or insert data into an existing TCP connection.

The fifth vulnerability is caused by an implementation error in the Passcode Lock feature when handling emergency calls, which could allow users with physical access to an iPhone to launch an application without the passcode by double clicking the home button in emergency call.

The sixth issue is caused by a use-after-free error in WebKit when handling CSS import statements, which could allow malicious websites to crash an affected application or execute arbitrary code.

Credits

Vulnerabilities reported by Nicolas Seriot (Sen:te), Bryce Cogswell, Dan Kaminsky (IOActive), Matthew Yohe (University of Iowa / Department of Electrical and Computer Engineering) and the vendor.

ChangeLog

2008-09-15 : Initial release

Vulnerability Management

Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com.
 


Copyright 2003-2008 © VUPEN.COM - Privacy Policy