Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0691 -- [Appliance][OSX] iPhone 2.0 and iPod touch 2.0 14 July 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iPhone prior to 2.0 iPod Touch prior to 2.0 Publisher: Apple Operating System: Mac OS X Impact: Execute Arbitrary Code/Commands Access Confidential Data Denial of Service Cross-site Scripting Provide Misleading Information Access: Remote/Unauthenticated CVE Names: CVE-2008-2317 CVE-2008-2307 CVE-2008-2303 CVE-2008-1767 CVE-2008-1590 CVE-2008-1589 CVE-2008-1588 CVE-2008-1026 CVE-2008-1025 CVE-2008-0177 CVE-2008-0050 CVE-2007-6284 CVE-2006-2783 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2008-07-11 iPhone 2.0 and iPod touch 2.0 iPhone 2.0 and iPod touch 2.0 are now available and address the following issues: CFNetwork CVE-ID: CVE-2008-0050 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: A malicious proxy server may spoof secure websites Description: A malicious HTTPS proxy server may return arbitrary data to CFNetwork in a 502 Bad Gateway error, which could allow a secure website to be spoofed. This update addresses the issue by not returning the proxy-supplied data on an error condition. Kernel CVE-ID: CVE-2008-0177 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: A remote attacker may be able to cause an unexpected device reset Description: An undetected failure condition exists in the handling of packets with an IPComp header. Sending a maliciously crafted packet to a system configured to use IPSec or IPv6 may cause an unexpected device reset. This update addresses the issue by properly detecting the failure condition. Safari CVE-ID: CVE-2008-1588 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Unicode ideographic spaces may be used to spoof a website Description: When Safari displays the current URL in the address bar, Unicode ideographic spaces are rendered. This allows a maliciously crafted website to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by not rendering Unicode ideographic spaces in the address bar. Safari CVE-ID: CVE-2008-1589 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: When Safari accesses a website that uses a self-signed or invalid certificate, it prompts the user to accept or reject the certificate. If the user presses the menu button while at the prompt, then on the next visit to the site, the certificate is accepted with no prompt. This may lead to the disclosure of sensitive information. This update addresses the issue through improved handling of certificates. Credit to Hiromitsu Takagi for reporting this issue. Safari CVE-ID: CVE-2008-2303 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue in Safari's handling of JavaScript array indices may result in an out-of-bounds memory access. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript array indices. Credit to SkyLined of Google for reporting this issue. Safari CVE-ID: CVE-2006-2783 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Visiting a maliciously crafted website may lead to cross- site scripting Description: Safari ignores Unicode byte order mark sequences when parsing web pages. Certain websites and web content filters attempt to sanitize input by blocking specific HTML tags. This approach to filtering may be bypassed and lead to cross-site scripting when encountering maliciously-crafted HTML tags containing byte order mark sequences. This update addresses the issue through improved handling of byte order mark sequences. Credit to Chris Weber of Casaba Security, LLC for reporting this issue. Safari CVE-ID: CVE-2008-2307 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to James Urquhart for reporting this issue. Safari CVE-ID: CVE-2008-2317 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in WebCore's handling of style sheet elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved garbage collection. Credit to Peter Vreudegnhil working with the TippingPoint Zero Day Initiative for reporting this issue. Safari CVE-ID: CVE-2007-6284 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Processing an XML document may lead to a denial of service Description: A memory consumption issue exists in the handling of XML documents containing invalid UTF-8 sequences, which may lead to a denial of service. This update addresses the issue by updating the libxml2 system library to version 2.6.16. Safari CVE-ID: CVE-2008-1767 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Processing an XML document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via the xmlsoft.org website http://xmlsoft.org/XSLT/ Credit to Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team for reporting this issue. WebKit CVE-ID: CVE-2008-1590 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in JavaScriptCore's handling of runtime garbage collection. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved garbage collection. Credit to Itzik Kotler and Jonathan Rom of Radware for reporting this issue. WebKit CVE-ID: CVE-2008-1025 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Accessing a maliciously crafted URL may result in cross-site scripting Description: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Accessing a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of the Google Security Team, and David Bloom for reporting this issue. WebKit CVE-ID: CVE-2008-1026 Available for: iPhone v1.0 through v1.1.4, iPod touch v1.1 through v1.1.4 Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller of Independent Security Evaluators for reporting this issue. Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting "don't install" will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the "Check for Update" button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "2.0 (5A345)" or later Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBSHeR43kodeiKZIkBAQhfJwgAuYkrStQHS1TdKGau/y8Ap1f/mULUtwf/ fkKoVjtNk89k1gW8P/eWZsextVgotw8Jf2DvHHh5pjCAxOqCbX7+q0GHB8f7XJ7m KiPm3RlnjYggWVJJFQgAaifOhURQgKL1scFFVFimhbobyYYWMmvA3E/Ej+fgay5d 6JKTAsTNFTfTypKeTAPKGLTGuRhPIeEPg+lCMQDA3bLNYvke660bzpv4oISwldx6 gFpCoHd/NmFfXPFIQLICaeuCMhExo0sPFvq/6r5o0sDTsvS/Lm4Uf9zFMhKDOL5x uDiUOjVHQpzxdtfaJuwIHyoPLRXwKqJlb14okyj0JJHtqQe82mIPDw== =/Ju0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSHqR3Ch9+71yA2DNAQI/eAP/e3Y/24V/Y5uoxxhWM4peOLXgflbrtFRp aKgf5T5cdKta93jb1Z2+snsqtbvSeCbBHuPi1mhiWiP0Vin5y6lD0ITPZt5TVLQ7 WUGdbXU5S7g+DIcnMbvaOrqOa3ynvJqQ+2XkP+MFA/wxJij1hbo1rAC9A6DZVbC4 TyPm02LAu8E= =sQts -----END PGP SIGNATURE-----