-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                       ESB-2008.0874 -- [Appliance]
                      APPLE-SA-2008-09-12 iPhone v2.1
                             15 September 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              iPhone
Publisher:            Apple
Operating System:     Network Appliance
Impact:               Execute Arbitrary Code/Commands
                      Denial of Service
                      Inappropriate Access
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-3633 CVE-2008-3632 CVE-2008-3631
                      CVE-2008-3612 CVE-2008-1808 CVE-2008-1807
                      CVE-2008-1806 CVE-2008-1447

Ref:                  ESB-2008.0861

Original Bulletin:    http://support.apple.com/kb/HT1222

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-09-12 iPhone v2.1

iPhone v2.1 is now available and addresses the following issues:

Application Sandbox
CVE-ID:  CVE-2008-3631
Available for:  iPhone v2.0 through v2.0.2
Impact:  An application may be able to read another application's
files
Description:  The Application Sandbox does not properly enforce
access restrictions between third-party applications. This may allow
a third-party application to read files in another third-party
application's sandbox, and lead to the disclosure of sensitive
information. This update addresses the issue by enforcing the proper
access restrictions between application sandboxes. Credit to Nicolas
Seriot of Sen:te and Bryce Cogswell for reporting this issue. This
issue does not affect iPhone versions prior to v2.0.

CoreGraphics
CVE-ID:  CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Available for:  iPhone v1.0 through v2.0.2
Impact:  Multiple vulnerabilities in FreeType v2.3.5
Description:  Multiple vulnerabilities exist in FreeType v2.3.5, the
most serious of which may lead to arbitrary code execution when
accessing maliciously crafted font data. This update addresses the
issue by incorporating the security fixes from version 2.3.6 of
FreeType. Further information is available via the FreeType site at
http://www.freetype.org/

mDNSResponder
CVE-ID:  CVE-2008-1447
Available for:  iPhone v1.0 through v2.0.2
Impact:  mDNSResponder is susceptible to DNS cache poisoning and may
return forged information
Description:  mDNSResponder provides translation between host names
and IP addresses for applications that use its unicast DNS resolution
API. A weakness in the DNS protocol may allow a remote attacker to
perform DNS cache poisoning attacks. As a result, applications that
rely on mDNSResponder for DNS may receive forged information. This
update addresses the issue by implementing source port and
transaction ID randomization to improve resilience against cache
poisoning attacks. Credit to Dan Kaminsky of IOActive for reporting
this issue.

Networking
CVE-ID:  CVE-2008-3612
Available for:  iPhone v2.0 through v2.0.2
Impact:  Predictable TCP initial sequence numbers generation may lead
to TCP spoofing or session hijacking
Description:  TCP initial sequence numbers are sequentially
generated. Predictable initial sequence numbers may allow a remote
attacker to create a spoofed TCP connection or insert data into an
existing TCP connection. This update addresses the issue by
generating random TCP initial sequence numbers. This issue does not
affect iPhone versions prior to v2.0.

Passcode Lock
CVE-ID:  CVE-2008-3633
Available for:  iPhone v2.0 through v2.0.2
Impact:  An unauthorized user may bypass the Passcode Lock and launch
iPhone applications
Description:  The Passcode Lock feature is designed to prevent
applications from being launched unless the correct passcode is
entered. An implementation issue in the handling of emergency calls
allows users with physical access to an iPhone to launch an
application without the passcode by double clicking the home button
in emergency call. This update addresses the issue through improved
handling of emergency calls. Credit to Matthew Yohe of The University
of Iowa's Department of Electrical and Computer Engineering for
reporting this issue. This issue does not affect iPhone versions
prior to v2.0.

WebKit
CVE-ID:  CVE-2008-3632
Available for:  iPhone v1.0 through v2.0.2
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use-after-free issue exists in WebKit's handling of
CSS import statements. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved handling
of document references.

Installation note:

This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple's update server on its weekly
schedule.  When an update is detected, it will download it.  When the
iPhone is docked, iTunes will present the user with the option to
install the update.  We recommend applying the update immediately if
possible.  Selecting "don't install" will present the option the next
time you connect your iPhone.

The automatic update process may take up to a week depending on the
day that iTunes checks for updates.  You may manually obtain the
update via the "Check for Update" button within iTunes.  After doing
this, the update can be applied when your iPhone is docked to your
computer.

To check that the iPhone or iPod touch has been updated:

* Navigate to Settings
* Select General
* Select About.  The version after applying this update will be
"2.1 (5F136)" or later

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932)

iQEVAwUBSMoDbnkodeiKZIkBAQioFQf/WOo80by0PcHpX6pbutebjz4vt3n43J7P
st0sMWfd+rzW0bYn1Sa/vfQPMnnJ4Wbo0VH5Zf7m9ELTSBMSJNla5rYA/QthYVA4
2klnljERay+kHJ1vfZs4O3TZzIbr8tlphHOkbeKTiEvks7lPsh1I6JeTpSQ62VcJ
1DUPr1NMAzAMSdxMZXkYA78ph5rrbZIzMkxXHnh7IQU5+xtckche6YYtHI0YjlTA
JXGLUmS+/c+bT4k/HPxrSD+U7nbblTOxNCXV+raRzWA5uRWCrbWDMnj2SamB7574
iNVtiZm9nwKO/rwqAxt7HmXT5IA6LgZh2GxG9o9VEFC3bI8IHOsTCQ==
=I6A6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSM2xWCh9+71yA2DNAQJZ1gP/SCMtEVNApDPPwv29j/lD6UWVG6lT90mA
nX1WTSWPFvR1mzUtV4RMjPGd01V/NCa9flSMmOqzlhEwD0jltjEW5PNqW+pZJOhY
2fm0Dq084n/er3EgXG8liRVSrgyNlxmHfPlup1At9jKkXtz6jcMmfCyffZaWoaUm
muE1ZA9U9io=
=Gs9J
-----END PGP SIGNATURE-----