Home / mailingsPDF  

APPLE-SA-2010-09-08-1 iOS 4.1 for iPhone and iPod touch

Posted on 08 September 2010
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-09-08-1 iOS 4.1 for iPhone and iPod touch

iOS 4.1 for iPhone and iPod touch is now available and addresses the
following:

Accessibility
CVE-ID: CVE-2010-1809
Available for: iOS 3.0 through 4.0.2 for iPhone 3GS and later,
iOS 3.0 through 4.0.2 for iPod touch (3rd generation)
Impact: An application's use of location services may not be
announced through VoiceOver
Description: A user interface accessibility issue exists in the
settings panel for Location Services. VoiceOver does not announce the
presence of the location services icon that is shown next to an
application that has requested the user's location within the last 24
hours. This issue is addressed by ensuring that VoiceOver announces
the presence of the icon. Credit to Robin Kipp of Forever Living
Products Europe for reporting this issue.

FaceTime
CVE-ID: CVE-2010-1810
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: An attacker in a privileged network position may be able to
redirect FaceTime calls
Description: An issue in the handling of invalid certificates may
allow an attacker in a privileged network position to redirect
FaceTime calls. This issue is addressed through improved handling of
certificates. Credit to Aaron Sigel of vtty.com for reporting this
issue.

ImageIO
CVE-ID: CVE-2010-1811
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Processing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of
TIFF images. Processing a maliciously crafted TIFF image may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of TIFF images.
Credit: Apple.

ImageIO
CVE-ID: CVE-2010-1817
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Processing a maliciously crafted GIF image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of GIF images.
Processing a maliciously crafted GIF image may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved bounds checking. Credit to Tom Ferris of
Adobe PSIRT for reporting this issue.

WebKit
CVE-ID: CVE-2010-1786
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
"foreignObject" elements in SVG documents. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through additional
validation of SVG documents. Credit to wushi of team509, working with
TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
CVE-ID: CVE-2010-1770
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A type checking issue exists in WebKit's handling of
text nodes. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved type checking. Credit to wushi of
team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1785
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's
handling of the ":first-letter" and ":first-line" pseudo-elements in
SVG text elements. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed by not rendering ":first-letter" or ":first-
line" pseudo-elements in SVG text elements. Credit to wushi of
team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1780
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
element focus. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of element focus. Credit
to Tony Chang of Google, Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1793
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
"font-face" and "use" elements in SVG documents. Visiting a
maliciously crafted website may lead to an unexpected application
termination or arbitrary code execution. This issue is addressed
through improved handling of "font-face" and "use" elements in SVG
documents. Credit to Aki Helin of OUSPG for reporting this issue.

WebKit
CVE-ID: CVE-2010-1421
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may change the
contents of the clipboard
Description: A design issue exists in the implementation of the
JavaScript execCommand function. A maliciously crafted web page can
modify the contents of the clipboard without user interaction. This
issue is addressed by only allowing clipboard commands to be executed
if initiated by the user. Credit: Apple.

WebKit
CVE-ID: CVE-2010-1422
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Interacting with a maliciously crafted website may result in
unexpected actions on other sites
Description: An implementation issue exists in WebKit's handling of
keyboard focus. If the keyboard focus changes during the processing
of key presses, WebKit may deliver an event to the newly-focused
frame, instead of the frame that had focus when the key press
occurred. A maliciously crafted website may be able to manipulate a
user into taking an unexpected action, such as initiating a purchase.
This issue is addressed by preventing the delivery of key press
events if the keyboard focus changes during processing. Credit to
Michal Zalewski of Google, Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1771
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
fonts. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of fonts. Credit: Apple.

WebKit
CVE-ID: CVE-2010-1783
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of dynamic modifications to text nodes. Visiting a maliciously
crafted website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
memory management.

WebKit
CVE-ID: CVE-2010-1764
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a website that redirects form submissions may lead
to an information disclosure
Description: A design issue exists in WebKit's handling of HTTP
redirects. When a form submission is redirected to a website that
also does a redirection, the information contained in the submitted
form may be sent to the third site. This issue is addressed through
improved handling of HTTP redirects. Credit to Marc Worrell of
WhatWebWhat for reporting this issue.

WebKit
CVE-ID: CVE-2010-1782
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering
of inline elements. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved bounds checking. Credit to
wushi of team509 for reporting this issue.

WebKit
CVE-ID: CVE-2010-1781
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue exists in WebKit's rendering of
inline elements. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management. Credit to
James Robinson of Google, Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1784
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of CSS counters. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management. Credit to
wushi of team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1787
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of floating elements in SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
memory management.

WebKit
CVE-ID: CVE-2010-1791
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue exists in WebKit's handling of
JavaScript arrays. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of JavaScript array
indices. Credit to Natalie Silvanovich for reporting this issue.

WebKit
CVE-ID: CVE-2010-1788
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of "use" elements in SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of "use" elements in SVG documents. Credit to Justin Schuh
of Google, Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1812
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
selections. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of selections. Credit to
Ojan Vafai of Google, Inc. for reporting this issue.

WebKit
CVE-ID: CVE-2010-1813
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering
of HTML object outlines. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved memory
management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for
reporting this issue.

WebKit
CVE-ID: CVE-2010-1814
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of form menus. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is fixed through improved handling of form menus. Credit to
Csaba Osztrogonac of University of Szeged for reporting this issue.

WebKit
CVE-ID: CVE-2010-1815
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
scrollbars. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. Credit to Tony
Chang of Google, Inc for reporting this issue.


Installation note:

These updates are only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone or iPod touch is docked, iTunes will present the user with
the option to install the update. We recommend applying the update
immediately if possible. Selecting Don't Install will present the
option the next time you connect your iPhone or iPod touch.

The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone or iPod touch is
docked to your computer.

To check that the iPhone or iPod touch has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"4.1 (8B117)" or later.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP