Home / mailings APPLE-SA-2010-11-22-1 iOS 4.2
Posted on 22 November 2010
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-11-22-1 iOS 4.2
iOS 4.2 is now available and addresses the following:
Configuration Profiles
CVE-ID: CVE-2010-3827
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: A user may be misled into installing a maliciously crafted
configuration profile
Description: A signature validation issue exists in the handling of
configuration profiles. A maliciously crafted configuration profile
may appear to have a valid signature in the configuration
installation utility. This issue is addressed through improved
validation of profile signatures. Credit to Barry Simpson of Bomgar
Corporation for reporting this issue.
CoreGraphics
CVE-ID: CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808,
CVE-2010-3053, CVE-2010-3054
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Multiple vulnerabilities in FreeType 2.4.1
Description: Multiple vulnerabilities exist in FreeType 2.4.1, the
most serious of which may lead to arbitrary code execution when
processing a maliciously crafted font. These issues are addressed by
updating FreeType to version 2.4.2. Further information is available
via the FreeType site at http://www.freetype.org/
FreeType
CVE-ID: CVE-2010-3814
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Viewing a PDF document with maliciously crafted embedded
fonts may allow arbitrary code execution
Description: A heap buffer overflow exists in FreeType's handling of
TrueType opcodes. Viewing a PDF document with maliciously crafted
embedded fonts may lead to an unexpected application termination or
arbitrary code execution. This update addresses the issue through
improved bounds checking.
iAd Content Display
CVE-ID: CVE-2010-3828
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: An attacker in a privileged network position may be able to
cause a call to be initiated
Description: A URL handling issue exists in iAd Content Display. An
iAd is requested by an application, either automatically or through
explicit user action. By injecting the contents of a requested ad
with a link containing a URL scheme used to initiate a call, an
attacker in a privileged network position may be able to cause a call
to occur. This issue is addressed by ensuring that the user is
prompted before a call is initiated from a link. Credit to Aaron
Sigel of vtty.com for reporting this issue.
ImageIO
CVE-ID: CVE-2010-2249, CVE-2010-1205
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Multiple vulnerabilities in libpng
Description: libpng is updated to version 1.4.3 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
libxml
CVE-ID: CVE-2010-4008
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in libxml's xpath
handling. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of xpaths. Credit to Bui
Quang Minh from Bkis (www.bkis.com) for reporting this issue.
CVE-ID: CVE-2010-3829
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Mail may resolve DNS names when remote image loading is
disabled
Description: When WebKit encounters an HTML Link Element that
requests DNS prefetching, it will perform the prefetch even if remote
image loading is disabled. This may result in undesired requests to
remote servers. The sender of an HTML-formatted email message could
use this to determine whether the message was viewed. This issue is
addressed by disabling DNS prefetching when remote image loading is
disabled. Credit to Mike Cardwell of Cardwell IT Ltd. for reporting
this issue.
Networking
CVE-ID: CVE-2010-1843
Available for: iOS 4.0 through 4.1 for iPhone 3GS and later,
iOS 4.0 through 4.1 for iPod touch (3rd generation),
iOS 3.2 through 3.2.2 for iPad
Impact: A remote attacker may cause an unexpected system shutdown
Description: A null pointer dereference issue exists in the handling
of Protocol Independent Multicast (PIM) packets. By sending a
maliciously crafted PIM packet, a remote attacker may cause an
unexpected system shutdown. This issue is addressed through improved
validation of PIM packets. Credit to an anonymous researcher working
with TippingPoint's Zero Day Initiative for reporting this issue.
This issue does not affect devices running iOS versions prior to 3.2.
Networking
CVE-ID: CVE-2010-3830
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Malicious code may gain system privileges
Description: An invalid pointer reference exists in Networking when
handling packet filter rules. This may allow malicious code running
in the user's session to gain system privileges. This issue is
addressed through improved handling of packet filter rules.
OfficeImport
CVE-ID: CVE-2010-3786
Available for: iOS 3.2 through 3.2.2 for iPad
Impact: Viewing a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in OfficeImport's
handling of Excel files. Viewing a maliciously crafted Excel file may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
This issue was addressed on iPhones in iOS 4. Credit to Tobias Klein,
working with VeriSign iDefense Labs for reporting this issue.
Photos
CVE-ID: CVE-2010-3831
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: "Send to MobileMe" may result in the disclosure of the
MobileMe account password
Description: The Photos application allows users to share their
pictures and movies through various means. One way is the "Send to
MobileMe" button, which uploads the selected contents to the user's
MobileMe Gallery. The Photos application will use HTTP Basic
authentication if no other authentication mechanism is presented as
available by the server. An attacker with a privileged network
position may manipulate the response of the MobileMe Gallery to
request basic authentication, resulting in the disclosure of the
MobileMe account password. This issue is addressed by disabling
support for Basic authentication. Credit to Credit to Aaron Sigel of
vtty.com for reporting this issue.
Safari
CVE-ID: CVE-2009-1707
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: "Reset Safari" may not immediately remove website passwords
from memory
Description: After clicking the "Reset" button for "Reset saved
names and passwords" in the "Reset Safari..." menu option, Safari may
take up to 30 seconds to clear the passwords. A user with access to
the device in that time window may be able to access the stored
credentials. This issue is addressed by resolving the race condition
that led to the delay. Credit to Philippe Couturier of izypage.com,
and Andrew Wellington of The Australian National University for
reporting this issue.
Telephony
CVE-ID: CVE-2010-3832
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 3.2 through 3.2.2 for iPad
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A heap buffer overflow exists in the handling of
Temporary Mobile Subscriber Identity (TMSI) fields in GSM mobility
management. This may allow a remote attacker to cause arbitrary code
execution on the baseband processor. This issue is addressed through
improved bounds checking. Credit to Ralf-Philipp Weinmann of the
University of Luxembourg for reporting this issue.
WebKit
CVE-ID: CVE-2010-3803
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in WebKit's handling of
strings. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to J23
for reporting this issue.
WebKit
CVE-ID: CVE-2010-3824
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling
"use" elements in SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
memory handling. Credit to wushi of team509 for reporting this issue.
WebKit
CVE-ID: CVE-2010-3816
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
scrollbars. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory handling. Credit to Rohit
Makasana of Google Inc. for reporting this issue.
WebKit
CVE-ID: CVE-2010-3809
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
inline styling. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of inline styling.
Credit to Abhishek Arya (Inferno) of Google Chrome Security Team for
reporting this issue.
WebKit
CVE-ID: CVE-2010-3810
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: A maliciously crafted website may be able to spoof the
address in the location bar or add arbitrary locations to the history
Description: A cross-origin issue exists in WebKit's handling of the
History object. A maliciously crafted website may be able to spoof
the address in the location bar or add arbitrary locations to the
history. This issue is addressed through improved tracking of
security origins. Credit to Mike Taylor of Opera Software for
reporting this issue.
WebKit
CVE-ID: CVE-2010-3805
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An integer underflow exists in WebKit's handling of
WebSockets. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to Keith
Campbell, and Cris Neckar of Google Chrome Security Team for
reporting this issue.
WebKit
CVE-ID: CVE-2010-3823
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
Geolocation objects. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. Credit to
kuzzcc for reporting this issue.
WebKit
CVE-ID: CVE-2010-3116
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple use after free issues exist in WebKit's
handling of plug-ins. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
These issues are addressed through improved memory handling.
WebKit
CVE-ID: CVE-2010-3812
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow exists in WebKit's handling of Text
objects. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to J23
working with TippingPoint's Zero Day Initiative for reporting this
issue.
WebKit
CVE-ID: CVE-2010-3808
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
editing commands. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of editing
commands. Credit to wushi of team509 for reporting this issue.
WebKit
CVE-ID: CVE-2010-3259
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a malicious website may lead to the disclosure of
image data from another website
Description: A cross-origin issue exists in WebKit's handling of
images created from "canvas" elements. Visiting a malicious website
may lead to the disclosure of image data from another website. This
issue is addressed through improved tracking of security origins.
Credit to Isaac Dawson, and James Qiu of Microsoft and Microsoft
Vulnerability Research (MSVR) for reporting this issue.
WebKit
CVE-ID: CVE-2010-1822
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
SVG elements in non-SVG documents. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of SVG elements. Credit to wushi of team509 for reporting
this issue.
WebKit
CVE-ID: CVE-2010-3811
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
element attributes. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. Credit to
Michal Zalewski for reporting this issue.
WebKit
CVE-ID: CVE-2010-3817
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
CSS 3D transforms. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved handling of CSS 3D
transforms. Credit to Abhishek Arya (Inferno) of Google Chrome
Security Team for reporting this issue.
WebKit
CVE-ID: CVE-2010-3818
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
inline text boxes. Visiting a maliciously crafted website may lead to
an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory handling. Credit to
Abhishek Arya (Inferno) of Google Chrome Security Team for reporting
this issue.
WebKit
CVE-ID: CVE-2010-3819
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
CSS boxes. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved handling of CSS boxes. Credit to
Abhishek Arya (Inferno) of Google Chrome Security Team for reporting
this issue.
WebKit
CVE-ID: CVE-2010-3820
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's
handling of editable elements. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of
editable elements. Credit: Apple.
WebKit
CVE-ID: CVE-2010-1789
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of
JavaScript string objects. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved bounds checking.
Credit: Apple.
WebKit
CVE-ID: CVE-2010-1806
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
elements with run-in styling. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of
object pointers. Credit to wushi of team509, working with
TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
CVE-ID: CVE-2010-3257
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of
element focus. Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved memory management. Credit to
VUPEN Vulnerability Research Team for reporting this issue.
WebKit
CVE-ID: CVE-2010-3826
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An invalid cast issue exists in WebKit's handling of
colors in SVG documents. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of
colors in SVG documents. Credit to Abhishek Arya (Inferno) of Google
Chrome Security Team for reporting this issue.
WebKit
CVE-ID: CVE-2010-1807
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An input validation issue exists in WebKit's handling
of floating point data types. Visiting a maliciously crafted website
may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of
floating point values. Credit to Luke Wagner of Mozilla for reporting
this issue.
WebKit
CVE-ID: CVE-2010-3821
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling
of the ':first-letter' pseudo-element in cascading stylesheets.
Visiting a maliciously crafted website may lead to an unexpected
application termination or arbitrary code execution. This issue is
addressed through improved handling of the ':first-letter' pseudo-
element. Credit to Cris Neckar and Abhishek Arya (Inferno) of Google
Chrome Security Team for reporting this issue.
WebKit
CVE-ID: CVE-2010-3804
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Websites may surreptitiously track users
Description: Safari generates random numbers for JavaScript
applications using a predictable algorithm. This may allow a website
to track a particular Safari session without using cookies, hidden
form elements, IP addresses, or other techniques. This update
addresses the issue by using a stronger random number generator.
Credit to Amit Klein of Trusteer for reporting this issue.
WebKit
CVE-ID: CVE-2010-3813
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: WebKit may perform DNS prefetching even when it is disabled
Description: When WebKit encounters an HTML Link Element that
requests DNS prefetching, it will perform the operation even if
prefetching is disabled. This may result in undesired requests to
remote servers. As an example, the sender of an HTML-formatted email
message could use this to determine that the message was read. This
issue is addressed trough improved handling of DNS prefetching
requests. Credit to Jeff Johnson of Rogue Amoeba Software for
reporting this issue.
WebKit
CVE-ID: CVE-2010-3822
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized pointer issue exists in WebKit's
handling of CSS counter styles. Visiting a maliciously crafted
website may lead to an unexpected application termination or
arbitrary code execution. This issue is addressed through improved
handling of CSS counter styles. Credit to kuzzcc for reporting this
issue.
WebKit
Available for: iOS 2.0 through 4.1 for iPhone 3G and later,
iOS 2.1 through 4.1 for iPod touch (2nd generation) and later,
iOS 3.2 through 3.2.2 for iPad
Impact: A maliciously crafted website may be able to determine which
sites a user has visited
Description: A design issue exists in WebKit's handling of the CSS
:visited pseudo-class. A maliciously crafted website may be able to
determine which sites a user has visited. This update limits the
ability of web pages to style pages based on whether links are
visited.
Multiple components
CVE-ID: CVE-2010-0051, CVE-2010-0544, CVE-2010-0042, CVE-2010-1384,
CVE-2010-1387, CVE-2010-1392, CVE-2010-1394, CVE-2010-1403,
CVE-2010-1405, CVE-2010-1407, CVE-2010-1408, CVE-2010-1410,
CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417,
CVE-2010-1418, CVE-2010-1421, CVE-2010-1422, CVE-2010-1757,
CVE-2010-1758, CVE-2010-1764, CVE-2010-1770, CVE-2010-1771,
CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783,
CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787,
CVE-2010-1788, CVE-2010-1791, CVE-2010-1793, CVE-2010-1811,
CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815
Available for: iOS 3.2 through 3.2.2 for iPad
Impact: Multiple security fixes in iOS for iPad
Description: This update incorporates security fixes that were
provided for iPhone and iPod touch in iOS 4 and iOS 4.1.
Installation note:
These updates are only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"4.2.1 (8C148)" or later.
New devices with the version "4.2 (8C134)" or "4.2 (8C134b)"
already include the fixes listed in this advisory.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
