ID: IRCNE20111101311
Date: 2011-11-12
According to “ZDNet”, Apple has wasted no time fixing the code signing bypass vulnerability exposed by Charlie Miller in the recent disclosure flap.
Apple shipped the patch for Miller’s vulnerability in the new iOS 5.0.1 software update that also fixes a publicly known passcode lock issue that affected the iPad 2 device.
From the advisory:
“A logic error existed in the mmap system call’s checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This could be exploited to allow an application to execute unsigned code.”
"This issue does not affect devices running iOS prior to version 4.3", Apple posted in a security document.
Using a proof-of-concept app that masqueraded as a stock ticker, Miller was able to commandeer an iPhone device via the installed app.
The iOS 5.0.2 update also fixes some additional security problems:
· CFNetwork: An issue existed in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. Visiting a maliciously crafted website may lead to the disclosure of sensitive information.
· CoreGraphics: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. Viewing a document containing a maliciously crafted font may lead to arbitrary code execution.
· libinfo: An issue existed in libinfo’s handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result. Visiting a maliciously crafted website may lead to the disclosure of sensitive information.
· Passcode Lock: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched. A person with physical access to a locked iPad 2 may be able to access some of the user’s data.
Related Links:
Malicious app in the App Store
- 4