MAAS History
Archives
« Microsoft Office 2008 for Mac 12.2.6 Update | Main | APPLE-SA-2010-08-11-1 iOS 4.0.2 Update for iPhone and iPod touch »
Wednesday
Aug112010

APPLE-SA-2010-08-11-2 iOS 3.2.2 Update for iPad

Apple has released updates to address CVE-2010-1797 (FreeType) and CVE-2010-2973 (IOSurface) vulnerabilities. These vulnerabilities were being used by the jailbreakme_com site which users could visit to jailbreak their phone. The iPad is vulnerable to these exploits as well. Reports of the vulnerability being exploited in the wild surface but were unsubstantiated. 

A PDF file could be used to exploit a stack buffer overflow in FreeType handling of CCF opcodes resulting in arbitrary code execution. The issue has been solved by establishing better bounds checking. In addition an integer overflow existed in the IOSurface which allowed elevated privileges to be gained. The combination of the above vulnerabilities resulted in a jail broken iPad or could be leveraged by malicious attackers using spear phish, drive by downloads or mass malware assault. Users should update their iPad using iTunes immediately. 

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (1)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.
Member Account Required
You must have a member account on this website in order to post comments. Log in to your account to enable posting.