MAAS History
Archives
Wednesday
Aug112010

APPLE-SA-2010-08-11-2 iOS 3.2.2 Update for iPad

DateWednesday, August 11, 2010 at 09:46PM

Apple has released updates to address CVE-2010-1797 (FreeType) and CVE-2010-2973 (IOSurface) vulnerabilities. These vulnerabilities were being used by the jailbreakme_com site which users could visit to jailbreak their phone. The iPad is vulnerable to these exploits as well. Reports of the vulnerability being exploited in the wild surface but were unsubstantiated. 

A PDF file could be used to exploit a stack buffer overflow in FreeType handling of CCF opcodes resulting in arbitrary code execution. The issue has been solved by establishing better bounds checking. In addition an integer overflow existed in the IOSurface which allowed elevated privileges to be gained. The combination of the above vulnerabilities resulted in a jail broken iPad or could be leveraged by malicious attackers using spear phish, drive by downloads or mass malware assault. Users should update their iPad using iTunes immediately. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , ,
Wednesday
Aug112010

APPLE-SA-2010-08-11-1 iOS 4.0.2 Update for iPhone and iPod touch  

DateWednesday, August 11, 2010 at 09:32PM

Apple has released updates to address CVE-2010-1797 (FreeType) and CVE-2010-2973 (IOSurface) vulnerabilities. These vulnerabilities were being used by the jailbreakme_com site which users could visit to jailbreak their phone. Reports of the vulnerability being exploited in the wild surface but were unsubstantiated. 

A PDF file could be used to exploit a stack buffer overflow in FreeType handling of CCF opcodes resulting in arbitrary code execution. The issue has been solved by establishing better bounds checking. In addition an integer overflow existed in the IOSurface which allowed elevated privileges to be gained. The combination of the above vulnerabilities resulted in a jail broken iPhone or could be leveraged by malicious attackers using spear phish, drive by downloads or mass malware assault. Users should update their IPhone and IPod Touch using iTunes immediately. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , ,
Tuesday
Aug102010

Adobe Security Update for Flash Player and Adobe Air

DateTuesday, August 10, 2010 at 09:28PM

Adobe has released an update for Flash Player 10.1.53.64 to address various vulnerabilities. Users should also update Adobe Air 2.0.2.12610 to version 2.0.3. Users can use the automatic update features in Flash Player (which we find unreliable) or download the update from here

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , ,
Friday
Aug062010

Adobe PreRelease Notification APSB10-17

DateFriday, August 6, 2010 at 12:06AM

Adobe has released an advance notification to address CVE-2010-2862 in Reader and Acrobat. The update should be released during the week of August 16, 2010. The release date has been speed up since the exploit was highlighted at BlackHat. Users should should visit the Adobe security site for more information. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , ,
Wednesday
Aug042010

Web Based Jail-Break for iOS Made Public

DateWednesday, August 4, 2010 at 07:35PM

Via the delivery of a malicious PDF file there is a 0day that affects iOS version 3.1.2 to 4.0.1. This includes all models of devices such as the iPhone, iPad and iPod. The PDF is delivered via an iFrame, similar to attacks using PDF as a delivery system. The exploit is within a Type1c font, it bypasses the code signing/sandboxing feature of iOS and obtains root privileges. The file then proceeds to download the shellcode. It is very easy to alter this code for additional or specific payload deliveries. 

It is important to realize that this exploit can be delivered either as a download or PDF in an email file. Users should only open PDF files from trusted sources until more information becomes available. 

AuthordrStrangeP0rk | CommentPost a Comment | Reference1 Reference |
in , , , , , , , , , ,
Page 1 ... 17 18 19 20 21 ... 46 Next 5 Entries ยป