On UrbanBaby: Nanny vs. Daycare. Discuss!
BNET Business Network:
BNET
TechRepublic
ZDNet

September 9th, 2009

iPhone, QuickTime bitten by security bugs

Posted by Ryan Naraine @ 2:02 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Patch Watch, Pen testing, Responsible disclosure, iPhone

Tags: Apple iPhone, Apple QuickTime, Movie, H.264, Arbitrary Code Execution, Buffer-overflow, Security Bug, Application Termination, Movie File, Digital Music

Apple has released security patches to cover serious security vulnerabilities in its iPhone, iPod Touch and QuickTime products.

The most serious of the vulnerabilities could lead to remote code execution attacks that give malicious hackers an easy way to hijack computers and mobile devices.

Here are some of the more serious security bugs covered with the iPhone OS 3.1 and iPhone OS 3.1.1 update:

  • CoreAudio (CVE-2009-2206) — A heap buffer overflow exists in the handling of AAC and MP3 files. Opening a maliciously crafted AAC or MP3 file may lead to an unexpected application termination or arbitrary code execution.
  • Recovery Mode (CVE-2009-2795) — A person with physical access to a locked device may be able
    to access the user’s data. A heap buffer overflow exists in Recovery Mode command parsing. This may allow another person with physical access to the device to bypass the passcode, and access the user’s data. This update addresses the issue through improved bounds checking.
  • Telephony (CVE-2009-2815) — Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. A null pointer dereference issue exists in the handling of SMS arrival notifications. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. This update addresses the issue through improved handling of incoming SMS messages.
  • WebKit (CVE-2009-1725) — A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

FOUR VULNERABILITIES IN QUICKTIME

Apple also shipped QuickTime 7.6.4 to cover four vulnerabilities affecting Mac and Windows users:

  • CVE-2009-2202 — A memory corruption issue exists in QuickTime’s handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2009-2203 — A buffer overflow exists in QuickTime’s handling of MPEG-4 video files. Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2009-2798 — A heap buffer overflow exists in QuickTime’s handling of FlashPix files. Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code
    execution.
  • CVE-2009-2799 — A heap buffer overflow exists in QuickTime’s handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution.

The iPhone and iPod Touch updates are available via iTunes.   The QuickTime patch is being pushed out via the automatic updating software in Mac OS X and Windows.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 21 Talkback(s)
Maybe you should read the story about the Boy Who Cried Wolf again.
The shepherd knows there's a vulnerability;it's called his flock of sheep.
But when he yells out there's a wolf, and there is none, then all he's
doing
is frightening the people for no rea... (Read the rest)
Posted by: vulpine@... Posted on: 09/15/09  (Edited: 09/19/09 @ 08:02) You are currently: a Guest | | Terms of Use
Ryan, can you explain that? [was: Liars! This is Teh Unpossible!!]  Qbt | 09/09/09
Does QuickTime have any secure code in it?  NonZealot | 09/09/09
Yeah, these almost daily announcements from Apple..  Confused by religion | 09/09/09
Hard to cut through the mass of Windows security patch announcements  Fred Fredrickson | 09/09/09
Yea that's what happens when you have 1.2 *billion* users  Qbt | 09/09/09
Here comes the troll again...  Fred Fredrickson | 09/09/09
Apple is the one creating the illusion its software is so secure  Qbt | 09/09/09
No, they aren't.  Fred Fredrickson | 09/09/09
Apple targets stupid people. People that actually believe the ads.  Qbt | 09/09/09
Speaking of creating illusions...  vulpine@... | 09/10/09
I'd say *very few* prior vulnerabilities...  wolf_z | 09/10/09
So you're telling me that...  vulpine@... | 09/10/09
Better look again, Vulpine  wolf_z | 09/10/09
Wolf_z, the article specifically stated...  vulpine@... | 09/15/09
That's not what I expected when I opened this...  mgp3 | 09/09/09
Looking in the mirror Fred? (nt)  IT_Guy_z | 09/10/09
O noes! Not agoin!  M.R. Kennedy | 09/09/09
RE: iPhone, QuickTime bitten by security bugs  vulpine@... | 09/10/09
Crying wolf?  wolf_z | 09/10/09
Maybe you should read the story about the Boy Who Cried Wolf again.  vulpine@... | 09/15/09
RE: iPhone, QuickTime bitten by security bugs  Gis Bun | 09/10/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here