Информационная безопасность
[RU] switch to English

Уязвимости безопасности в Apple iOS
дополнено с 18 июля 2011 г.
Опубликовано:26 июля 2011 г.
SecurityVulns ID:11796
Уровень опасности:
Описание:Повышение привилегий, выполнение кода при просмотре PDF.
Затронутые продукты:APPLE : Apple iOS 4.3
 APPLE : Apple iOS 4.2
CVE:CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.)
 CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.)
 CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.)
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.)
Оригинальный текстdocumentTrustwave Advisories, TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain (26.07.2011)
 documentAPPLE, APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone (26.07.2011)
 documentAPPLE, APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update (26.07.2011)
 documentAPPLE, APPLE-SA-2011-07-15-2 iOS 4.2.9 Software Update for iPhone (18.07.2011)
 documentAPPLE, APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update (18.07.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород