ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple fixes iOS vulnerability exposed by Charlie Miller

By | November 10, 2011, 9:49pm PST

Summary: Apple fixes the security vulnerability that was at the center of its decision to dismiss Charlie Miller from the iOS developer program.

Apple has wasted no time fixing the code signing bypass vulnerability exposed by Charlie Miller in the recent disclosure flap that ended with Miller being kicked out of Apple’s iOS developer program.

Apple shipped the patch for Miller’s vulnerability in the new iOS 5.0.1 software update that also fixes a publicly known passcode lock issue that affected the iPad 2 device.

Despite the controversial decision to dismiss Miller from the iOS developer program, Apple publicly credited the Accuvant security researcher for finding and reporting the kernel security hole.

From the advisory:

follow Ryan Naraine on twitter

A logic error existed in the mmap system call’s checking of valid flag combinations. This issue may lead to a bypass of codesigning checks.  This could be exploited to allow an application to execute unsigned code.

After latest iPhone hack, Charlie Miller kicked out of iOS dev program ]

Using a proof-of-concept app that masqueraded as a stock ticker, Miller was able to commandeer an iPhone device via the installed app.

The iOS 5.0.2 update also fixes some additional security problems:

  • CFNetwork: An issue existed in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. Visiting a maliciously crafted website may lead to the disclosure of sensitive information.
  • CoreGraphics: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. Viewing a document containing a maliciously crafted font may lead to arbitrary code execution.
  • libinfo: An issue existed in libinfo’s handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result. Visiting a maliciously crafted website may lead to the disclosure of sensitive information.
  • Passcode Lock: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched. A person with physical access to a locked iPad 2 may be able to access some of the user’s data.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Disclosure, Apple iPad, Vulnerability, Apple Inc., Apple iPad 2, Apple iOS, Mobile Operating Systems, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

7
Comments
Add Your Opinion

Join the conversation!

Just In

sdfsd
jywhy888 7th Mar
Wholesale Dartboard Wholesale Lanyard http://www.chinawholesaletown.com/wholesale-Toys---Games/ Tellurion
Eye Mask Wholesale Coaster http://www.chinawholesaletown.com/wholesale-Digital-Photo-Frame/ Photo Frame
Wholesale Frisbee World Cup Products http://www.chinawholesaletown.com/ Gift Bags
Pen Holder Wholesale Clothes Rack http://www.chinawholesaletown.com/wholesale-iPod---iPhone/ Flag
Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
Vocal Concert Products Stuffed Animals http://www.chinawholesaletown.com/wholesale-Heating-Products/ Digital Photo Frame
Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
Wholesale Lanyard Wholesale Pin http://www.chinawholesaletown.com/ Book Light
Outdoor Leisure Products Electrical Gifts http://www.chinawholesaletown.com/wholesale-Fishing/ Mouse Pad
Wholesale Calendar Wholesale Racks http://www.chinawholesaletown.com/wholesale-Apron/ Jewelry
Wholesale Bracelet Silicone Products http://www.chinawholesaletown.com/wholesale-Medicine-Instrument/ Fan
Wholesale Puzzle Wholesale Massager http://www.chinawholesaletown.com/wholesale-Furniture/ Tableware
Wine Set Industrial Supplies http://www.chinawholesaletown.com/wholesale-Pen-Holder/ Scarf
Wholesale Scissors Wholesale Lighter http://www.chinawholesaletown.com/wholesale-Jewelry/ Heating Products
Lunch Box Wholesale Mouse http://www.chinawholesaletown.com/wholesale-Clothes-Rack/ Wedding Favors
Wholesale Flashlight Wholesale Helmet http://www.chinawholesaletown.com/wholesale-MP3---MP4---MP5-Player/ lable
Business Gift Health Care Products http://www.chinawholesaletown.com/wholesale-Stapler/ Whistle
Wholesale Album Wholesale Apron http://www.chinawholesaletown.com/wholesale-Valentine-Gifts/ Promotional Gifts
Wholesale Racks Wholesale Memory Card http://www.chinawholesaletown.com/wholesale-Poncho-Raincoat/ Reflective Safety Vest
Poncho Raincoat Wholesale Mp3 http://www.chinawholesaletown.com/wholesale-Glasses/ Mobile Phone
Health Care Products Wholesale Hardware Tools http://www.chinawholesaletown.com/wholesale-Recorder-Pen/ Pin
Wholesale Umbrella Electroluminescent http://www.chinawholesaletown.com/wholesale-Entertainment/ First Aid Kit
Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
Wholesale Kitchenware Wholesale Tag http://www.chinawholesaletown.com/wholesale-First-Aid-Kit/ Cards
Wholesale Sticker Wholesale Stationery http://www.chinawholesaletown.com/wholesale-Waterproof-Case/ Poncho
Wholesale Towel Entertainment Supplies http://www.chinawholesaletown.com/wholesale-Dartboard/ Dartboard
Wholesale Gift Bags Voice Recorder http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Promotional Products
Wholesale Mat Money Clip http://www.chinawholesaletown.com/wholesale-Silicone/ Pet Supplies
Tape Measure Wholesale Sticker http://www.chinawholesaletown.com/wholesale-Halloween-Gift/ Lighter
Gift Box Beauty Equipment http://www.chinawholesaletown.com/wholesale-Belt/ Tie
Baby Products Suppliers CD Holde http://www.chinawholesaletown.com/wholesale-Whistle/ Towel
Wholesale Tableware Vocal Concert Products http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Lighting Products
Wholesale First Aid Kit Wholesale Scarf http://www.chinawholesaletown.com/wholesale-Lanyard/ Glass
Garden Decorations Wholesale Speakers http://www.chinawholesaletown.com/wholesale-Bag/ Frisbee
Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
Wholesale Camera Eye Mask http://www.chinawholesaletown.com/wholesale-Compass/ Valentine Gifts
View in thread
0 Votes
+ -
RE: Apple fixes iOS vulnerability exposed by Charlie Miller
_saadk 10th Nov
Hi Ryan,

There's a typo:
"The iOS 5.0.2 update also fixes some additional security problems". It's 5.0.1.

Thanks for the post and keep up the good job.

@_saadk
0 Votes
+ -
sdfsd
jywhy888 7th Mar
Wholesale Dartboard Wholesale Lanyard http://www.chinawholesaletown.com/wholesale-Toys---Games/ Tellurion
Eye Mask Wholesale Coaster http://www.chinawholesaletown.com/wholesale-Digital-Photo-Frame/ Photo Frame
Wholesale Frisbee World Cup Products http://www.chinawholesaletown.com/ Gift Bags
Pen Holder Wholesale Clothes Rack http://www.chinawholesaletown.com/wholesale-iPod---iPhone/ Flag
Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
Vocal Concert Products Stuffed Animals http://www.chinawholesaletown.com/wholesale-Heating-Products/ Digital Photo Frame
Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
Wholesale Lanyard Wholesale Pin http://www.chinawholesaletown.com/ Book Light
Outdoor Leisure Products Electrical Gifts http://www.chinawholesaletown.com/wholesale-Fishing/ Mouse Pad
Wholesale Calendar Wholesale Racks http://www.chinawholesaletown.com/wholesale-Apron/ Jewelry
Wholesale Bracelet Silicone Products http://www.chinawholesaletown.com/wholesale-Medicine-Instrument/ Fan
Wholesale Puzzle Wholesale Massager http://www.chinawholesaletown.com/wholesale-Furniture/ Tableware
Wine Set Industrial Supplies http://www.chinawholesaletown.com/wholesale-Pen-Holder/ Scarf
Wholesale Scissors Wholesale Lighter http://www.chinawholesaletown.com/wholesale-Jewelry/ Heating Products
Lunch Box Wholesale Mouse http://www.chinawholesaletown.com/wholesale-Clothes-Rack/ Wedding Favors
Wholesale Flashlight Wholesale Helmet http://www.chinawholesaletown.com/wholesale-MP3---MP4---MP5-Player/ lable
Business Gift Health Care Products http://www.chinawholesaletown.com/wholesale-Stapler/ Whistle
Wholesale Album Wholesale Apron http://www.chinawholesaletown.com/wholesale-Valentine-Gifts/ Promotional Gifts
Wholesale Racks Wholesale Memory Card http://www.chinawholesaletown.com/wholesale-Poncho-Raincoat/ Reflective Safety Vest
Poncho Raincoat Wholesale Mp3 http://www.chinawholesaletown.com/wholesale-Glasses/ Mobile Phone
Health Care Products Wholesale Hardware Tools http://www.chinawholesaletown.com/wholesale-Recorder-Pen/ Pin
Wholesale Umbrella Electroluminescent http://www.chinawholesaletown.com/wholesale-Entertainment/ First Aid Kit
Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
Wholesale Kitchenware Wholesale Tag http://www.chinawholesaletown.com/wholesale-First-Aid-Kit/ Cards
Wholesale Sticker Wholesale Stationery http://www.chinawholesaletown.com/wholesale-Waterproof-Case/ Poncho
Wholesale Towel Entertainment Supplies http://www.chinawholesaletown.com/wholesale-Dartboard/ Dartboard
Wholesale Gift Bags Voice Recorder http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Promotional Products
Wholesale Mat Money Clip http://www.chinawholesaletown.com/wholesale-Silicone/ Pet Supplies
Tape Measure Wholesale Sticker http://www.chinawholesaletown.com/wholesale-Halloween-Gift/ Lighter
Gift Box Beauty Equipment http://www.chinawholesaletown.com/wholesale-Belt/ Tie
Baby Products Suppliers CD Holde http://www.chinawholesaletown.com/wholesale-Whistle/ Towel
Wholesale Tableware Vocal Concert Products http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Lighting Products
Wholesale First Aid Kit Wholesale Scarf http://www.chinawholesaletown.com/wholesale-Lanyard/ Glass
Garden Decorations Wholesale Speakers http://www.chinawholesaletown.com/wholesale-Bag/ Frisbee
Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
Wholesale Camera Eye Mask http://www.chinawholesaletown.com/wholesale-Compass/ Valentine Gifts
0 Votes
+ -
Correction
m0o0o0o0o 11th Nov
His own stupid behavior was the only thing that was at the center of (Apple's) decision to dismiss Charlie Miller from the iOS developer program.
0 Votes
+ -
I guess it just goes to show
ego.sum.stig@... 11th Nov
Storm + teacup = attempt at Apple feeding frenzy.

That and it also shows that being clever-ish doesn't prevent one from being an attention seeking ego-tripper. Miller, you've spat the dummy one too many times maybe.
0 Votes
+ -
Interesting how...
use_what_works_4_U 11th Nov
None of folks insisting Apple would ignore, deny, etc... this fault, or any other, are absent. As I noted previously, they don't talk about them, but they do fix them.
0 Votes
+ -
RE: Apple fixes iOS vulnerability exposed by Charlie Miller
MosaicTechnology 15th Nov
Wonder if Miller had any idea the amount of coverage this story would get??? Always happy to see a new update that improve security though. http://www.mosaictec.com
0 Votes
+ -
RE: Apple fixes iOS vulnerability exposed by Charlie Miller
lawtonterri 2nd Feb
Here???s a free developer program you can join to increase your knowledge and credibility in cloud application development. Get certified and bid on Caspio-specific projects to earn more money http://blog.caspio.com/news/announcing-caspio-certification-and-developer-network/

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix