Apple fixes iOS vulnerability exposed by Charlie Miller

Apple fixes iOS vulnerability exposed by Charlie Miller

Summary: Apple fixes the security vulnerability that was at the center of its decision to dismiss Charlie Miller from the iOS developer program.

SHARE:

Apple has wasted no time fixing the code signing bypass vulnerability exposed by Charlie Miller in the recent disclosure flap that ended with Miller being kicked out of Apple's iOS developer program.

Apple shipped the patch for Miller's vulnerability in the new iOS 5.0.1 software update that also fixes a publicly known passcode lock issue that affected the iPad 2 device.

Despite the controversial decision to dismiss Miller from the iOS developer program, Apple publicly credited the Accuvant security researcher for finding and reporting the kernel security hole.

From the advisory:

follow Ryan Naraine on twitter

A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks.  This could be exploited to allow an application to execute unsigned code.

After latest iPhone hack, Charlie Miller kicked out of iOS dev program ]

Using a proof-of-concept app that masqueraded as a stock ticker, Miller was able to commandeer an iPhone device via the installed app.

The iOS 5.0.2 update also fixes some additional security problems:

  • CFNetwork: An issue existed in CFNetwork's handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. Visiting a maliciously crafted website may lead to the disclosure of sensitive information.
  • CoreGraphics: Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. Viewing a document containing a maliciously crafted font may lead to arbitrary code execution.
  • libinfo: An issue existed in libinfo's handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result. Visiting a maliciously crafted website may lead to the disclosure of sensitive information.
  • Passcode Lock: When a Smart Cover is opened while iPad 2 is confirming power off in the locked state, the iPad does not request a passcode. This allows some access to the iPad, but data protected by Data Protection is inaccessible and apps cannot be launched. A person with physical access to a locked iPad 2 may be able to access some of the user's data.

Topics: Security, Apple, iPad, Mobile OS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • RE: Apple fixes iOS vulnerability exposed by Charlie Miller

    Hi Ryan,

    There's a typo:
    "The iOS 5.0.2 update also fixes some additional security problems". It's 5.0.1.

    Thanks for the post and keep up the good job.

    @_saadk
    _saadk
  • Correction

    His own stupid behavior was the only thing that was at the center of (Apple's) decision to dismiss Charlie Miller from the iOS developer program.
    m0o0o0o0o
  • I guess it just goes to show

    Storm + teacup = attempt at Apple feeding frenzy.

    That and it also shows that being clever-ish doesn't prevent one from being an attention seeking ego-tripper. Miller, you've spat the dummy one too many times maybe.
    ego.sum.stig
  • Interesting how...

    None of folks insisting Apple would ignore, deny, etc... this fault, or any other, are absent. As I noted previously, they don't talk about them, but they do fix them.
    use_what_works_4_U
  • RE: Apple fixes iOS vulnerability exposed by Charlie Miller

    Wonder if Miller had any idea the amount of coverage this story would get??? Always happy to see a new update that improve security though. http://www.mosaictec.com
    MosaicTechnology
  • RE: Apple fixes iOS vulnerability exposed by Charlie Miller

    Here???s a free developer program you can join to increase your knowledge and credibility in cloud application development. Get certified and bid on Caspio-specific projects to earn more money http://blog.caspio.com/news/announcing-caspio-certification-and-developer-network/
    lawtonterri