Must Read: Samsung Galaxy S4 review

Topic: Security

Apple patches Pwn2Own iPhone OS vulnerabilities

Summary: Apple has released a critical update for its flagship iOS mobile operating system to fix several gaping security holes, including a few that were used in successful exploits at this year's CanSecWest Pwn2Own contest.

Ryan Naraine

By for Zero Day |

Apple has released a critical update for its flagship iOS mobile operating system to fix several gaping security holes, including a few that were used in successful exploits at this year's CanSecWest Pwn2Own contest.

The new iOS 4.3.2 software update, which is available for download via iTunes, provides cover for five documented security problems, including vulnerabilities exploited by Charlie Miller (iPhone) and a team of researchers who broke into RIM's BlackBerry smartphone.

The raw details:

  • QuickLook: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. Credit to Charlie Miller and Dion Blazakis working with TippingPoint's Zero Day Initiative.
  • WebKit: An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Credit to Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp Weinmann, and an anonymous researcher working with TippingPoint's Zero Day Initiative.
  • WebKit: A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Credit to Vupen Security working with TippingPoint's Zero Day Initiative, and Martin Barbella.

The iOS update also fixes the Comodo certificate trust policy problem that allowed an attacker with a privileged network position to intercept user credentials or other sensitive information.   This issue was also fixed in separate Safari and Mac OS X updates.

Topics: Security, Apple, Mobile OS, Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    Apple pies not commenting?

    See? ANY Operating System could have flaws.
    czorrilla
    Reply Vote

    • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

      @czorrilla Fully agree - but tell THAT to the Linux guys.
      athynz
      Reply Vote

      • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

        @athynz
        Oh - we are acutely aware of that, thanks.

        My Ubuntu comes up almost <i>every single day</i> with requests to patch. And I have to enter an admin password every time. Grr.
        honeymonster
        Reply Vote

      • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

        @honeymonster
        <i>My Ubuntu comes up almost every single day with requests to patch. And I have to enter an admin password every time. Grr.</i>

        System level patches <b>should</b> require an admin password to install. They should also provide details on what is being patched. Automatically patching in the background has the potential to install unwanted (and possibly dangerous) malware.
        Rick_K
        Reply Vote

      • I have to agree with Rick_K

        It's better to have to put your admin password in every time and -know- what you're upgrading.
        Michael Alan Goff
        Reply Vote

    • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

      @czorrilla

      All operating systems have vulnerabilities...some have a bucketload more exploited vulnerabilities...the devil is in those details.
      Brich
      Reply Vote

      • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

        Actually, I'm of the opinion that a vulnerability is a worthless metric. It's exploits that we need to concern ourselves with.
        Michael Alan Goff
        Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    http://www.52tube.com/
    http://www.wctube.com/
    http://www.cameporn.com/
    http://www.escortbayan9.com/
    tamam
    myclub
    Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih
    Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate!<a href="http://nccma.com">nccma</a> <a href="http://coolerkings.com">cooler</a>
    MACKENZI
    Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing <a href="http://the-ishop.com">the i shop</a> <a href="http://abatwa.com">abatwa</a>
    MARAGARET
    Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post.<a href="http://power28.com">power</a> <a href="http://sagesinc.com">sa</a> <a href="http://iloveshoping.net">shop</a>
    RHIANNONA
    Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper <a href="http://easy-wheels.com/">wheel</a> <a href="http://pbcars.com/">car</a> <a href="http://com69.net">com</a> <a href="http://cadburry.com">bury</a>
    SATURNINA
    Reply Vote

  • RE: Apple patches Pwn2Own iPhone OS vulnerabilities

    Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board.<a href="http://vintagesnapbackhatsfan.com">z</a><a href="http://bestsolidstatedrive.net">d</a><a href="http://b2days.com/">n</a><a href="http://b2wp.com/">e</a><a href="http://buy-sell-cheap.com/">t</a> <a href="http://sellcheap.net/">t</a><a href="http://newsoftwarepc.com/">h</a><a href="http://bestlaptoppcreviews.com/">a</a><a href="http://buyfurniturefreeshipping.com/">n</a><a href="http://cheapclothingstoresonline.com/">k</a> Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
    TOCCAR
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close