ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

iPhone, QuickTime bitten by security bugs

By | September 9, 2009, 2:02pm PDT

Summary: Apple has released security patches to cover serious security vulnerabilities in its iPhone, iPod Touch and QuickTime products.

Apple has released security patches to cover serious security vulnerabilities in its iPhone, iPod Touch and QuickTime products.

The most serious of the vulnerabilities could lead to remote code execution attacks that give malicious hackers an easy way to hijack computers and mobile devices.

Here are some of the more serious security bugs covered with the iPhone OS 3.1 and iPhone OS 3.1.1 update:

  • CoreAudio (CVE-2009-2206) — A heap buffer overflow exists in the handling of AAC and MP3 files. Opening a maliciously crafted AAC or MP3 file may lead to an unexpected application termination or arbitrary code execution.
  • Recovery Mode (CVE-2009-2795) — A person with physical access to a locked device may be able
    to access the user’s data. A heap buffer overflow exists in Recovery Mode command parsing. This may allow another person with physical access to the device to bypass the passcode, and access the user’s data. This update addresses the issue through improved bounds checking.
  • Telephony (CVE-2009-2815) — Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. A null pointer dereference issue exists in the handling of SMS arrival notifications. Receiving a maliciously crafted SMS message may lead to an unexpected service interruption. This update addresses the issue through improved handling of incoming SMS messages.
  • WebKit (CVE-2009-1725) — A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

FOUR VULNERABILITIES IN QUICKTIME

Apple also shipped QuickTime 7.6.4 to cover four vulnerabilities affecting Mac and Windows users:

  • CVE-2009-2202 — A memory corruption issue exists in QuickTime’s handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2009-2203 — A buffer overflow exists in QuickTime’s handling of MPEG-4 video files. Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution.
  • CVE-2009-2798 — A heap buffer overflow exists in QuickTime’s handling of FlashPix files. Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code
    execution.
  • CVE-2009-2799 — A heap buffer overflow exists in QuickTime’s handling of H.264 movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution.

The iPhone and iPod Touch updates are available via iTunes.   The QuickTime patch is being pushed out via the automatic updating software in Mac OS X and Windows.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple iPhone, Apple QuickTime, Movie, H.264, Arbitrary Code Execution, Buffer-overflow, Security Bug, Application Termination, Movie File, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
23
Comments
Add Your Opinion

Join the conversation!

Just In

RE: iPhone, QuickTime bitten by security bugs
lovedong 12th Sep
I very much enjoyed this article. chanel bags
View in thread
0 Votes
+ -
Ryan, can you explain that? [was: Liars! This is Teh Unpossible!!]
Qbt Updated - 9th Sep 2009
Wonder why these have not been tagged with the word "gaping" in the title? Weird.
0 Votes
+ -
RE: iPhone, QuickTime bitten by security bugs
lovedong 12th Sep
I very much enjoyed this article. chanel bags
0 Votes
+ -
Does QuickTime have any secure code in it?
NonZealot 9th Sep 2009
I must say that I'm impressed with how many gaping security holes Apple has managed to cram into a media player!
0 Votes
+ -
Yeah, these almost daily announcements from Apple..
Confused by religion Updated - 9th Sep 2009
... about holes and vulnerabilities must be frightening for the Apple crowd.

I think I hear Gertruded singing "lalalalalala" with her fingers in her ears and eyes tightly shut.
0 Votes
+ -
Hard to cut through the mass of Windows security patch announcements
Fred Fredrickson 9th Sep 2009
You will note that in the last few days ZDNet has reported:

"Microsoft confirms SMB2 vulnerability, warns of code execution risk"
http://blogs.zdnet.com/security/?p=4228

"Windows 7, Vista exposed to 'teardrop attack'"
http://blogs.zdnet.com/security/?p=4222

"Microsoft patches gaping Windows worm holes"
http://blogs.zdnet.com/security/?p=4217

And for all that they've left some vulnerabilities that are currently being exploited unpatched:

"...The September batch of patches does not address the FTP in IIS vulnerability that is currently being exploited in the wild."

Seems to me Microsoft has quite a bit more to worry about than Apple.
0 Votes
+ -
Yea that's what happens when you have 1.2 *billion* users
Qbt 9th Sep 2009
When you have 1.2 billion users, *any* vulnerability gets pounced on immediately, whereas if you have a paltry 4.8% markershare, you can patch your OS's holes at your leisure since no-one even cares to take advantage of them. That's the difference.

If Apple ever gets to play where the Big Boys play, let's talk then, shall we...?
0 Votes
+ -
Here comes the troll again...
Fred Fredrickson 9th Sep 2009
When Windows has security patches, you say it doesn't mean Windows is insecure. When iTunes has security patches, you argue that it means iTunes is insecure.

I think that is the very definition of a hypocrite.
0 Votes
+ -
Apple is the one creating the illusion its software is so secure
Qbt 9th Sep 2009
So excuse us when we point out how it isn't.

0 Votes
+ -
No, they aren't.
Fred Fredrickson 9th Sep 2009
Why do defensive when the hypocrisy of the #1 Windows zealot is pointed out?

Apple's advertising was aimed at the risk of attack, not some undefined security metric for the software on their machines. The facts bear that out as truth - you have far more chance of a security attack if you use Windows than Mac OS.

The ads were also very tounge-in-cheek, which I think was understood by most of those who saw them.
0 Votes
+ -
Apple targets stupid people. People that actually believe the ads.
Qbt Updated - 9th Sep 2009
Many Apple fanboys will swear that the reason Macs have fewer malware is because it is "teh secure". Are you now admitting that this is indeed not the case, and that "the risk of attack" has more to do with marketshare? Because it sure ain't because OS X is secure.

No-one said you are more, or even equally "at risk" using OS X. We all know that you are more "at risk" on Windows, but the question is why? And if we come to the conclusion that it is due to the size of its market, then nobody can pat Apple on the back for being "secure". Instead, they are just "obscure". That is nothing to be proud of.
0 Votes
+ -
Speaking of creating illusions...
vulpine@... 10th Sep 2009
... yet again, Microsoft declares "Seven most secure version of
Windows yet!" And yet nearly every exploit the prior commenter
listed affects Seven as well as Vista.

Who's creating illusions?
0 Votes
+ -
I'd say *very few* prior vulnerabilities...
wolf_z 10th Sep 2009
...affect Windows 7 RTM.

The latest, for example, does not.

Be a little more careful, Vulpine.
0 Votes
+ -
So you're telling me that...
vulpine@... Updated - 10th Sep 2009
...You will note that in the last few days ZDNet has reported:

"Microsoft confirms SMB2 vulnerability, warns of code
execution risk"
http://blogs.zdnet.com/security/?p=4228

"Windows 7, Vista exposed to 'teardrop attack'"
http://blogs.zdnet.com/security/?p=4222

"Microsoft patches gaping Windows worm holes"
http://blogs.zdnet.com/security/?p=4217

And for all that they've left some vulnerabilities that are
currently being exploited unpatched:

"...The September batch of patches does not address the FTP in
IIS vulnerability that is currently being exploited in the
wild..."

don't affect Win7?

I quote: Exploit code for a remote reboot flaw in Microsoft?s
implementation of the SMB2 protocol has been posted on the
internet, exposing users of Windows 7 and Windows Vista to
the teardrop attacks that used to be popular on Windows 3.1
and Windows 95.

MS09-047: This bulletin includes fixes for two different
vulnerabilities in Windows Media Format. Either vulnerability
could allow remote code execution if a user opened a specially
crafted media file. A malicious hacker could use booby-
trapped MP3 of ASF files to launch code execution attacks. The
update is rated critical for Windows Media Format Runtime 9.0,
Windows Media Format Runtime 9.5, Windows Media Format
Runtime 11, Microsoft Media Foundation, Windows Media
Services 9.1, and Windows Media Services 2008.

This one would affect all versions of Windows, would it not?

MS09-049: Covers a serious vulnerability in the Windows
Wireless LAN AutoConfig Service. The vulnerability could allow
remote code execution if a client or server with a wireless
network interface enabled receives specially crafted wireless
frames. Systems without a wireless card enabled are not at risk
from this vulnerability. The vulnerability is caused by lack of
validation of part of a specific malformed frame transmitted by
a remote wireless transmitter. This could lead to a heap
overflow situation that may result in arbitrary code
execution.

This one too, including Win7.

MS09-048: This update patches three different vulnerabilities
in Transmission Control Protocol/Internet Protocol (TCP/IP)
processing. The vulnerabilities could allow remote code
execution if an attacker sent specially crafted TCP/IP packets
over the network to a computer with a listening service.

And yet again!

And Win7 is more secure? Come on now! Microsoft even
went and reintroduced a problem they once solved!

Maybe you should be more careful; when you consider how
many attacks are already in the wild against Windows, I'd rather
trust my security to the so-called sieve that is OS X than the
rusted-out barrel that is Windows. I only use Windows for
gaming, and even then I'm keeping Vista (and soon 7) as
tightly controlled as I can manage. Since I don't use Windows
for browsing or email, I'll be avoiding the most common attack
vectors.
0 Votes
+ -
Better look again, Vulpine
wolf_z 10th Sep 2009
Teardrop attack:

"The folks at The H Online got the exploit to fire on Windows Vista but could not replicate the issue on Windows 7"

SMB2 attack:

"The vulnerability, which was originally released as a denial-of-service issue, does not affect the RTM version of Windows 7, Microsoft said. It appears Microsoft fixed the flaw in Windows 7 build ~7130, just after RC1."

Gaping holes (7 patches):

MS-045: Windows 7 NOT affected
MS-046: Windows 7 NOT affected
MS-047: Windows 7 NOT affected
MS-049: Windows 7 NOT affected
MS-048: Windows 7 NOT affected

"And Win7 is more secure?"

Why, from your own examples, yes, yes it is. happy In fact *NOT ONE* of the vulnerabilities you listed affect Windows 7. I'd call that more secure, wouldn't you? happy
0 Votes
+ -
Wolf_z, the article specifically stated...
vulpine@... 15th Sep 2009
That 047, 048 and 049 also affected Windows 7, though I
acknowledge that 045 and 046 were no longer an issue.

This means that Win7 is hardly any more secure than Vista or XP before
it. I don't deny there is better protection, but until Microsoft completely
changes their core processes, Windows will remain the most affected
operating system in the world. (Note I didn't say 'most vulnerable,' but
rather, 'most affected.' Until exploits simply stop working, you're not
going to be safer in Windows.)
0 Votes
+ -
That's not what I expected when I opened this...
mgp3 9th Sep 2009
I was expecting some Annie Lenox rendition like:

Here comes the troll again
Raining on this thread like a memory
Trolling on this thread with a new devotion

Come on, now. Show a little creativity, will ya?

Disclaimer: The song above was NOT directed at NZ. Just trying to show Fred how it's done. silly
0 Votes
+ -
Looking in the mirror Fred? (nt)
IT_Guy_z 10th Sep 2009
...
0 Votes
+ -
O noes! Not agoin!
M.R. Kennedy 9th Sep 2009
Yu meen too tlell mee dat iTunas not teh secure?
0 Votes
+ -
RE: iPhone, QuickTime bitten by security bugs
vulpine@... 10th Sep 2009
'Bitten' is not the right word. The iPhone and
QuickTime might have been 'bitten' if they had
been exploited, but honestly, just because you're
allergic to wasps, are you going to die of a sting if
the wasp doesn't sting you?

This is nothing but another 'Cry Wolf' story that is
doing nothing but convincing users that the wolf
doesn't even exist.
0 Votes
+ -
Crying wolf?
wolf_z 10th Sep 2009
I don't think so. Ahem.

Crying wolf would have been if there had been no *vulnerabilities*. After all, if there's a gaping hole in the defenesees sooner or later somebody *will* take advantage of it.

Vulnerable =/= safe, you know.
0 Votes
+ -
Maybe you should read the story about the Boy Who Cried Wolf again.
vulpine@... Updated - 19th Sep 2009
The shepherd knows there's a vulnerability;it's called his flock of sheep.
But when he yells out there's a wolf, and there is none, then all he's
doing
is frightening the people for no reason. After he cried wolf enough
times,
when the wolf really did appear, everyone ignored it and the flock was
destroyed.

Vulnerabilities =/= Wolves.
0 Votes
+ -
RE: iPhone, QuickTime bitten by security bugs
Gis Bun 10th Sep 2009
Buggy software. And I thought Microsoft was bad!
0 Votes
+ -
RE: iPhone, QuickTime bitten by security bugs
birumut Updated - 2nd May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix