/>
X

Apple iOS 4.2 addresses multiple WebKit security issues

Apple's iOS 4.2 is now available and the release addresses a lot more than just AirPrint and other goodies. The updated iOS addresses numerous security issues including a bevy of items in Webkit.
larry-dignan-eic.jpg
Written by Larry Dignan on

Apple's iOS 4.2 is now available and the release addresses a lot more than just AirPrint and other goodies. The updated iOS addresses numerous security issues including a bevy of items in WebKit.

You can find the security update about iOS 4.2 in this mailing list advisory. Among the key highlights:

  • CVE-2010-3828: This one addresses iOS 2.0 through 4.1 for iPhone 3G and later as well as the iPod touch and iPad. In a nutshell, a URL issue allows a hacker to initiate a call from the iAd Content Display. Aaron Sigel of vtty.com reported the issue.
  • CVE-2010-3929: This Mail flaw means that that WebKit will perform a prefetch if remote image loading is enabled when it runs into an HTML Link Element. "This may result in undesired requests to remote servers," said Apple.  Mike Cardwell of Cardwell IT Ltd. gets props for the find.
  • CVE-2010-1843: A remote attacker can shutdown a system. " A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown," said Apple. TippingPoint's Zero Day Initiative found this one.
  • CVE-2010-3831: This one addresses photos. In certain situations a "send to MobileMe" may disclose your passwords. Sigel found this one.
  • And multiple WebKit fixes to prevent code executions after visiting a "maliciously crafted Web site." This laundry list includes: CVE-2010-3824, CVE-2010-3816, CVE-2010-3809, CVE-2010-3810, CVE-2010-3805, CVE-2010-3823, CVE-2010-3116, CVE-2010-3812, CVE-2010-3808, CVE-2010-3259, CVE-2010-1822, CVE-2010-3811, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-1789, CVE-2010-1806,  CVE-2010-3257, CVE-2010-3826, CVE-2010-1807, CVE-2010-3821,  CVE-2010-3804, CVE-2010-3813,  CVE-2010-3822 and multiple component fixes beyond those.

Related

A United Airlines pilot made a big speech to passengers. Not everyone will love it
screen-shot-2022-08-09-at-9-39-33-am.png

A United Airlines pilot made a big speech to passengers. Not everyone will love it

Business
Dear American Airlines customers, your pilot today is a United Airlines trainee
gettyimages-1155904758-american-airlines-dreamliner2.jpg

Dear American Airlines customers, your pilot today is a United Airlines trainee

Business
An Apple employee told me the truth about the M2 MacBook Air (that was the problem)
screen-shot-2022-08-09-at-4-14-46-pm.png

An Apple employee told me the truth about the M2 MacBook Air (that was the problem)

Apple