/>
X
Innovation

Apple iOS 4.2 addresses multiple WebKit security issues

Apple's iOS 4.2 is now available and the release addresses a lot more than just AirPrint and other goodies. The updated iOS addresses numerous security issues including a bevy of items in Webkit.
Written by Larry Dignan, Contributor on

Apple's iOS 4.2 is now available and the release addresses a lot more than just AirPrint and other goodies. The updated iOS addresses numerous security issues including a bevy of items in WebKit.

You can find the security update about iOS 4.2 in this mailing list advisory. Among the key highlights:

  • CVE-2010-3828: This one addresses iOS 2.0 through 4.1 for iPhone 3G and later as well as the iPod touch and iPad. In a nutshell, a URL issue allows a hacker to initiate a call from the iAd Content Display. Aaron Sigel of vtty.com reported the issue.
  • CVE-2010-3929: This Mail flaw means that that WebKit will perform a prefetch if remote image loading is enabled when it runs into an HTML Link Element. "This may result in undesired requests to remote servers," said Apple.  Mike Cardwell of Cardwell IT Ltd. gets props for the find.
  • CVE-2010-1843: A remote attacker can shutdown a system. " A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown," said Apple. TippingPoint's Zero Day Initiative found this one.
  • CVE-2010-3831: This one addresses photos. In certain situations a "send to MobileMe" may disclose your passwords. Sigel found this one.
  • And multiple WebKit fixes to prevent code executions after visiting a "maliciously crafted Web site." This laundry list includes: CVE-2010-3824, CVE-2010-3816, CVE-2010-3809, CVE-2010-3810, CVE-2010-3805, CVE-2010-3823, CVE-2010-3116, CVE-2010-3812, CVE-2010-3808, CVE-2010-3259, CVE-2010-1822, CVE-2010-3811, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-1789, CVE-2010-1806,  CVE-2010-3257, CVE-2010-3826, CVE-2010-1807, CVE-2010-3821,  CVE-2010-3804, CVE-2010-3813,  CVE-2010-3822 and multiple component fixes beyond those.

Editorial standards

Related

How much RAM does your Windows 11 PC need?
adobestock-339222220

How much RAM does your Windows 11 PC need?

What is ChatGPT and why does it matter? Here's what you need to know
chat bot

What is ChatGPT and why does it matter? Here's what you need to know

How to nail the 'Do you have any questions for me?' part of the interview
job interview

How to nail the 'Do you have any questions for me?' part of the interview