[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GSEC-TZO-45-2009] iPhone remote code execution
- To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, <info@xxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>, <cert@xxxxxxxx>, <nvd@xxxxxxxx>, <cve@xxxxxxxxx>
- Subject: [GSEC-TZO-45-2009] iPhone remote code execution
- From: Thierry Zoller <Thierry@xxxxxxxxx>
- Date: Thu, 23 Jul 2009 14:33:16 +0200
Fell quite behind on this one, here it is.
___________________________________________________________________
Phone &iPod Touch - Remote arbritary code execution
___________________________________________________________________
Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
WWW : http://www.g-sec.lu/iphone-remote-code-exec.html
CVE : CVE-2009-1698
BID : 35318
Credit : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller
Affected products :
- iPhone OS 1.x through 2.2.1
- iPhone OS for iPod touch 1.x through 2.2.1
I. Background
¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational
corporation which designs and manufactures consumer electronics and software
products. The company's best-known hardware products include "
II. Description
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Calling the CSS attr() attribute with a large number leads to memory
corruption, heap spraying allows execution of code.
III. Impact
¨¨¨¨¨¨¨¨¨¨¨
Arbitrary remote code execution can be achieved by creating a special website
and entice
the victim into visiting that site.
IV. Proof of concept
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
None will be released
VI. About
¨¨¨¨¨¨¨¨¨¨
G-SEC ltd. is an independent security consultancy group, founded to
address the growing need for allround (effective) security consultancy
in Luxembourg.
By providing extensive security auditing, rigid policy design, and
implementation of cutting-edge defensive/offensive systems, G-SEC
ensures robust, thorough, and uncompromising protection for
organizations seeking enterprise wide data security.