[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [GSEC-TZO-45-2009] iPhone remote code execution



Are there memory protections in 3.x to stop this or is it purely a lack of
time/testing to find the exploit vector?

--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com


2009/7/23 Thierry Zoller <Thierry@xxxxxxxxx>

>
> Fell quite behind on this one, here it is.
> ___________________________________________________________________
>
>      Phone &iPod Touch - Remote arbritary code execution
> ___________________________________________________________________
>
>
> Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
> WWW       : http://www.g-sec.lu/iphone-remote-code-exec.html
> CVE       : CVE-2009-1698
> BID       : 35318
> Credit    : http://support.apple.com/kb/HT3639
> Discovered by : Thierry Zoller
>
> Affected products :
> - iPhone OS 1.x through 2.2.1
> - iPhone OS for iPod touch 1.x through 2.2.1
>
> I. Background
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨
> Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational
> corporation which designs and manufactures consumer electronics and software
> products. The company's best-known hardware products include "
>
> II. Description
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
> Calling the CSS attr() attribute with a large number leads to memory
> corruption, heap spraying allows execution of code.
>
> III. Impact
> ¨¨¨¨¨¨¨¨¨¨¨
> Arbitrary remote code execution can be achieved by creating a special
> website and entice
> the victim into visiting that site.
>
> IV. Proof of concept
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
> None will be released
>
>
> VI. About
> ¨¨¨¨¨¨¨¨¨¨
> G-SEC ltd. is an independent security consultancy group, founded to
> address the growing need for allround (effective) security consultancy
> in Luxembourg.
>
> By providing extensive security auditing, rigid policy design, and
> implementation of cutting-edge defensive/offensive systems, G-SEC
> ensures robust, thorough, and  uncompromising protection for
> organizations seeking enterprise wide data security.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/