Skip to Content
-A A +A

boelder's blog

iOS 4.1 released for iPhone and iPod touch

Wed, 09/08/2010 - 9:23am — boelder

Apple today has released iOS 4.1 - an update that addresses issues reported since the release of iOS 4.0, including a number of important security updates to various components of the mobile device operating system.

The security content of iOS 4.1 includes:

iOS 4.1 for iPhone and iPod touch

  • Accessibility

    CVE-ID: CVE-2010-1809

    Available for: iOS 3.0 through 4.0.2 for iPhone 3GS and later, iOS 3.0 through 4.0.2 for iPod touch (3rd generation)

    Impact: An application's use of location services may not be announced through VoiceOver

    Description: A user interface accessibility issue exists in the settings panel for Location Services. VoiceOver does not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours. This issue is addressed by ensuring that VoiceOver announces the presence of the icon. Credit to Robin Kipp of Forever Living Products Europe for reporting this issue.

  • FaceTime

    CVE-ID: CVE-2010-1810

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: An attacker in a privileged network position may be able to redirect FaceTime calls

    Description: An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls. This issue is addressed through improved handling of certificates. Credit to Aaron Sigel of vtty.com for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-1811

Safari 5.0.2 & Safari 4.1.2 released

Tue, 09/07/2010 - 3:45pm — boelder

Apple today released Safari 5.0.2 and Safari 4.1.2, addressing security issues in the WebKit-based browser. The update addresses security concerns in both the Mac and Windows versions of the popular browser:

Safari 5.0.2 and Safari 4.1.2

  • Safari

    CVE-ID: CVE-2010-1805

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a file in a directory that is writable by other users may lead to arbitrary code execution

    Description: A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution. This issue is addressed by using an explicit search path when launching Windows Explorer. This issue does not affect Mac OS X systems. Credit to Simon Raner of ACROS Security for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1807

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

iTunes 10 introduces Ping, AirPlay

Wed, 09/01/2010 - 12:06pm — boelder

iTunes 10 will be available today - the update to iTunes integrates a new music-oriented social networking component called Ping and features AirPlay, a "wireless music playback to listen to your music on remote speakers using Apple’s AirPort Express® base station. In addition, AirPlay now works without AirPort Express, using speakers, receivers and stereo systems from companies including Bowers & Wilkins, JBL, Denon and iHome, so you can enjoy your entire iTunes music library wirelessly from any room in the house with no extra gear required."

,

Apple redesigns iPod family

Wed, 09/01/2010 - 11:28am — boelder

Apple has revamped their iPod family of devices, including a newly redesigned iPod nano and iPod touch. The new iPod touch has FaceTime for video chatting, along with an HD video camera. Check out the new designs!

Apple introduces 2nd generation Apple TV

Wed, 09/01/2010 - 10:11am — boelder

Apple today has introduced the second generation of Apple TV - a tiny box that is one quarter the size of the current version. The new Apple TV is stream-based, and has no 'storage management'. Along with the Apple TV hardware update, Apple also announced a rental-only agreement with media providers Fox and ABC to rent commercial free content for $.99 per show. The device also streams content from Netflix & YouTube.

Apple to stream September 1st announcement

Tue, 08/31/2010 - 9:45pm — boelder

press release from Apple indicates that, "Apple® will broadcast its September 1 event online using Apple’s industry-leading HTTP Live Streaming, which is based on open standards. Viewing requires either a Mac® running Safari® on Mac OS® X version 10.6 Snow Leopard®, an iPhone® or iPod touch® running iOS 3.0 or higher, or an iPad™. The live broadcast will begin at 10:00 a.m. PDT on September 1, 2010 at www.apple.com."

Apple releases Security Update 2010-005 for Mac OS X 10.5, 10.6

Tue, 08/24/2010 - 12:27pm — boelder

Apple today has released an update to Mac OS X 10.5.8 & Mac OS X 10.6.x addressing a dozen security issues in various components of the operating system. Security Update 2010-005 fixes security issues in ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP & Samba.

  • ATS

    CVE-ID: CVE-2010-1808

    Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.4, Mac OS X Server v10.6.4

    Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution

    Description: A stack buffer overlow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.

  • CFNetwork

    CVE-ID: CVE-2010-1800

    Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4

    Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

    Description: CFNetwork permits anonymous TLS/SSL connections. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue does not affect the Mail application. This issue is addressed by disabling anonymous TLS/SSL connections. This issue does not affect systems prior to Mac OS X v10.6.3. Credit to Aaron Sigel of vtty.com, Jean-Luc Giraud of Citrix, Tomas Bjurman of Sirius IT, and Wan-Teh Chang of Google, Inc. for reporting this issue.

  • ClamAV

    CVE-ID: CVE-2010-0098, CVE-2010-1311

iOS 4.0.2 addresses security concerns

Wed, 08/11/2010 - 12:52pm — boelder

Apple today released iOS 4.0.2 for iPhone and iPod touch. This release addresses two security issues that can allow for arbitrary code execution. The update patches two components of the iOS: FreeType and IOSurface:

FreeType
CVE-ID: CVE-2010-1797

Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution Description: A stack buffer overflow exists in FreeType's handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.

IOSurface
CVE-ID: CVE-2010-2973

Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later Impact: Malicious code running as the user may gain system privileges Description: An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.


Also released is iOS 3.2.2 Update for iPad - this release addresses the same security issues on the iPad.
 

Safari 5.0.1 & Safari 4.1.1 address security concerns

Wed, 07/28/2010 - 8:45am — boelder

Apple has released Safari 5.0.1 and Safari 4.1.1 to address security issues in both versions of the browser. Along with patching over a dozen critical vulnerabilities where "[v]isiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution," the update brings with it the Safari Extensions Gallery for Safari 5. According to Apple, "Safari Extensions are created by third-party developers and add powerful new features to the browser, from toolbars that display live web feeds to sophisticated programs that filter web page content."

Apple announces new iMac, Mac Pro models

Tue, 07/27/2010 - 8:59am — boelder

Apple today announced the immediate availability of the new iMac family. The latest update to the iMac family includes new 21.5 and 27-inch systems that come equipped with either an Intel Core i3, Core i5 or Core i7 processors. Four models to choose from: the 21.5" with either the 3.06 GHz Core i3 or 3.2 GHz Core i3 or the two 27" models that sport either a 3.2 GHz Core i3 or a 2.8 GHz Core i5 Quad-Core processor or a 2.93GHz Quad-Core Intel Core i7

Apple also announced the impending availability of two new Mac Pro models: a 2.8GHz Quad-Core Intel Xeon "Nehalem" processor; and an 8 or 12 core system with two 2.4GHz quad-core or 2.66GHz Intel Xeon “Westmere” processors; delivery is scheduled for August.

Syndicate content