iOS 4.0.2 addresses security concerns
Apple today released iOS 4.0.2 for iPhone and iPod touch. This release addresses two security issues that can allow for arbitrary code execution. The update patches two components of the iOS: FreeType and IOSurface:
FreeType
CVE-ID: CVE-2010-1797
CVE-ID: CVE-2010-2973
CVE-ID: CVE-2010-1797
Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution Description: A stack buffer overflow exists in FreeType's handling of CFF opcodes. Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code execution. This issue is addressed through improved bounds checking.
IOSurfaceCVE-ID: CVE-2010-2973
Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later Impact: Malicious code running as the user may gain system privileges Description: An integer overflow exists in the handling of IOSurface properties, which may allow malicious code running as the user to gain system privileges. This issue is addressed through improved bounds checking.
Also released is iOS 3.2.2 Update for iPad - this release addresses the same security issues on the iPad.
- boelder's blog
- Login or register to post comments
