SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Multimedia)  >   Apple iPod touch Vendors:   Apple Computer
Apple iPod touch Lets Local Applications Access Data
SecurityTracker Alert ID:  1020846
SecurityTracker URL:  http://securitytracker.com/id/1020846
CVE Reference:   CVE-2008-3631   (Links to External Site)
Updated:  Sep 10 2008
Original Entry Date:  Sep 10 2008
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0 - 2.0.2
Description:   A vulnerability was reported in Apple iPod touch. A local application can access files of another application.

A local application can bypass Application Sandbox restrictions to access potentially sensitive files in a target application's sandbox.

Nicolas Seriot of Sen:te and Bryce Cogswell reported this vulnerability.

Impact:   A local application can access files of another application.
Solution:   The vendor has issued a fix (2.1).

The vendor's advisory is available at:

http://support.apple.com/kb/HT3026

Vendor URL:  support.apple.com/kb/HT3026 (Links to External Site)
Cause:   Access control error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 13 2008 (Apple Issues Fix for iPhone) Apple iPod touch Lets Local Applications Access Data   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has released a fix for iPhone.



 Source Message Contents

Date:  Tue, 9 Sep 2008 13:52:24 -0700
Subject:  APPLE-SA-2008-09-09 iPod touch v2.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-09-09 iPod touch v2.1

iPod touch v2.1 is now available and addresses the following issues:

Application Sandbox
CVE-ID:  CVE-2008-3631
Available for:  iPod touch v2.0 through v2.0.2
Impact:  An application may be able to read another application's
files
Description:  The Application Sandbox does not properly enforce
access restrictions between third-party applications. This may allow
a third-party application to read files in another third-party
application's sandbox and lead to the disclosure of sensitive
information. This update addresses the issue by enforcing the proper
access restrictions between application sandboxes. Credit to Nicolas
Seriot of Sen:te and Bryce Cogswell for reporting this issue. This
issue does not affect iPod touch versions prior to v2.0.

CoreGraphics
CVE-ID:  CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Available for:  iPod touch v1.1 through v2.0.2
Impact:  Multiple vulnerabilities in FreeType v2.3.5
Description:  Multiple vulnerabilities exist in FreeType v2.3.5, the
most serious of which may lead to arbitrary code execution when
accessing maliciously crafted font data. This update addresses the
issue by incorporating the security fixes from version 2.3.6 of
FreeType. Further information is available via the FreeType site at
http://www.freetype.org/

mDNSResponder
CVE-ID:  CVE-2008-1447
Available for:  iPod touch v1.1 through v2.0.2
Impact:  mDNSResponder is susceptible to DNS cache poisoning and may
return forged information
Description:  mDNSResponder provides translation between host names
and IP addresses for applications that use its unicast DNS resolution
API. A weakness in the DNS protocol may allow a remote attacker to
perform DNS cache poisoning attacks. As a result, applications that
rely on mDNSResponder for DNS may receive forged information. This
update addresses the issue by implementing source port and
transaction ID randomization to improve resilience against cache
poisoning attacks. Credit to Dan Kaminsky of IOActive for reporting
this issue.

Networking
CVE-ID:  CVE-2008-3612
Available for:  iPod touch v2.0 through v2.0.2
Impact:  Predictable TCP initial sequence numbers generation may lead
to TCP spoofing or session hijacking
Description:  TCP initial sequence numbers are sequentially
generated. Predictable initial sequence numbers may allow a remote
attacker to create a spoofed TCP connection or insert data into an
existing TCP connection. This update addresses the issue by
generating random TCP initial sequence numbers. This issue does not
affect iPod touch versions prior to v2.0.

WebKit
CVE-ID:  CVE-2008-3632
Available for:  iPod touch v1.1 through v2.0.2
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use-after-free issue exists in WebKit's handling of
CSS import statements. Visiting a maliciously crafted website may
lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved handling
of document references.

Installation note:

This update is only available through iTunes, and will not appear in
your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple's update server on its weekly
schedule.  When an update is detected, it will download it.  When
the iPod touch is docked, iTunes will present the user with the
option to install the update.  We recommend applying the update
immediately if possible.  Selecting "don't install" will present
the option the next time you connect your iPod touch.

The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the "Check for Update" button within iTunes. After doing
this, the update can be applied when your iPod touch is docked to
your computer.

To check that the iPod touch has been updated:

* Navigate to Settings
* Select General
* Select About.  The version after applying this update will be
"2.1 (5F135)" or later

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wsBVAwUBSMbhtHkodeiKZIkBAQgYEwf9EjYlMQ+JyVQG6qwKtK0P268aYNe403d3
hamsXheePbofeKP2/FSc+FGXwik3qF4hfuwAKIy1jbhVr+LcgvwxYLooxCUs9+Qf
UvDU7DAp/ZpmJx+9XXi7jvkFcsEcG1re7xYe7tkGjvYSChrvtD+O1TL+gRFNearc
l3hm4wmi3S2KEL+MERFExjugysx8ECBdAx5BeeYAyblCEfWWkZVsRqzushp4Gnr3
YoxocR4uxXb5eQTymqfj3IIAyKUIwg8tXx8Ky/b7otrKuDKgiAw0S/kt9OjAm0iV
CclwKiXKnm3I581ifWgq9Q8Oh/TSCFU3xukg5Nj3I3Be//klJmwP4A==
=E7xS
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC