Are there memory protections in 3.x to stop this or is it purely a lack of time/testing to find the exploit vector?
-- Rob Fuller | Mubix Room362.com | Hak5.org | TheAcademyPro.com 2009/7/23 Thierry Zoller <[email protected]> > > Fell quite behind on this one, here it is. > ___________________________________________________________________ > > Phone &iPod Touch - Remote arbritary code execution > ___________________________________________________________________ > > > Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution > WWW : http://www.g-sec.lu/iphone-remote-code-exec.html > CVE : CVE-2009-1698 > BID : 35318 > Credit : http://support.apple.com/kb/HT3639 > Discovered by : Thierry Zoller > > Affected products : > - iPhone OS 1.x through 2.2.1 > - iPhone OS for iPod touch 1.x through 2.2.1 > > I. Background > ¨¨¨¨¨¨¨¨¨¨¨¨¨¨ > Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational > corporation which designs and manufactures consumer electronics and software > products. The company's best-known hardware products include " > > II. Description > ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨ > Calling the CSS attr() attribute with a large number leads to memory > corruption, heap spraying allows execution of code. > > III. Impact > ¨¨¨¨¨¨¨¨¨¨¨ > Arbitrary remote code execution can be achieved by creating a special > website and entice > the victim into visiting that site. > > IV. Proof of concept > ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨ > None will be released > > > VI. About > ¨¨¨¨¨¨¨¨¨¨ > G-SEC ltd. is an independent security consultancy group, founded to > address the growing need for allround (effective) security consultancy > in Luxembourg. > > By providing extensive security auditing, rigid policy design, and > implementation of cutting-edge defensive/offensive systems, G-SEC > ensures robust, thorough, and uncompromising protection for > organizations seeking enterprise wide data security. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
