ID

VAR-200807-0665

CVE

CVE-2008-1588

TITLE

Apple iPhone/iPod touch of Safari Vulnerable to spoofing the address bar

DESCRIPTION

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. A vulnerability that may allow users to spoof websites. 2. An information-disclosure vulnerability. 3. A buffer-overflow vulnerability. 4. Two memory-corruption vulnerabilities. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4. The Safari browser is embedded in both the iPhone and iPod Touch, and remote attackers can exploit multiple security holes in the browser to cause denial of service, read sensitive information, or execute arbitrary code. CVE-2008-2317 There is a memory corruption vulnerability in WebCore's processing of style sheet units. If a malicious site is visited, the browser may terminate unexpectedly or execute arbitrary code. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35379 VERIFY ADVISORY: http://secunia.com/advisories/35379/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or compromise a user's system. PROVIDED AND/OR DISCOVERED BY: 1-3) Tavis Ormandy 4) Chris Evans of Google Inc. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31074 VERIFY ADVISORY: http://secunia.com/advisories/31074/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple iPhone http://secunia.com/product/15128/ Apple iPod touch http://secunia.com/product/16074/ DESCRIPTION: Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system. 1) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 2) A vulnerability in the handling of packets with an IPComp header can be exploited to cause a DoS. 4) An error exists in Safari within the handling of self-signed or invalid certificates. If a user clicks on the menu button while being prompted to accept or reject such a certificate, Safari automatically accepts the certificate on the next visit. 5) A signedness error in Safari when handling Javascript array indices can be exploited to trigger an out-of-bounds memory access and may allow execution of arbitrary code. 6) A vulnerability due to Safari ignoring Unicode Byte-order-Mark (BOM) sequences when parsing web pages can be exploited to bypass certain HTML and Javascript filtering mechanisms. This is related to vulnerability #8 in: SA20376 7) A vulnerability Safari can be exploited by malicious people to compromise a vulnerable system. For more information see vulnerability #3 in: SA30775 8) An unspecified error exists in WebKit in the processing of style-sheet elements. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page. 9) An error in Safari when handling xml documents can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA28444 10) An error in Safari when processing xml documents can potentially be exploited by malicious people to compromise a user's system. For more information: SA30315 11) An unspecified error exists in JavaScriptCore's handling of runtime garbage collection. This can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user visits a specially crafted web page. 12) Some vulnerabilities in Safari can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system. SOLUTION: Upgrade to version 2.0 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Hiromitsu Takagi 5) SkyLined, Google 6) Chris Weber, Casaba Security, LLC 7) James Urquhart 8) Peter Vreudegnhil, working with the TippingPoint Zero Day Initiative 10) Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team 11) Itzik Kotler and Jonathan Rom of Radware 12) Robert Swiecki of the Google Security Team, David Bloom, and Charlie Miller of Independent Security Evaluators ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2351 JVN: http://jvn.jp/jp/JVN88676089/index.html Chris Evans: http://scary.beasts.org/security/CESA-2008-004.html OTHER REFERENCES: SA20376: http://secunia.com/advisories/20376/ SA28444: http://secunia.com/advisories/28444/ SA29130: http://secunia.com/advisories/29130/ SA29846: http://secunia.com/advisories/29846/ SA30315: http://secunia.com/advisories/30315/ SA30775: http://secunia.com/advisories/30775/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Jonathan Rom Hiromitsu Takagi SkyLined

SOURCES

LAST UPDATE DATE

2024-11-23T20:19:11.637000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE