46 Vulnerabilities Fixed: The Security Side of iOS 4.2
Earlier this week Cupertino-based software developer Apple rolled out iOS 4.2 for iPad, iPhone and iPod Touch, just like it promised back in September. There are two good reasons why users would want to get iOS 4.2.
1 – It brings a bunch of nice new features to the iPad (read more about this topic here).
2 – Find My iPhone is now free. You no longer need a MobileMe subscription to use this feature (read more about it here).
There’s a third reason why you would want to update your iOS to the latest version, version 4.2. That reason is security. You see, iOS 4.2 comes with patches for 46 vulnerabilities. iOS 4.2 comes with more than a dozen fixes to WebKit, the HTML rendering framework, and a number of fixes to CoreGraphics, FreeType, Mail and Telephony.
So if you want to stay safe and protected, you are well advised to update to the latest iOS version. To get iOS 4.2 all you have to do is sync your iPad, iPhone or iPod Touch with iTunes 10.1.
A detailed list of all the vulnerabilities iOS 4.2 fixes is available here. Out of them all I selected the following four because I thought they deserved mentioning:
iAd Content Display - CVE-2010-3828
Impact: An attacker in a privileged network position may be able to cause a call to be initiated
Description: A URL handling issue exists in iAd Content Display. An iAd is requested by an application, either automatically or through explicit user action. By injecting the contents of a requested ad with a link containing a URL scheme used to initiate a call, an attacker in a privileged network position may be able to cause a call to occur. This issue is addressed by ensuring that the user is prompted before a call is initiated from a link.
Credit: Aaron Sigel of vtty.com
Mail - CVE-2010-3829
Impact: Mail may resolve DNS names when remote image loading is disabled
Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the prefetch even if remote image loading is disabled. This may result in undesired requests to remote servers. The sender of an HTML-formatted email message could use this to determine whether the message was viewed. This issue is addressed by disabling DNS prefetching when remote image loading is disabled.
Credit: Mike Cardwell of Cardwell IT Ltd
Networking - CVE-2010-1843
Impact: A remote attacker may cause an unexpected system shutdown
Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect devices running iOS versions prior to 3.2.
Credit: An anonymous researcher working with TippingPoint's Zero Day Initiative
Photos - CVE-2010-3831
Impact: "Send to MobileMe" may result in the disclosure of the MobileMe account password
Description: The Photos application allows users to share their pictures and movies through various means. One way is the "Send to MobileMe" button, which uploads the selected contents to the user's MobileMe Gallery. The Photos application will use HTTP Basic authentication if no other authentication mechanism is presented as available by the server. An attacker with a privileged network position may manipulate the response of the MobileMe Gallery to request basic authentication, resulting in the disclosure of the MobileMe account password. This issue is addressed by disabling support for Basic authentication.
Credit: Aaron Sigel of vtty.com
1 – It brings a bunch of nice new features to the iPad (read more about this topic here).
2 – Find My iPhone is now free. You no longer need a MobileMe subscription to use this feature (read more about it here).
There’s a third reason why you would want to update your iOS to the latest version, version 4.2. That reason is security. You see, iOS 4.2 comes with patches for 46 vulnerabilities. iOS 4.2 comes with more than a dozen fixes to WebKit, the HTML rendering framework, and a number of fixes to CoreGraphics, FreeType, Mail and Telephony.
So if you want to stay safe and protected, you are well advised to update to the latest iOS version. To get iOS 4.2 all you have to do is sync your iPad, iPhone or iPod Touch with iTunes 10.1.
A detailed list of all the vulnerabilities iOS 4.2 fixes is available here. Out of them all I selected the following four because I thought they deserved mentioning:
iAd Content Display - CVE-2010-3828
Impact: An attacker in a privileged network position may be able to cause a call to be initiated
Description: A URL handling issue exists in iAd Content Display. An iAd is requested by an application, either automatically or through explicit user action. By injecting the contents of a requested ad with a link containing a URL scheme used to initiate a call, an attacker in a privileged network position may be able to cause a call to occur. This issue is addressed by ensuring that the user is prompted before a call is initiated from a link.
Credit: Aaron Sigel of vtty.com
Mail - CVE-2010-3829
Impact: Mail may resolve DNS names when remote image loading is disabled
Description: When WebKit encounters an HTML Link Element that requests DNS prefetching, it will perform the prefetch even if remote image loading is disabled. This may result in undesired requests to remote servers. The sender of an HTML-formatted email message could use this to determine whether the message was viewed. This issue is addressed by disabling DNS prefetching when remote image loading is disabled.
Credit: Mike Cardwell of Cardwell IT Ltd
Networking - CVE-2010-1843
Impact: A remote attacker may cause an unexpected system shutdown
Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect devices running iOS versions prior to 3.2.
Credit: An anonymous researcher working with TippingPoint's Zero Day Initiative
Photos - CVE-2010-3831
Impact: "Send to MobileMe" may result in the disclosure of the MobileMe account password
Description: The Photos application allows users to share their pictures and movies through various means. One way is the "Send to MobileMe" button, which uploads the selected contents to the user's MobileMe Gallery. The Photos application will use HTTP Basic authentication if no other authentication mechanism is presented as available by the server. An attacker with a privileged network position may manipulate the response of the MobileMe Gallery to request basic authentication, resulting in the disclosure of the MobileMe account password. This issue is addressed by disabling support for Basic authentication.
Credit: Aaron Sigel of vtty.com
