Gents,
During the 1st HITB Amsterdam 2010, TEHTRI-Security made advisories
about security issues on handled devices (iPhone, HTC, iPad, BlackBerry,
etc).
As we made penetration tests for more than 15 years on highly sensitive
networks, we were luckily able to find vulnerabilities working on those
devices, thanks to audits & fuzzing in our lab.
Basically, the offensive stuff shared with Apple security team, could
allow an attacker to abuse a vulnerability in the CFNetwork library
(stack overflow) on the iPhone devices.
Notice that if you already updated your iPhone with iOS4, our exploits
for this particular vulnerability would not work anymore.
( search for "CVE-2010-1752" here: http://support.apple.com/kb/ht4225 )
But, thanks to our proof of concepts (client-side attacks), it was not
only possible to abuse the iPhone devices, but also any current Mac OS X
( Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through
v10.6.4, Mac OS X Server v10.6 through v10.6.4 ).
Hopefully, this week, Apple released many interesting security patches
for Mac OS X, and one of them will allow Mac end users to avoid those
kind of client-side attacks and stack overflows against the CFNetwork
library (which is used by many applications, like Safari).
If you want more information, we wrote some lines on our blog:
http://blog.tehtri-security.com/2010/11/cve-2010-1752-back-to-mac.html
And it's also covered on Apple web site.
( search "CVE-2010-1752" here too: http://support.apple.com/kb/HT4435 ).
Happy update, Apple folks ;-)
Best regards,
Laurent OUDOT, from Abu Dhabi, UAE @ BlackHat Briefings
( http://blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html#Oudot )
TEHTRI-Security - "This is not a Game."
http://www.tehtri-security.com/
http://twitter/tehtris
