Title: Leopard Server Remote Path Traversal
Advisory ID: CORE-2008-0123
Advisory URL: http://www.coresecurity.com/?action=item&id=2189
Date published: 2008-03-18
Date of last update: 2008-03-18
Vendors contacted: Apple Inc.
Release mode: Coordinated release
*Vulnerability Information*
- iPhone OS 1.x through 2.2.1
- iPhone OS for iPod touch 1.x through 2.2.1
I. Background
¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "
II. Description
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code.
-------------------------------------------------------------------------
ASPR #2010-08-18-1: Remote Binary Planting in Apple iTunes for Windows
=========================================================================
Document ID: ASPR #2010-08-18-1-PUB
Vendor: Apple, Inc. (http://www.apple.com)
Target: Apple iTunes for Windows
Impact: Remote execution of arbitrary code
Severity: Very high
Status: Official patch available, workarounds available
Discovered by: Simon Raner of ACROS Security
-------------------------------------------------------------------------
ASPR #2010-09-08-1: Remote Binary Planting in Apple Safari for Windows
=========================================================================
Document ID: ASPR #2010-09-08-1-PUB
Vendor: Apple, Inc. (http://www.apple.com)
Target: Apple Safari for Windows
Impact: Remote execution of arbitrary code
Severity: Very high
Status: Official patch available, workarounds available
Discovered by: Simon Raner of ACROS Security
Initial disclosures to the Java Runtime author community;
17 Jul - Apache Harmony Project
18 Jul - OpenJDK Project
21 Jul - Sun Microsystems, Inc.
28 Jul - HP
31 Jul - Apple, Inc.
Apache projects across the board, Spring, IBM, BEA, RedHat etc were also
notified at various points along the way.
** Background **
https://www.isecpartners.com
--------------------------------------------
iTunes 7.3.x - Heap overflow in album cover parsing
Vendor: Apple, Inc.
Vendor URL: http://www.apple.com
Versions affected: Confirmed in iTunes 7.3.2
Systems Affected: Confirmed on OS X 10.4.10 PPC, Windows XP x86
Severity: High (potential code execution)
Author: David Thiel <david[at]isecpartners[dot]com>
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6402
ACKNOWLEDGMENTS
===============
CVE-2009-0844 was discovered by Product Security at Apple, Inc. We
thank Apple and Sun for suggesting improvements to the patches.
CONTACT
=======
