lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Nov 2010 23:23:15 +0400 From: Laurent OUDOT at TEHTRI-Security <laurent.oudot@...tri-security.com> To: full-disclosure@...ts.grok.org.uk Subject: [TEHTRI-Security] CVE-2010-1752: Update your MacOSX Gents, During the 1st HITB Amsterdam 2010, TEHTRI-Security made advisories about security issues on handled devices (iPhone, HTC, iPad, BlackBerry, etc). As we made penetration tests for more than 15 years on highly sensitive networks, we were luckily able to find vulnerabilities working on those devices, thanks to audits & fuzzing in our lab. Basically, the offensive stuff shared with Apple security team, could allow an attacker to abuse a vulnerability in the CFNetwork library (stack overflow) on the iPhone devices. Notice that if you already updated your iPhone with iOS4, our exploits for this particular vulnerability would not work anymore. ( search for "CVE-2010-1752" here: http://support.apple.com/kb/ht4225 ) But, thanks to our proof of concepts (client-side attacks), it was not only possible to abuse the iPhone devices, but also any current Mac OS X ( Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4 ). Hopefully, this week, Apple released many interesting security patches for Mac OS X, and one of them will allow Mac end users to avoid those kind of client-side attacks and stack overflows against the CFNetwork library (which is used by many applications, like Safari). If you want more information, we wrote some lines on our blog: http://blog.tehtri-security.com/2010/11/cve-2010-1752-back-to-mac.html And it's also covered on Apple web site. ( search "CVE-2010-1752" here too: http://support.apple.com/kb/HT4435 ). Happy update, Apple folks ;-) Best regards, Laurent OUDOT, from Abu Dhabi, UAE @ BlackHat Briefings ( http://blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html#Oudot ) TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists