lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 11 Nov 2010 23:23:15 +0400
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot@...tri-security.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [TEHTRI-Security] CVE-2010-1752: Update your
	MacOSX


Gents,

During the 1st HITB Amsterdam 2010, TEHTRI-Security made advisories
about security issues on handled devices (iPhone, HTC, iPad, BlackBerry,
etc).

As we made penetration tests for more than 15 years on highly sensitive
networks, we were luckily able to find vulnerabilities working on those
devices, thanks to audits & fuzzing in our lab.

Basically, the offensive stuff shared with Apple security team, could
allow an attacker to abuse a vulnerability in the CFNetwork library
(stack overflow) on the iPhone devices.

Notice that if you already updated your iPhone with iOS4, our exploits
for this particular vulnerability would not work anymore.
( search for "CVE-2010-1752" here: http://support.apple.com/kb/ht4225 )

But, thanks to our proof of concepts (client-side attacks), it was not
only possible to abuse the iPhone devices, but also any current Mac OS X
( Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through
v10.6.4, Mac OS X Server v10.6 through v10.6.4 ).

Hopefully, this week, Apple released many interesting security patches
for Mac OS X, and one of them will allow Mac end users to avoid those
kind of client-side attacks and stack overflows against the CFNetwork
library (which is used by many applications, like Safari).

If you want more information, we wrote some lines on our blog:

http://blog.tehtri-security.com/2010/11/cve-2010-1752-back-to-mac.html

And it's also covered on Apple web site.
( search "CVE-2010-1752" here too: http://support.apple.com/kb/HT4435 ).

Happy update, Apple folks ;-)
Best regards,

Laurent OUDOT, from Abu Dhabi, UAE @ BlackHat Briefings
( http://blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html#Oudot )

 TEHTRI-Security - "This is not a Game."
 http://www.tehtri-security.com/
 http://twitter/tehtris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists