lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAAJh+d5Fs5hDHQxEtSYiKaiYvr3vZ1dkVav-3ET3VaNR+obauw@mail.gmail.com>
Date: Wed, 12 Oct 2011 21:38:45 +0300
From: Henri Lindberg <henri+fulldisclosure@...nse.fi>
To: full-disclosure@...ts.grok.org.uk
Subject: nSense-2011-006: Apple iOS

      nSense Vulnerability Research Security Advisory NSENSE-2011-006
      ---------------------------------------------------------------
                   t2'11 infosec conference special release
                               http://www.t2.fi
      ---------------------------------------------------------------

      Affected Vendor:    Apple Inc.
      Affected Product:   CalDAV (iOS 3.0 through 4.3.5 for iPhone 3GS
                          and iPhone 4, iOS 3.1 through 4.3.5 for iPod
                          touch (3rd generation) and later, iOS 3.2
                          through 4.3.5 for iPad)
      Platform:           iOS
      Impact:             Sensitive information interception
      Vendor response:    New version released
      CVE:                CVE-2011-3253
      Credit:             Leszek / nSense
      Release date:       12 Oct 2011

      Technical details
      ---------------------------------------------------------------
      The calendar synchronization feature of iOS fails to validate
      the SSL certificate provided by the server. Therefore, CalDAV
      communication can be intercepted by a basic man in the middle
      attack. As every request contains a HTTP basic authentication
      header, which contains base64-encoded credentials, it is
      possible to intercept email account credentials by an attacker
      that is suitably positioned (e.g. the same LAN, WLAN) or is
      able to tamper with DNS records pointing to the CalDAV server.
	
      The application accepts the untrusted certificate without any
      warning or prompt, so the attack will go unnoticed by the user.

      Timeline:
      20110407     nSense informed the vendor about the vulnerability
      20110409     Vendor started to investigate the issue
      20110415     nSense sent a status update request to the vendor
      20110415     Vendor provided a status update
      20110420     nSense asked the vendor for further information
      20110502     nSense resent the previous questions
      20110502     Vendor confirmed the vulnerability
      20110525     nSense asked the vendor about the patch schedule
      20110527     Vendor responded
      20110527     nSense asked the vendor for further information
      20110531     Vendor responded, unable to provide a date
      20110601     nSense asked the vendor for clarification
      20110603     Vendor responded
      20110603     nSense resent the previous question
      20110607     nSense commented the issue, asked the vendor for
                   clarification
      20110705     nSense asked the vendor for clarification
      20110726     nSense asked the vendor whether 4.3.5 fixed the
                   issue
      20110727     Vendor responded. Issue not fixed.
      20110728     nSense asked the vendor for further details
      20110917     Vendor asked for credit information
      20110917     nSense responded
      20111002     Vendor confirmed release date
      20111012     Vendor releases fixed version of the software
      20111012     Vendor releases public advisory

	
      Solution:
      Apple security updates are available via the Software Update
      mechanism: http://support.apple.com/kb/HT1338
	
      Apple security updates are also available for manual download
      via: http://www.apple.com/support/downloads/

      More information from Apple Inc.:
      http://support.apple.com/kb/HT1222
	
      Links:
      http://www.nsense.fi                       http://www.nsense.dk



      $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
      $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
      $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
      $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
      $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                     D r i v e n   b y   t h e   c h a l l e n g e _

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ