February 5, 2012

You are here: Home / Archives for Apple

Apple Releases iTunes 10.5.1 to Fix Man-in-the-middle Vulnerability

November 15, 2011 By

(LiveHacking.Com) - Apple has released iTunes 10.5.1 to fix a potentially dangerous man-in-the-middle vulnerability. According to the iTunes 10.5.1 security advisory a hacker using a man-in-the-middle attack could offer software to end users that appears to originate from Apple. This is course would be a way to infect a computer with malware. The vulnerability exists in iTunes for Windows and for OS X.

iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user’s default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user’s default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.

The vulnerability was reported to Apple by Francisco Amato of Infobyte Security Research.

iTunes 10.5.1, which is available for Mac OS X v10.5 or later, Windows 7, Vista and XP SP2 or later also introduces iTunes Match. Announced earlier this year, this new service allows users to store their entire music library in iCloud, including music that has been imported from CDs.

 

Filed Under: Apple, Apple, Vulnerability Tagged With: , , ,

Apple Releases iOS 5.0.1 To Kill Code-signing Bug

November 11, 2011 By

Apple has released iOS 5.0.1 for the iPhone, iPad and iPod Touch to fix half a dozen security vulnerabilities including the code-signing bug that Charlie Miller discovered recently and the iPad 2 smart cover bug.

A few days ago Charlie exposed a flaw in Apple’s code signing system which ensures that only Apple-approved applications can run on an iPhone or iPad. If Apple hadn’t fixed this issue it would have been possible for developers to upload apps to iTunes that could run new code on your phone that Apple never had a chance to check. This in turn would let malware into Apple’s tightly controlled eco system.

According to the security note issued by Apple, Charlie’s flaw was due to a logic error that existed in the mmap system call’s checking of valid flag combinations. This issue does not affect devices running iOS prior to version 4.3.

The other important fix in iOS 5.0.1 is the iPad smart cover bug. The problem was that when a Smart Cover is opened while an iPad 2 is confirming power off in the locked state, the iPad does not request a passcode.

Other things fixed in this release include:

  • Visiting a maliciously crafted website may lead to the disclosure of sensitive information. An issue existed in CFNetwork’s handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server.
  • Viewing a document containing a maliciously crafted font may lead to arbitrary code execution. Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.
  • An attacker with a privileged network position may intercept user credentials or other sensitive information. Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia’s certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.
  • Visiting a maliciously crafted website may lead to the disclosure of sensitive information. An issue existed in libinfo’s handling of DNS name lookups. When resolving a maliciously crafted hostname, libinfo could return an incorrect result.
Apple also fixed non-security related bugs in iOS 5.0.1 including tweaks to extend the battery life of devices running the OS.
Filed Under: Apple, Apple, Vulnerability Tagged With: , , ,

Researcher Finds iOS Vulnerability Then Loses his Developer Program Status

November 8, 2011 By

(LiveHacking.Com) -  Charlie Miller, a veteran at finding vulnerabilities in OS X and iOS has discovered a flaw in iOS that allows rogue apps to download and execute unapproved code on an iOS device. As a proof of concept Charlie successfully uploaded an app to Apple’s iTunes store, a trick which then cost him his rights as an iOS developer.

Charlie is no stranger to hacking Apple products. In 2008 he won a $10,000 prize at the hacker conference Pwn2Own for cracking a MacBook Air in under 2 minutes. In 2009, he won $5,000 for cracking Safari in under 10 seconds. And in the very same year he also demonstrated an SMS processing vulnerability that allowed for the complete compromise of an iPhone.

His latest discovery exposes a flaw in Apple’s restrictions on code signing, Apples largely successful way to ensure that only Apple-approved applications can run on an iPhone or iPad. Charlie plans to present his findings at the SysCan conference in Taiwan next week.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

However once Apple discovered what Charlie had been up to,  it terminated his iOS Developer Program License:

“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple,” the email read. “Effective immediately.”

Of course, Apple is well within its rights to terminate Charlie’s developer license. He has broken the terms of the license, however we are left wondering if Apple wouldn’t have done better to contact Charlie and get him to explain the flaw to them.

Charlie isn’t the only person trying to get around Apple’s security systems. Pod2g an iPhone hacker from Chronic Dev Team is reporting that he has found a bug in Apple’s iOS 5 that may allow for the development of an untethered jailbreak:

“Hey jailbreaking friends, I’ve found a bug that can untether iOS 5. Don’t expect a release soon, but I’m gonna work hard in it.”

Filed Under: Apple, Security Tagged With: , ,

Apple Releases QuickTime 7.7.1 for Windows to Fix Vulnerabilities

October 28, 2011 By

(LiveHacking.Com) - Apple has released QuickTime 7.7.1 for Windows to fix multiple vulnerabilities that if exploited could allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

According to the security advisory, QuickTime 7.7.1 for Windows 7, Vista and XP, fixes several issues which have either been fixed in OS X (with OS X Lion v10.7.2 or with Security Update 2011-006 for
OS X v10.6 systems) or don’t affect Mac OS X systems.

The problems fixed are:

  • A buffer overflow existed in QuickTime’s handling of H.264 encoded movie files.
  • An uninitialized memory access issue existed in QuickTime’s handling of URL data handlers within movie files.
  • An implementation issue existed in QuickTime’s handling of the atom hierarchy within a movie file.
  • A cross-site scripting issue existed in QuickTime Player’s “Save for Web” export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is addressed by removing the reference to an online script.
  • A buffer overflow existed in QuickTime’s handling of FlashPix files.
  • A buffer overflow existed in QuickTime’s handling of FLIC files.
  • Multiple memory corruption issues existed in QuickTime’s handling of movie files.
  • An integer overflow issue existed in the handling of PICT files.
  • A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
  • A buffer overflow issue existed in the handling of FLC encoded movie files.
  • An integer overflow issue existed in the handling of JPEG2000 encoded movie files.
  • A memory corruption issue existed in the handling of TKHD atoms in QuickTime movie files.
To exploit most of the these vulnerabilities an attacker would need to create a special crafted movie file and get the victim to watch it on their PC.
Filed Under: Apple, Apple, Vulnerability, Windows Tagged With: , ,

Apple Releases Security Updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4

October 13, 2011 By

(LiveHacking.Com) - With the launch of the much anticipated iOS 5, Apple has also issued a significant number of patches for a range of it products including some of its iOS applications, its Safari web browser, OS X 10.7, OS X 10.6 (via Security Update 2011-006) and Apple TV.

The full list along with links to the Apple knowledge base is as follows:

  • HT4999 - iOS 5 Software Update
  • HT5000 - Safari 5.1.1
  • HT5001 - Apple TV 4.4
  • HT5002 - OS X Lion v10.7.2 and Security Update 2011-006
  • HT5003 - Pages for iOS v1.5
  • HT5004 - Numbers for iOS v1.5

iOS 5
Apple are emphasizing the 200 new features in iOS 5, but it also contained multiples security fixes. Most of these are found in WebKit the HTML rendering engine at the heart of iOS’s version of Safari. Many of the issues fixed in Safari 5.1.1 are common with those in iOS 5, however the Safari 5.1.1 list is shorter due to the more frequent releases of Safari for the desktop.

Other iOS 5 fixes of interesting include:

  • A user’s AppleID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials.
  • Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in CoreFoundation’s handling of string tokenization.
  • Viewing a document containing a maliciously crafted font may lead to arbitrary code execution. Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.
  • Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. A buffer overflow existed in libTIFF’s handling of CCITT Group 4 encoded TIFF images.

Safari 5.1.1
Along with the long list of WebKit fixes, some of which are common with the fixes in iOS 5 and iTunes 10.5, there are several fixes for bugs that allowed arbitrary code execution or a cross-site scripting attack if the user visited a maliciously crafted website.

Apple also say that JavaScript performance has been improved up to 13% over Safari 5.1.

OS X Lion v10.7.2 and Security Update 2011-006
The update to Lion and the release of Security Update 2011-006 (which is available for OS X 10.6.8) fixes a number of problems including:

  • Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service.
  • Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges. A format string vulnerability existed in Application Firewall’s debug logging.
  • Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. An out of bounds memory access issue existed in ATS’ handling of Type 1 fonts. This issue does not affect OS X Lion systems.
  • OS X 10.7: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3.
  • OS X 10.6: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
  • Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
  • Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in CoreFoundation’s handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking.
  • Several updates for PHP, python, postfix and QuickTime.

Pages and Numbers for iOS
Opening a maliciously crafted Microsoft Word or Excel document may lead to an unexpected application termination or arbitrary code execution

Due to buffer overflow and memory corruption issues, opening a maliciously crafted Microsoft Word or Excel document may lead to an unexpected application termination or arbitrary code execution.

Filed Under: Apple, Apple, Uncategorized, Vulnerability Tagged With: , , , , ,

Apple Releases iTunes 10.5 With Support for iOS 5 and Fixes for Multiple Vulnerabilities

October 12, 2011 By

(LiveHacking.Com) – Apple has released iTunes 10.5 in preparation for the imminent release of iOS5. Along with support for iCloud and wireless syncing, iTunes 10.5 contains a large number of security related fixes for the Windows version. The OS X version contains all the new features but not the security fixes as Apple is planning to release a separate system wide update for OS X to address these vulnerabilities, although some have already been addressed in previous security updates by Apple.

The update fixes 79 vulnerabilities of which 73 are within WebKit, the HTML rendering engine found in Safari and Google Chrome, which Apple also uses to power iTunes. Since fixes are also applied to WebKit via Google’s Vulnerability Rewards Program, names like Sergey Glazunov (famous for his work on Chrome) also appear in the list of contributors.

Other than the WebKit fixes, the following vulnerabilities were patched:

  • A memory corruption issue existed in the handling of string tokenization. This issue does not affect OS X Lion systems. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.
  • An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in the handling of audio stream encoded with the advanced audio code. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in the handling of H.264 encoded movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006.
  • A heap buffer overflow existed in ImageIO’s handling of TIFF images. This issue does not affect OS X Lion systems. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.
  • A reentrancy issue existed in ImageIO’s handling of TIFF images. This issue does not affect Mac OS X systems.
Filed Under: Apple, Apple, Vulnerability Tagged With: , , , , ,

Apple Finally Revokes Trust for DigiNotar – But Only on OS X

September 12, 2011 By

(LiveHacking.Com) - Almost a week after Microsoft, Mozilla and Google revoked trust in all the certificates issued by DigiNotar, Apple has finally issued an update for OS X 10.6 and 10.7.

Security Update 2011-005 reads:

Fraudulent certificates were issued by multiple certificate authorities operated by DigiNotar. This issue is addressed by removing DigiNotar from the list of trusted root certificates, from the list of Extended Validation (EV) certificate authorities, and by configuring default system trust settings so that DigiNotar’s certificates, including those issued by other authorities, are not trusted.

However the update leaves users of PowerPC Mac’s vulnerable as there is no update for OS X 10.4 and nothing yet for iOS devices including the iPhone, iPod Touch and iPad.

The update is available through Mac OS X’s built in Software Update or can be manually downloaded (for Lion or Snow Leopard) and installed.

Filed Under: Apple, Cryptography Tagged With: ,

Apple Releases QuickTime 7.7 to Address Multiple Vulnerabilities

August 4, 2011 By

(LiveHacking.Com) – Apple has released QuickTime 7.7 for Mac OS X v10.5.8, Windows 7, Vista and XP SP2 or later. QuickTime 7.7 closes several holes that could allow maliciously crafted images, audio files and movies to crash the program or execute unauthorized code.

According to a Apple’s knowledge base article the problems resolved are:

  • A buffer overflow existed in QuickTime’s handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • Multiple memory corruption issues existed in QuickTime’s handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • A cross-origin issue existed in QuickTime plug-in’s handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A memory corruption issue existed in QuickTime’s handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in QuickTime’s handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in QuickTime’s handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems.
  • A stack buffer overflow existed in the QuickTime ActiveX control’s handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
Filed Under: Apple, Apple, Vulnerability Tagged With: ,

iOS 4.3.5 Patches X.509 Certificate Validation Vulnerability

July 27, 2011 By

(LiveHacking.Com) – Less than two weeks ago Apple released iOS 4.3.4 to fix a PDF vulnerability and now it has issued iOS 4.3.5 to patch a X.509 certificate validation vulnerability.

According to Apple the vulnerability allows an attacker with a privileged network position to capture or modify data in sessions protected by SSL/TLS.

A certificate chain validation issue existed in the handling of X.509 certificates. This issue is fix through improved validation of X.509 certificate chains.

iOS 4.3.5 is available for the iPhone 3GS & iPhone 4 (GSM model), the iPod touch (3rd generation and later) and the iPad & iPad 2.

Filed Under: Apple Tagged With: , ,

Apple Releases Safari 5.1 and 5.0.6 for OS X and Windows

July 22, 2011 By

(LiveHacking.Com) — Following the launch of OS X 10.7 (AKA Lion) which includes version 5.1 of Apple’s web browser Safari, Apple has released Safari 5.1 for Windows and OS X 10.6 and Safari 5.0.6 for OS X 10.5.

Safari 5.1 and 5.0.6 address multiple security vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site scripting attack, or disclose sensitive information.

Apple lists over 57 different  CVE IDs in its security content of Safari 5.1 and Safari 5.0.6 advisory with web kit receiving the largest number of fixes.

Since other web browser like Google’s Chrome use web kit, Safari indirectly benefits from Google’s Chrome Security Award scheme. Names like Sergey Glazunov (a frequent winner under Google’s scheme) and Abhishek Arya (Inferno) of the Google Chrome Security Team are listed by Apple.

New security features in Safari 5.1 include

  • Privacy Pane – Some websites you visit can leave data on your computer. The new Privacy pane in Safari preferences shows what kind of data websites are storing and lets you remove it. You can also customize cookie settings and choose whether websites can request your location information.
  • Private AutoFill – Safari makes sure your information is kept private. Whenever you come across a web form, Safari automatically detects it and lets you choose to use AutoFill to complete the form with information from your Address Book. No information is ever added to a form automatically unless you say it’s OK.
  • Sandboxing [OS X Lion only] – Sandboxing is a security feature that helps prevent websites from tampering with your computer. All the web content and applications you use in Safari on Lion are sandboxed, so websites can’t use exploits to access your system. If a website contains malicious code intended to capture personal data or take control of your computer, sandboxing automatically blocks it to keep your computer and your information safe.

Safari 5.1 is available for Mac OS X 10.6, Windows XP, Vista and Windows 7 and can be downloaded from http://www.apple.com/safari/

Filed Under: Apple Tagged With: , , , ,
« Older Posts