TUCoPS :: Phreaking Cellular - Major Manufacturers :: bt-21335.htm

iPhone remote code execution
iPhone remote code execution
iPhone remote code execution




Fell quite behind on this one, here it is.
___________________________________________________________________

      Phone &iPod Touch - Remote arbritary code execution
___________________________________________________________________


Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
WWW : http://www.g-sec.lu/iphone-remote-code-exec.html 
CVE       : CVE-2009-1698
BID       : 35318
Credit : http://support.apple.com/kb/HT3639 
Discovered by : Thierry Zoller

Affected products :
- iPhone OS 1.x through 2.2.1
- iPhone OS for iPod touch 1.x through 2.2.1

I. Background
=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "

II. Description
=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8
Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code. 

III. Impact
=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8
Arbitrary remote code execution can be achieved by creating a special website and entice
the victim into visiting that site.

IV. Proof of concept
=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8
None will be released


VI. About
=A8=A8=A8=A8=A8=A8=A8=A8=A8=A8
G-SEC ltd. is an independent security consultancy group, founded to
address the growing need for allround (effective) security consultancy 
in Luxembourg.

By providing extensive security auditing, rigid policy design, and 
implementation of cutting-edge defensive/offensive systems, G-SEC 
ensures robust, thorough, and  uncompromising protection for 
organizations seeking enterprise wide data security.




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH