SB2011070801 - Multiple vulnerabilities in Apple iOS
Published: July 8, 2011 Updated: March 20, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2010-3855)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow when handling of TrueType fonts by FreeType. A remote attacker can send a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
2) Integer overflow (CVE-ID: CVE-2011-0226)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when handling of Type 1 fonts by FreeType. A remote attacker can send a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: the vulnerability was being actively exploited.
3) Type confusion (CVE-ID: CVE-2011-0227)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to invalid type conversion issue in the use of IOMobileFrameBuffer queueing primitives. A local attacker can execute a specially crafted application and execute arbitrary code with SYSTEM privileges.
Successful exploitation of the vulnerability may result in compromise of vulnerable system.
Remediation
Install update from vendor's website.