Multiple vulnerabilities in Apple iOS

Published: 2011-07-08 00:00:00 | Updated: 2017-03-20 11:00:19
Severity Critical
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2010-3855
CVE-2011-0226
CVE-2011-0227
CVSSv3 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-120
CWE-190
CWE-704
Exploitation vector Network
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerable software Apple iOS
Vulnerable software versions Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Show more
Vendor URL Apple Inc.

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when handling of TrueType fonts by FreeType. A remote attacker can send a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Update iOS to version 4.3.4.

External links

https://support.apple.com/en-us/HT202272

2) Integer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when handling of Type 1 fonts by FreeType. A remote attacker can send a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Update iOS to version 4.3.4.

External links

https://support.apple.com/en-us/HT202272

3) Type confusion

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to invalid type conversion issue in the use of IOMobileFrameBuffer queueing primitives. A local attacker can execute a specially crafted application and execute arbitrary code with SYSTEM privileges.

Successful exploitation of the vulnerability may result in compromise of vulnerable system.

Remediation

Update iOS to version 4.3.4.

External links

https://support.apple.com/en-us/HT202272

Back to List