----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Apple iPhone / iPod touch Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA35449

VERIFY ADVISORY:
http://secunia.com/advisories/35449/

DESCRIPTION:
Some vulnerabilities have been reported in Apple iPhone and iPod
touch, which can be exploited by malicious people to bypass certain
security restrictions, cause a DoS (Denial of Service), disclose
sensitive information, conduct cross-site scripting and cross-site
request forgery attacks, or compromise a user's system.

1) Multiple vulnerabilities in CoreGraphics can be exploited by
malicious people to compromise a user's system.

For more information:
SA32706
SA34291
SA34723
SA35074

2) An error in the handling of untrusted Exchange server certificates
can lead to the disclosure of credentials or application data due to
the certificate being accepted with no prompt and validation.

3) A vulnerability in ImageIO can be exploited by malicious people to
compromise a user's system.

For more information:
SA33970

4) A vulnerability in International Components for Unicode can be
exploited by malicious people to bypass certain security
restrictions.

For more information:
SA35436

5) Some vulnerabilities in IPSec can be exploited by malicious people
to cause a DoS (Denial of Service).

For more information:
SA31478
SA31450

6) Some vulnerabilities in libxml2 can be exploited by malicious
people to cause a DoS (Denial of Service) or potentially compromise
an application using the library.

For more information:
SA31558
SA32130
SA32773

7) An error in Mail can result in a phone call being initiated
without user interaction if an application causes an alert during the
call approval dialog.

This is related to vulnerability #11 in:
SA32756

8) An input validation error in the handling of MPEG-4 video files
can lead to an unexpected device reset.

9) Clearing Safari's history via the Settings application can lead to
disclosure of the search history.

10) An assertion error in the handling of ICMP echo request packets
can be exploited to cause a device reset via a specially crafted ICMP
echo request.

11) Some vulnerabilities in WebKit can be exploited by malicious
people to conduct cross-site scripting attacks, disclose sensitive
information, or to compromise a user's system.

For more information:
SA31326
SA35056
SA35379

12) An error in the separation of JavaScript contexts can be
exploited to overwrite the "document.implementation" of an embedded
or parent document served from a different security zone.

13) A type conversion error exists in the JavaScript exception
handling in WebKit. This can be exploited to corrupt memory when
assigning the exception to a variable that is declared as a constant
and may allow execution of arbitrary code when a user visits a
specially crafted web site.

14) An error in the JavaScript garbage collector implementation can
potentially be exploited to corrupt memory and execute arbitrary
code.

15) Multiple unspecified errors in the handling of javascript objects
can potentially be exploited to conduct cross-site scripting attacks.

16) An error in WebKit can be exploited to alter standard JavaScript
prototypes of websites served from a different domain.

17) An error in WebKit in the handling of HTMLSelectElement objects
can be exploited to cause a device reset.

18) An error in WebKit can be exploited to load and capture an image
from another website by using a canvas and a redirect.

19) An error in WebKit allows frames to be accessed by an HTML
document after a page transition, which can be exploited to conduct
cross-site scripting attacks.

20) An error in the handling of XMLHttpRequest headers in WebKit can
be exploited to bypass the same-origin policy.

21) A Use-After-Free error exists in WebKit within the handling of
the JavaScript DOM, which can potentially be exploited to execute
arbitrary code.

22) An error in WebKit within the handling of Location and History
objects can be exploited to conduct cross-site scripting attacks.

SOLUTION:
Update to iPhone OS 3.0 or iPhone OS for iPod touch 3.0 (downloadable
and installable via iTunes).

PROVIDED AND/OR DISCOVERED BY:
7) Collin Mulliner of Fraunhofer SIT
10) Masaki Yoshida

The vendor credits:
1) * Alin Rad Pop, Secunia Research
* Will Dormann, CERT/CC
* Barry K. Nathan
* Tavis Ormandy, Google Security Team
2) FD of Securus Global
3) Tavis Ormandy, Google Security Team
4) Chris Weber, Casaba Security
8) Si Brindley
9) Joshua Belsky
11) * Thomas Raffetseder International Secure Systems Lab
* Nils working with the ZDI
* Michal Zalewski, Google Inc
* SkyLined, Google Inc
* Thierry Zoller working with the ZDI and Robert Swiecki of the
Google Security Team
* Chris Evans of Google Inc
12) Dean McNamee, Google Inc
13) Jesse Ruderman, Mozilla Corporation
14) SkyLined of Google Inc
15) Adam Barth of UC Berkeley and Collin Jackson of Stanford
University
17) Thierry Zoller, G-SEC
18) Chris Evans
19) Feng Qian, Google Inc
20) Per von Zweigbergk
21) wushi & ling of team509 working with the ZDI
22) Adam Barth and Joel Weinberger of UC Berkeley

CHANGELOG:
2009-06-18: Corrected credits section. Updated vulnerability #7 in
"Description" section.

ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3639

JVN:
http://jvn.jp/en/jp/JVN87239696/index.html

OTHER REFERENCES:
SA31326:
http://secunia.com/advisories/31326/

SA31478:
http://secunia.com/advisories/31478/

SA31450:
http://secunia.com/advisories/31450/

SA31558:
http://secunia.com/advisories/31558/

SA32130:
http://secunia.com/advisories/32130/

SA32706:
http://secunia.com/advisories/32706/

SA32773:
http://secunia.com/advisories/32773/

SA33970:
http://secunia.com/advisories/33970/

SA34291:
http://secunia.com/advisories/34291/

SA34723:
http://secunia.com/advisories/34723/

SA35056:
http://secunia.com/advisories/35056/

SA35074:
http://secunia.com/advisories/35074/

SA35379:
http://secunia.com/advisories/35379/

SA35436:
http://secunia.com/advisories/35436/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------