Fell quite behind on this one, here it is. ___________________________________________________________________ Phone &iPod Touch - Remote arbritary code execution ___________________________________________________________________ Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution WWW : http://www.g-sec.lu/iphone-remote-code-exec.html CVE : CVE-2009-1698 BID : 35318 Credit : http://support.apple.com/kb/HT3639 Discovered by : Thierry Zoller Affected products : - iPhone OS 1.x through 2.2.1 - iPhone OS for iPod touch 1.x through 2.2.1 I. Background ¨¨¨¨¨¨¨¨¨¨¨¨¨¨ Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include " II. Description ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨ Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code. III. Impact ¨¨¨¨¨¨¨¨¨¨¨ Arbitrary remote code execution can be achieved by creating a special website and entice the victim into visiting that site. IV. Proof of concept ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨ None will be released VI. About ¨¨¨¨¨¨¨¨¨¨ G-SEC ltd. is an independent security consultancy group, founded to address the growing need for allround (effective) security consultancy in Luxembourg. By providing extensive security auditing, rigid policy design, and implementation of cutting-edge defensive/offensive systems, G-SEC ensures robust, thorough, and uncompromising protection for organizations seeking enterprise wide data security.