Gents, During the 1st HITB Amsterdam 2010, TEHTRI-Security made advisories about security issues on handled devices (iPhone, HTC, iPad, BlackBerry, etc). As we made penetration tests for more than 15 years on highly sensitive networks, we were luckily able to find vulnerabilities working on those devices, thanks to audits & fuzzing in our lab. Basically, the offensive stuff shared with Apple security team, could allow an attacker to abuse a vulnerability in the CFNetwork library (stack overflow) on the iPhone devices. Notice that if you already updated your iPhone with iOS4, our exploits for this particular vulnerability would not work anymore. ( search for "CVE-2010-1752" here: http://support.apple.com/kb/ht4225 ) But, thanks to our proof of concepts (client-side attacks), it was not only possible to abuse the iPhone devices, but also any current Mac OS X ( Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4 ). Hopefully, this week, Apple released many interesting security patches for Mac OS X, and one of them will allow Mac end users to avoid those kind of client-side attacks and stack overflows against the CFNetwork library (which is used by many applications, like Safari). If you want more information, we wrote some lines on our blog: http://blog.tehtri-security.com/2010/11/cve-2010-1752-back-to-mac.html And it's also covered on Apple web site. ( search "CVE-2010-1752" here too: http://support.apple.com/kb/HT4435 ). Happy update, Apple folks ;-) Best regards, Laurent OUDOT, from Abu Dhabi, UAE @ BlackHat Briefings ( http://blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html#Oudot ) TEHTRI-Security - "This is not a Game." http://www.tehtri-security.com/ http://twitter/tehtris
