IPhone OS 3.0: completely resolved security issues

Author: Xiao feixia, source: IT expert network

CoreGraphics

When processing the color space in CoreGraphics, heap buffer overflow may occur. Viewing a maliciously crafted image may cause unexpected application termination or arbitrary code execution, this security update solves the preceding problems by improving the border check.

Multiple Memory Corruption occurs during the processing of CoreGraphics PDF files. opening a malicious PDF file may cause the application to terminate suddenly or execute arbitrary code, this security update solves the above problems by improving the boundary and error check.

Multiple Heap Buffers Overflow occurs when CoreGraphics processes PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 Stream may lead to unexpected termination of the application or arbitrary code execution. This update solves the preceding problems by improving the boundary check.

Overflow of integers when CoreGraphics processes PDF files may cause heap buffer overflow. Opening a maliciously crafted PDF file may lead to unexpected termination of the application or arbitrary code execution. This update solves the preceding problems by improving the boundary check.

Integer Overflow during CoreGraphics processing PDF files may cause heap buffer overflow. Opening a PDF file containing a maliciously crafted JBIG2 Stream may cause unexpected termination of the application or arbitrary code execution. This update solves the preceding problems by improving the boundary check.

Multiple integers overflow exists in FreeType v2.3.8, the most serious of which may lead to unexpected termination of the application or arbitrary code execution. This update solves the preceding problems by improving the boundary check.

Exchange

Accepting untrusted Exchange server certificates causes an exception for storing each host name. The next time you access the Exchange Server contained in the exception list, your certificate will be accepted without prompt and verification. This may cause the disclosure of creden。 or application data. This update solves the above problem by improving untrusted certificate exception handling.

ImageIO

The pointer is not initialized during PNG image processing. Processing malicious PNG images may cause unexpected termination of applications or arbitrary code execution. This update solves the above problem by performing additional verification on the PNG image.

Unicode international component

The ICU has implementation problems when processing certain character encoding. When you use ICU to convert invalid byte sequences to Unicode, trailing bytes are considered part of the original character, which may cause excessive resource consumption. Attackers may exploit this vulnerability to bypass the filters used on the website to mitigate cross-site scripting attacks. This update solves the above problems by improving the processing of invalid byte sequences.

IPSec

Before Version 0.7.1, multiple memory leaks in racoon daemon of ipsec-tools may cause DOS. This update solves the above problems by improving memory management.

Libxml

Libxml2 2.6.16 has multiple vulnerabilities. The most serious vulnerability may cause unexpected termination of the application or arbitrary code execution. This update solves the above problem by updating the libxml2 System database to version 2.7.3.

Mail

Mail does not provide preference settings for disabling automatic remote image loading. An HTML email containing a remote image is automatically requested. The server storing remote images can determine whether the email has been read and the network address of the device. This update solves the above problem by adding preference settings for disabling automatic remote image loading.

If an application prompts a warning when the Mail call approval dialog box is displayed, the call will be called without user interaction. This update solves the above problem by not closing the call approval dialog box when other warnings appear.

MPEG-4 video codecs

An input validation issue occurred while processing the MPEG-4 video file. Viewing maliciously crafted MPEG-4 video files may cause unexpected device reset. This update addresses this issue by improving the processing of MPEG-4 video files.

Description file

Issues with processing the configuration description file may allow weak password policies to overwrite password policies that have been set through Exchange ActiveSync. This may allow a person with physical access to the device to bypass the password policy set through Exchange ActiveSync. This update solves the above problems by improving the processing of the configuration description file.

Safari

Clearing Safari History using the "Settings" application does not reset search history. In this case, another person with physical access to the device may be able to view the search history. This update solves this problem by deleting the search history when the Safari History is cleared by the "set" application.

Safari

Design problems exist in the same-source policy mechanism used to restrict interactions between websites. This policy allows websites to load Third-Party website pages into sub-frameworks. Attackers may use this framework to lure users into clicking a specific element in the framework, which is often referred to as the "clickjacking" attack. Malicious websites may manipulate users to perform abnormal operations, such as starting shopping. This update resolves the above problem by taking the industry standard X-Frame-Options extension header, allowing a single page to be displayed in the sub-Frame to be denied.

Telephony

Logic problems that occur when processing ICMP Response Request data packets may trigger judgment. By sending a maliciously crafted ICMP response packet, remote attackers may cause devices to reset unexpectedly. This update solves the above problem by deleting the argument.

WebKit

When WebKit processes invalid color strings in stacked style forms, memory corruption occurs. Access to a malicious website may cause unexpected termination of the application or arbitrary code execution. This update solves the above problem by improving the color string cleaning.

WebKit has a memory corruption issue when processing SVGList objects. Malicious Website access may cause arbitrary code execution. This update solves the preceding problems by improving the boundary check.

Cross-site Scripting exists in JavaScript context separation. Malicious web pages may use Event Handlers to execute scripts in the security context of the next web page loaded in their windows or frameworks. This update solves the above problem by ensuring that the event handler cannot directly affect the ongoing page transition.

Cross-site Scripting exists in JavaScript context separation. By enticing users to access malicious web pages, attackers can overwrite the document. implementation of embedded or parent documents that provide services in other security regions. This update resolves this issue by ensuring that document. implementation changes do not affect other documents.

There is a type conversion problem in WebKit JavaScript exception handling. If you try to assign an exception to a variable declared as a constant, the object will be converted to an invalid type, resulting in memory corruption. Access to a malicious website may cause unexpected termination of the application or arbitrary code execution. This update solves the above problem by ensuring that the allocation in the const declaration is written to the variable object.

There is a memory corruption issue in the implementation of WebKit JavaScript garbage collector. If the allocation fails, the memory write NULL pointer offset may occur, resulting in unexpected termination of the application or arbitrary code execution. This update resolves the problem by checking the allocation fault.

Multiple problems that WebKit encounters when processing JavaScript objects may cause cross-site scripting attacks. This update solves the above problem by improving the cross-site interaction processing of JavaScript objects.

WebKit has a memory corruption issue when processing recursion in some DOM Event Handlers. Access to a malicious website may cause unexpected termination of the application or arbitrary code execution. This update solves the above problems by improving memory management.

Cross-site Scripting in Safari allows malicious website modifications to the standard JavaScript prototype in websites that provide services from other domains. By enticing users to access malicious web pages, attackers can modify the JavaScript code that is provided by other websites. This update addresses the above issues by improving access control for such prototypes.

There is a memory consumption problem when processing HTMLSelectElement objects. Access to a maliciously crafted web page (HTMLSelectElement with a High Length attribute) may cause unexpected device reset. This update solves the above problem by improving the processing of the HTMLSelectElement object.

Cross-site image capturing is a problem in WebKit. By using a canvas with SVG images, a malicious website may load and capture images from other websites. This update addresses this issue by limiting the canvas (with images loaded from other websites) to read.

Cross-site image capturing is a problem in WebKit. By using canvases and redirection, malicious websites may load and capture images of other websites. This update solves the above problem by improving the redirection processing.

There is a problem in WebKit that allows HTML documents to access the framework content after the page transition. This may allow malicious websites to execute cross-site scripting attacks. This update solves the above problems by improving the domain check.

Safari uses predictable algorithms to provide random numbers for JavaScript applications. This may allow websites to track specific Safari sessions without using cookies, hidden form elements, IP addresses, or other techniques. This update solves the above problem by using a better random number generator.

WebKit has a CRLF Injection problem when processing the XMLHttpRequest Header. This may allow malicious websites to bypass the same-origin policy by publishing XMLHttpRequest that does not contain the Host header. XMLHttpRequest without Host Header may arrive at other websites on the same server and allow the JavaScript provided by attackers to interact with the above websites. This update solves the above problem by improving the XMLHttpRequest Header Processing.

The pointer is not initialized in CSS attr function processing. Malicious web pages may cause unexpected termination of applications or arbitrary code execution. This update solves the above problem by performing additional verification on CSS elements.

WebKit has XML external entity problems when processing XML. Accessing a malicious website may allow the website to read files from the user's system. This update solves the above problem by not loading external entities across origins.

When processing Extensible Stylesheet Language Transformations (XSLT), WebKit cannot correctly process redirection. This allows malicious websites to retrieve XML content on pages of other websites, which may cause leakage of sensitive information. This update solves the above problem by ensuring that the documents referenced in the conversion are downloaded from the same domain where the conversion is located.

WebKit has the use-after-free problem when processing JavaScript DOM. Access to a malicious website may cause unexpected termination of the application or arbitrary code execution. This update solves the above problems by improving the processing of document elements.

WebKit problems in processing Location and History objects may cause cross-site scripting attacks when accessing malicious websites. This update solves the above problem by improving Location and History object processing.