CVE-2011-3439 - Buffer Errors vulnerability in Apple Iphone OS

Publication

2011-11-11

Last modification

2012-12-19

Summary

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

Description

Apple iOS is prone to multiple memory corruption vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions. The following Apple systems are vulnerable: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S iOS 3.1 through 5.0 for iPod touch (3rd generation) and later iOS 3.2 through 5.0 for iPad iOS 4.3 through 5.0 for iPad 2

Solution

Updates are available. Please see the references for more information. MandrakeSoft Enterprise Server 5 Mandriva libfreetype6-2.3.7-1.9mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva libfreetype6-devel-2.3.7-1.9mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/ Mandriva libfreetype6-static-devel-2.3.7-1.9mdvmes5.2.i586.rpm http://www.mandriva.com/en/downloads/

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Apple Iphone OS  4.2.9 , 3.1.2 , 3.0 , 2.0.2 , 4.1 , 1.0 , 3.2 , 1.0.1 , 3.0.1 , 2.2 , 2.1.1 , 2.0.1 , 1.1 , 4.2.5 , 2.2.1 , 4.3.0 , 3.1.3 , 4.3.1 , 3.1 , 5.0 , 1.1.4 , 1.1.1 , 4.0.1 , 4.2.8 , 1.0.2 , 4.2 , 4.3.3 , 2.0 , 4.3.5 , 1.1.0 , 3.2.1 , 4.2.1 , 4.3.4 , 3.2.2 , 1.1.3 , 4.3.2 , 4.0.2 , 2.1 , 4.0 , 2.0.0 , 1.1.5 , 1.1.2 , 1.0.0