Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Apple races clock to patch iPhone bugs

Posted: 06 Aug 2007 ?? ?Print Version ?Bookmark and Share

Keywords:Apple iPhone? iPhone bugs? fix patches?

Apple released patches for iPhone bugs less than two days before researchers were to present information about the vulnerabilities at the BlackHat conference last week.

The patches Apple released were for bugs that could let hackers take control of the red-hot iPhone. The fixes came as part of a giant patch release that Apple issued late July 31 to take care of about 50 vulnerabilities that stretch across the iPhone, Mac OS X, Windows Vista and the Safari browser.

One advisory focuses on vulnerabilities in Safari in Mac OS X, along with Microsoft's Windows XP and Windows Vista. A stack buffer overflow vulnerability exists in Safari's bookmark handling that could lead to an unexpected application termination or arbitrary code execution in Windows XP or Windows Vista, according to the advisory. Apple also noted a heap buffer overflow in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. That flaw, which could cause arbitrary code execution, affects the Windows platform, along with Mac OS X.

Another advisory patches about 45 vulnerabilities in a plethora of Mac OS X components, including a flaw in iChat that could enable an attacker on the local network to cause a denial-of-service or arbitrary code execution. Apple also patched several vulnerabilities in its WebCore framework, which provides an HTML layout engine for Mac OS X, along with several flaws in Samba, a software suite that provides file and print services to clients.

The fixes getting the most attention across the Internet are for the iPhone.

A few weeks ago, three researchers from Independent Security Evaluators announced they have developed a proof-of-concept exploit for a vulnerability that would let a remote attacker steal information off the popular device. Charlie Miller, who worked on the research along with Jake Honoroff and Joshua Mason, is set to present the full details of the iPhone exploit at the BlackHat USA Conference August 2.

The five iPhone patches that Apple released deal with two flaws in Safari, one in WebCore, and two in WebKit, an application framework for Mac OS X.

The two Safari bugs are both triggered when a user visits a malicious Webpage. One allows for cross-site scripting and the other causes arbitrary code execution.

- Sharon Gaudin

Article Comments - Apple races clock to patch iPhone bu...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top