iPhone &iPod Touch - Remote arbritary code execution
Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
CVE : CVE-2009-1698
BID : 35318
Credit : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller
Affected products :
- iPhone OS 1.x through 2.2.1
- iPhone OS for iPod touch 1.x through 2.2.1
I. BackgroundWikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "
II. DescriptionCalling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code.
III. ImpactArbritary remode code execution can be achieved by creating a special website and entice
IV. Proof of concept
None will be released
V. Disclosure timeline
Nothing particular to note.
Note: All trademarks mentioned herein belong to their respective owners.