Where facts are few, experts are many.

Sample navigation menu:

Home | Objectives | Tools & Research Advisories Blog | Contact |

Advisories

G-SEC™ regularly publishes advisories about vulnerabilities that we discovered during our research. G-SEC™ tries to follow responsible disclosure guidelines whenever possible.

More information »

Advisories

iPhone &iPod Touch - Remote arbritary code execution

Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
CVE : CVE-2009-1698
BID : 35318
Credit : http://support.apple.com/kb/HT3639
Discovered by : Thierry Zoller

Affected products :

• iPhone OS 1.x through 2.2.1
• iPhone OS for iPod touch 1.x through 2.2.1
  

I. Background

Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "

II. Description

Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code.

III. Impact

Arbritary remode code execution can be achieved by creating a special website and entice

IV. Proof of concept

None will be released

V. Disclosure timeline

Nothing particular to note.

Note: All trademarks mentioned herein belong to their respective owners.

© 2009 - 2019 G-SEC™