Thread: Security threat with iOS 4 and iPad and pdf's
View Single Post
Old 08-04-2010, 11:03 AM   #9
kjk
.
kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.kjk ought to be getting tired of karma fortunes by now.
 
Posts: 3,408
Karma: 5647231
Join Date: Oct 2008
Device: never enough
Quote:
Originally Posted by John F View Post
Could someone explain (at a high level) how this security hole could cause trouble. They mention "stack overflow" and "code in an embedded font" in the article, but I don't see why that code would be executed.

I'm a high level programmer, so you don't dumb it down too much.
http://www.f-secure.com/weblog/archives/00002002.html
http://www.vupen.com/english/advisories/2010/1992

Quote:
The first issue is caused by a memory corruption error when processing Compact Font Format (CFF) data within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page using Mobile Safari.

The second vulnerability is caused by an error in the kernel, which could allow attackers to gain elevated privileges and bypass sandbox restrictions.

Note: These flaws are currently being exploited by jailbreakme to remotely jailbreak Apple devices. The website redirects the browser to the appropriate PDF exploit file depending on the device model and version and then executes a first stage payload. Once done, a second stage payload is executed to gain root privileges on the device by exploiting the kernel vulnerability.
kjk is offline   Reply With Quote