About the security content of iOS 4.1 for iPhone and iPod touch
This document describes the security content of iOS 4.1 for iPhone and iPod touch.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
iOS 4.1 for iPhone and iPod touch
Accessibility
CVE-ID: CVE-2010-1809
Available for: iOS 3.0 through 4.0.2 for iPhone 3GS and later, iOS 3.0 through 4.0.2 for iPod touch (3rd generation)
Impact: An application's use of location services may not be announced through VoiceOver
Description: A user interface accessibility issue exists in the settings panel for Location Services. VoiceOver does not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours. This issue is addressed by ensuring that VoiceOver announces the presence of the icon. Credit to Robin Kipp of Forever Living Products Europe for reporting this issue.
FaceTime
CVE-ID: CVE-2010-1810
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: An attacker in a privileged network position may be able to redirect FaceTime calls
Description: An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls. This issue is addressed through improved handling of certificates. Credit to Aaron Sigel of vtty.com for reporting this issue.
ImageIO
CVE-ID: CVE-2010-1811
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of TIFF images. Credit: Apple.
ImageIO
CVE-ID: CVE-2010-1817
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Processing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of GIF images. Processing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tom Ferris of Adobe PSIRT for reporting this issue.
WebKit
CVE-ID: CVE-2010-1786
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of "foreignObject" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
CVE-ID: CVE-2010-1770
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A type checking issue exists in WebKit's handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved type checking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
CVE-ID: CVE-2010-1785
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's handling of the ":first-letter" and ":first-line" pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering ":first-letter" or ":first-line" pseudo-elements in SVG text elements. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
CVE-ID: CVE-2010-1780
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus. Credit to Tony Chang of Google, Inc. for reporting this issue.
WebKit
CVE-ID: CVE-2010-1793
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents. Credit to Aki Helin of OUSPG for reporting this issue.
WebKit
CVE-ID: CVE-2010-1421
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may change the contents of the clipboard
Description: A design issue exists in the implementation of the JavaScript execCommand function. A maliciously crafted web page can modify the contents of the clipboard without user interaction. This issue is addressed by only allowing clipboard commands to be executed if initiated by the user. Credit: Apple.
WebKit
CVE-ID: CVE-2010-1422
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Interacting with a maliciously crafted website may result in unexpected actions on other sites
Description: An implementation issue exists in WebKit's handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase. This issue is addressed by preventing the delivery of key press events if the keyboard focus changes during processing. Credit to Michal Zalewski of Google, Inc. for reporting this issue.
WebKit
CVE-ID: CVE-2010-1771
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of fonts. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of fonts. Credit: Apple.
WebKit
CVE-ID: CVE-2010-1783
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
WebKit
CVE-ID: CVE-2010-1764
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a website that redirects form submissions may lead to an information disclosure
Description: A design issue exists in WebKit's handling of HTTP redirects. When a form submission is redirected to a website that also does a redirection, the information contained in the submitted form may be sent to the third site. This issue is addressed through improved handling of HTTP redirects. Credit to Marc Worrell of WhatWebWhat for reporting this issue.
WebKit
CVE-ID: CVE-2010-1782
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.
WebKit
CVE-ID: CVE-2010-1781
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A double free issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to James Robinson of Google, Inc. for reporting this issue.
WebKit
CVE-ID: CVE-2010-1784
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.
WebKit
CVE-ID: CVE-2010-1787
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
WebKit
CVE-ID: CVE-2010-1791
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices. Credit to Natalie Silvanovich for reporting this issue.
WebKit
CVE-ID: CVE-2010-1788
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "use" elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.
WebKit
CVE-ID: CVE-2010-1812
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of selections. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to chipplyman for reporting this issue.
WebKit
CVE-ID: CVE-2010-1813
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering of HTML object outlines. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.
WebKit
CVE-ID: CVE-2010-1814
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of form menus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is fixed through improved handling of form menus. Credit to Csaba Osztrogonac of University of Szeged for reporting this issue.
WebKit
CVE-ID: CVE-2010-1815
Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue.
FaceTime is not available in all countries or regions.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.