ID

VAR-201107-0026

CVE

CVE-2011-0227

TITLE

Apple iOS of IOMobileFrameBuffer Vulnerability gained in

DESCRIPTION

The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. Apple iOS for iPhone, iPod touch, and iPad is prone to a local privilege-escalation vulnerability. Successfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. NOTE: This issue is related to the vulnerability discussed in BID 48619 (FreeType 'src/psaux/t1decode.c' Memory Corruption Vulnerability) in that it was used to jailbreak iOS devices through 'JailbreakMe 3.0'. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update iOS 4.3.4 Software Update is now available and addresses the following: CoreGraphics Available for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in FreeType's handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2010-3855 CoreGraphics Available for: iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue exists in FreeType's handling of Type 1 fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-0227 Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. We recommend applying the update immediately if possible. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. The version after applying this update will be "4.3.4 (8K2)". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJOHxUUAAoJEGnF2JsdZQees68IAKfVMxNu9e4y9uiqTHTJffJI iqqAi7rw8bWHHaynyn32+XrEPnhljiaghsN1jMkt8pkkwedHuyrI7tKA8g7hrpbQ rlZO+6dvwmbaKMUE8DuKxs2dJLE/9zaQw8rndJikxSfqTYpctcGPAMg+yMt5Y0eA 5ssBPYbl4xaDEWJIJi46oonxhdqvjBLkGG46FeS2TDk4jM5WQFFc2QfuC2ami4o7 EhOZuA6t4eNaa3CLevWkQjWwkWO2Mp2f90mOTlCLobxb3hfSf43eW/sjmjiSK1lR 121G/89TJW3DnkhU1APnoJ8EOk02U7QR1k4u7DblYxMI6WA+rhx5yYW4yRfaN9E= =e4ew -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

permissions and access control

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

local

SOURCES

LAST UPDATE DATE

2025-04-11T20:52:57.866000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE