Vulnerabilidad en Apple iPhone

VM-Vulnerabilidad

 

#Apple anuncia una #Vulnerabilidad en #iPhone

APPLE-SA-2011-07-15-1 iOS 4.3.4 Software Update

iOS 4.3.4 Software Update is now available and addresses the following:

CoreGraphics
Available for:
iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM),
iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later,
iOS 3.2 through 4.3.3 for iPad

Impact:  Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description:  A buffer overflow exists in FreeType’s handling of TrueType fonts. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-3855

Installation note:

This update is only available through iTunes, and will not appear in your computer’s Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple’s update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don’t Install will present the option the next time you connect your iPhone, iPod touch, or iPad.

The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update will be “4.3.4 (8K2)”.

Information will also be posted to the Apple Security Updates web site:
http://support.apple.com/kb/HT1222

Tags: , ,

Professional Ethical Hacker, Pentester & Forensics Investigator MPCS, CEH v8, CSSP, CICP-CICAP HTCIA Member & ISECOM Member Twitter: @victormirandamx

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930