---------------------------------------------------------------------- We have updated our website, enjoy! http://secunia.com/ ---------------------------------------------------------------------- TITLE: Apple iPod Touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31823 VERIFY ADVISORY: http://secunia.com/advisories/31823/ CRITICAL: Highly critical IMPACT: Hijacking, Security Bypass, Spoofing, Exposure of sensitive information, System access WHERE: >From remote OPERATING SYSTEM: Apple iPod touch http://secunia.com/advisories/product/16074/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iPod touch, which can be exploited by malicious applications to bypass certain security features and by malicious people to poison the DNS cache, spoof TCP connections, or potentially compromise a user's device. 1) An error in the application sandbox causes it to not properly enforce access restrictions between third-party applications. This can be exploited by one application to read another application's files. 2) Multiple errors exist in the included version of FreeType, which potentially can be exploited by malicious people to execute arbitrary code when accessing specially crafted font data. For more information: SA30600 3) mDNSResponder does not provide sufficient randomization, which can be exploited to poison the DNS cache. For more information: SA30973 4) Generation of predictable TCP initial sequence numbers can be exploited to spoof TCP connections or hijack sessions. 5) A use-after-free error in WebKit when handling CSS import statements can potentially be exploited to execute arbitrary code via a specially crafted website. SOLUTION: Update to version 2.1. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nicolas Seriot of Sen:te and Bryce Cogswell. 3) The vendor credits Dan Kaminsky, IOActive. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3026 OTHER REFERENCES: SA30600: http://secunia.com/advisories/30600/ SA30973: http://secunia.com/advisories/30973/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------