iOS 4.2: Multiple Vulnerabilities

Users of iOS 4.2 please be advised of multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

APPLE-SA-2010-11-22-1: [APPLE-SA-2010-11-22-1] iOS 4.2 – Multiple Vulnerabilities
Description: A signature validation issue exists in the handling of

configuration profiles. A maliciously crafted configuration profile

may appear to have a valid signature in the configuration

installation utility. This issue is addressed through improved

validation of profile signatures.
Description: Multiple vulnerabilities exist in FreeType 2.4.1, the

most serious of which may lead to arbitrary code execution when

processing a maliciously crafted font. These issues are addressed by

updating FreeType to version 2.4.2.
Description: A heap buffer overflow exists in FreeType’s handling of

TrueType opcodes. Viewing a PDF document with maliciously crafted

embedded fonts may lead to an unexpected application termination or

arbitrary code execution. This update addresses the issue through

improved bounds checking.

Read more at http://www.criticalwatch.com

 

Advertisements