iOS 4.2: Multiple Vulnerabilities

Users of iOS 4.2 please be advised of multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

APPLE-SA-2010-11-22-1: [APPLE-SA-2010-11-22-1] iOS 4.2 - Multiple Vulnerabilities

Description: A signature validation issue exists in the handling of configuration profiles. A maliciously crafted configuration profile may appear to have a valid signature in the configuration installation utility. This issue is addressed through improved validation of profile signatures.

Description: Multiple vulnerabilities exist in FreeType 2.4.1, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2.

Description: A heap buffer overflow exists in FreeType's handling of TrueType opcodes. Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gALq2x