Dva sigurnosna nedostatka paketa Numbers

U programskom paketu Numbers u iOS operacijskom sustavu, otkrivena su dva sigurnosna nedostatka koja se mogu iskoristiti za izvođenje DoS napada i pokretanje proizvoljnog programskog koda.

Paket:	Numbers 1.x
Operacijski sustavi:	Apple iOS 1.x
Problem:	korupcija memorije, preljev međuspremnika
Iskorištavanje:	udaljeno
Posljedica:	proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2010-3785, CVE-2010-3786
Izvorni ID preporuke:	APPLE-SA-2011-10-12
Izvor:	Apple

Problem:
Nedostaci su uzrokovani preljevom međuspremnika i korupcijom memorije pri otvaranju posebno oblikovane Excel datoteke.
Posljedica:
Udaljeni napadač može iskoristiti nedostatke podmetanjem posebno oblikovane Excel datoteke čije otvaranje omogućuje DoS napad i izvršavanje proizvoljnog programskog koda.
Rješenje:
Korisnicima se savjetuje korištenje dostupne nadogradnje.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-10-12-6 Numbers for iOS v1.5

Numbers for iOS v1.5 is now available and addresses the following:

Numbers
Available for:  iOS
Impact:  Opening a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of Excel
files. Opening a maliciously crafted Excel file in Numbers may lead
to an unexpected application termination or arbitrary code execution.
CVE-ID
CVE-2010-3785 : Apple

Numbers
Available for:  iOS
Impact:  Opening a maliciously crafted Excel file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
Excel files. Opening a maliciously crafted Excel file in Numbers may
lead to an unexpected application termination or arbitrary code
execution.
CVE-ID
CVE-2010-3786 : Tobias Klein, working with VeriSign iDefense Labs


Numbers for iOS v1.5 is available for download via the App Store.

To check the current version of software, select
"Settings -> Numbers -> Version".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJOlcxCAAoJEGnF2JsdZQee7tMIAJtNNcOQFU52GXh/kqFm0fkL
Ag5iBQUViwUR2vfSCqRWkdWViNnLdoUW+mOYCkzsPiVdFtP50iaNRfxVlsuhq5CS
Ty/MJ1G6lVUZwGCc8T2qaJxa0dc2wOL01lTgL5cCz15uweaKw9aMfUh00p28xyXr
YaF44RTmcY/DDr66XB5Hilc8B8gvShOm9jSAiHeo1yWLEDmn18RQweXelHJCpyP/
kNf6ldO+ORfkGKXqInHXKE/O6VmeuqsYYMFPO43ZP34Dj/nKzuqHmCCsLCI6/S2G
UVhooJxJXa2XJ4/GxA1eI+pv0WJgIWWZu48xaRVMuZmmn089dIBgtQsKkZlTWPA=
=J04W
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/advisory%40lss.hr

This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Dva sigurnosna nedostatka paketa Numbers

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Dva sigurnosna nedostatka paketa Numbers

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti