About the security content of iOS 4.1 for iPhone and iPod touch

This document describes the security content of iOS 4.1 for iPhone and iPod touch.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

iOS 4.1 for iPhone and iPod touch

  • Accessibility

    CVE-ID: CVE-2010-1809

    Available for: iOS 3.0 through 4.0.2 for iPhone 3GS and later, iOS 3.0 through 4.0.2 for iPod touch (3rd generation)

    Impact: An application's use of location services may not be announced through VoiceOver

    Description: A user interface accessibility issue exists in the settings panel for Location Services. VoiceOver does not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours. This issue is addressed by ensuring that VoiceOver announces the presence of the icon. Credit to Robin Kipp of Forever Living Products Europe for reporting this issue.

  • FaceTime

    CVE-ID: CVE-2010-1810

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: An attacker in a privileged network position may be able to redirect FaceTime calls

    Description: An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls. This issue is addressed through improved handling of certificates. Credit to Aaron Sigel of vtty.com for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-1811

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of TIFF images. Credit: Apple.

  • ImageIO

    CVE-ID: CVE-2010-1817

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Processing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow exists in the handling of GIF images. Processing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tom Ferris of Adobe PSIRT for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1786

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of "foreignObject" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1770

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A type checking issue exists in WebKit's handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved type checking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1785

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access issue exists in WebKit's handling of the ":first-letter" and ":first-line" pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering ":first-letter" or ":first-line" pseudo-elements in SVG text elements. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1780

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus. Credit to Tony Chang of Google, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1793

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents. Credit to Aki Helin of OUSPG for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1421

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may change the contents of the clipboard

    Description: A design issue exists in the implementation of the JavaScript execCommand function. A maliciously crafted web page can modify the contents of the clipboard without user interaction. This issue is addressed by only allowing clipboard commands to be executed if initiated by the user. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-1422

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Interacting with a maliciously crafted website may result in unexpected actions on other sites

    Description: An implementation issue exists in WebKit's handling of keyboard focus. If the keyboard focus changes during the processing of key presses, WebKit may deliver an event to the newly-focused frame, instead of the frame that had focus when the key press occurred. A maliciously crafted website may be able to manipulate a user into taking an unexpected action, such as initiating a purchase. This issue is addressed by preventing the delivery of key press events if the keyboard focus changes during processing. Credit to Michal Zalewski of Google, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1771

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of fonts. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of fonts. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-1783

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

  • WebKit

    CVE-ID: CVE-2010-1764

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a website that redirects form submissions may lead to an information disclosure

    Description: A design issue exists in WebKit's handling of HTTP redirects. When a form submission is redirected to a website that also does a redirection, the information contained in the submitted form may be sent to the third site. This issue is addressed through improved handling of HTTP redirects. Credit to Marc Worrell of WhatWebWhat for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1782

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to wushi of team509 for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1781

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A double free issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to James Robinson of Google, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1784

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1787

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.

  • WebKit

    CVE-ID: CVE-2010-1791

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices. Credit to Natalie Silvanovich for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1788

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "use" elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1812

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of selections. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of selections. Credit to chipplyman for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1813

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's rendering of HTML object outlines. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Jose A. Vazquez of spa-s3c.blogspot.com for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1814

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of form menus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is fixed through improved handling of form menus. Credit to Csaba Osztrogonac of University of Szeged for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1815

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue.

FaceTime is not available in all countries or regions.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: