Credit to Aaron Sigel of for reporting this issue. This issue is addressed by ensuring that the user is prompted before a call is initiated from a link. By injecting the contents of a requested ad with a link containing a URL scheme used to initiate a call, an attacker in a privileged network position may be able to cause a call to occur. An iAd is requested by an application, either automatically or through explicit user action. Impact: An attacker in a privileged network position may be able to cause a call to be initiatedĭescription: A URL handling issue exists in iAd Content Display.
#Download vshare for ios 4.2.1 update#
This update addresses the issue through improved bounds checking.
#Download vshare for ios 4.2.1 pdf#
Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. Impact: Viewing a PDF document with maliciously crafted embedded fonts may allow arbitrary code executionĭescription: A heap buffer overflow exists in FreeType’s handling of TrueType opcodes. Further information is available via the FreeType site at These issues are addressed by updating FreeType to version 2.4.2. Impact: Multiple vulnerabilities in FreeType 2.4.1ĭescription: Multiple vulnerabilities exist in FreeType 2.4.1, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This issue is addressed through improved validation of profile signatures. A maliciously crafted configuration profile may appear to have a valid signature in the configuration installation utility. Impact: A user may be misled into installing a maliciously crafted configuration profileĭescription: A signature validation issue exists in the handling of configuration profiles. We’re including the full security patch notes for your convenience:Īvailable for: iOS 2.0 through 4.1 for iPhone 3G and later, iOS 2.1 through 4.1 for iPod touch (2nd generation) and later, iOS 3.2 through 3.2.2 for iPad You can update your iOS device through iTunes. Updated components include an issue effecting configuration profiles, graphics, fonts, an issue with iAd, Mail, a networking issue, one issue specific to Safari, and then a metric tonne of fixes for Webkit, the rendering engine used by Safari and other iOS apps that display Web pages. Apple released iOS 4.2.1 for iPhone, iPad, and iPod touch, and the security patch notes show the release includes 41 security fixes, many of them for serious issues.