Wednesday, September 8, 2010

Apple fixes CVE-2010-1810 in iOS 4.1

Apple's description from http://support.apple.com/kb/HT4334 :

FaceTime
CVE-ID:  CVE-2010-1810
Available for:  iOS 2.0 through 4.0.2 for iPhone 3G and later,
iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later
Impact:  An attacker in a privileged network position may be able to
redirect FaceTime calls
Description:  An issue in the handling of invalid certificates may
allow an attacker in a privileged network position to redirect
FaceTime calls. This issue is addressed through improved handling of
certificates. Credit to Aaron Sigel of vtty.com for reporting this
issue.
The difference between redirecting and fully Man-in-the-middle attacking FaceTime is kind of big gigantic, but this still leaves room for certain attacks.  As a side note, I wonder if those guys from packetstan.com are planning on issuing any retractions from their FaceTime analysis.

No comments:

Post a Comment