Apple iOS 4.3 fixes security issues

The iOS 4.3 update contains new features, improvements, security and bug fixes.

CoreGraphics
Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.3. Further information is available via the FreeType site at http://www.freetype.org/

ImageIO
A buffer overflow existed in libTIFF’s handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

A buffer overflow existed in libTIFF’s handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

libxml
A double free issue existed in libxml’s handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

Networking
The IPv6 address chosen by the device contains the device’s MAC address when using stateless address autoconfiguration (SLAAC). An IPv6 enabled server contacted by the device can use the address to track the device across connections. This update implements the IPv6 extension described in RFC 3041 by adding a temporary random address used for outgoing connections.

Safari
A maliciously crafted website may contain javascript that repeatedly causes another application on the device to launch via its URL handler. Visiting this website with MobileSafari will cause MobileSafari to exit and the target application to be launched. This sequence would continue each time MobileSafari is opened. This issue is addressed by returning to the previous page when Safari is re-opened after another application was launched via its URL handler.

In some circumstances, clearing cookies via Safari Settings while Safari is running has no effect. This issue is addressed through improved handling of cookies. This issue does not affect systems prior to iOS 4.0.

WebKit
Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

If a site uses HTTP Basic Authentication and redirects to another site, the authentication credentials may be sent to the other site. This issue is addressed through improved handling of credentials.

A cross-origin issue existed in WebKit’s handling of the Attr.style accessor. Visiting a maliciously crafted website may allow the site to inject CSS into other documents. This issue is addressed by removing the Attr.style accessor.

A cache poisoning issue existed in WebKit’s handling of cached resources. A maliciously crafted website may be able to prevent other sites from requesting certain resources. This issue is addressed through improved type checking.

Wi-Fi
A bounds checking issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset.