Security-Protocols

Apple has released security update 2007-07-11 for QuickTime 7.2 which patches a couple flaws I had found about a year ago.

QuickTime
CVE-ID: CVE-2007-2295
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Viewing a maliciously crafted H.264 movie may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime’s
handling of H.264 movies. By enticing a user to access a maliciously
crafted H.264 movie, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of QuickTime H.264 movies. Credit to Tom Ferris of
Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for
reporting this issue.

Security-Protocols Advisory SP-X35
http://security-protocols.com/sp-x45-advisory.php

QuickTime
CVE-ID: CVE-2007-2296
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Viewing a maliciously crafted .m4v file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow vulnerability exists in QuickTime’s
handling of .m4v files. By enticing a user to access a maliciously
crafted .m4v file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of .m4v files. Credit to Tom Ferris of Security-Protocols.com for
reporting this issue.

Security-Protocols Advisory SP-X46
http://security-protocols.com/sp-x46-advisory.php

Below is a link to the Apple security updates page:

APPLE-SA-2007-07-11 QuickTime 7.2

Thats really all for now. I am cooking up some Safari 3 advisories which I will be posting within a few weeks.

So im over at the iPhoneDevCamp today which is being held at the Adobe building in San Francisco. So if you are in the area, and have an iPhone and are in the mood to develop some apps stop by. You wont even need to sign an NDA to get into the building. Below is a brief description of what the iPhoneDevCamp is:

iPhoneDevCamp is an upcoming gathering, inspired by BarCamp, SuperHappyDevHouse, and MacHack, to develop web-based applications and optimize web sites for iPhone. It is a non-commercial event, organized by volunteers, with attendance free to all. By the completion of the weekend event, a number of iPhone-ready web applications and web sites will be launched to the public. The event will be held at the San Francisco offices of Adobe, and out-of-town guests are welcome.

Attendees will include web designers, developers, testers, and iPhone owners, all working together over the weekend to improve the web experience for iPhone. Development projects will include both solo and team efforts. While some attendees will wish to work solo during the event, we encourage attendees to team up, based on expertise, to work in ad-hoc project development teams. All attendees should be prepared to work on a development project during the event. You do not need to own an iPhone to attend (although, a large number of iPhones at the event will make the development and testing process much easier).

Below is a link to the iPhoneDevCamp information page:

http://barcamp.org/iPhoneDevCamp

This was taken from the iPhone Wiki Development site:

<@gj> we are focusing all of our efforts at the moment on the restore process because
<@gj> we have noticed the following functions in restored_externak:
<@gj> external:
<@gj> CreateTextFile
<@gj> SetNVRam
<@gj> UpdateBaseBand
<@gj> UpdateNOR
<@gj> these filesystem functions are the key to permitting us to do interesting things because they will open up access to the device further
<@gj> in addition, we have successfully gotten a dmg onto the phone
<@gj> we are working on a tool for this
<@gj> I can’t confirm that the dmg will actually be readable.
<@gj> or that the phone will do anything with it
<@gj> but we have a tool that does decryption/re-encryption which may be released this evening depending on the moon’s phase and the tides
<@gj> we have a generic shell that does interesting stuff with the phone
<@gj> we are extending it to cover the restore process
<@gj> because we want to be able to issue these commands
<@gj> our proof of concept is solid, we seem to be able to issue the commands
<@gj> so
<@gj> that’s where we stand
<@gj> we have a lot of work ahead
<@gj> don’t ask me silly questions like “how long”
<@gj> because if I had that answer you would have it too
<@gj> let’s see, final notes
<@gj> we hit engadget (again) and have been interviewed for some periodical in brazil
<@gj> hopefully the report will come out positive
<@gj> the dev team has some tshirts in progress, two versions
<@gj> one for the “official” team and one for interested parties
<@gj> the interested party ones will sell, not sure about giving them out to donators, that will be up to the people running the donation piece
<@gj> i’m still working “PR” as it were
<@gj> appreciate all the offers of help
<@gj> my phone is at the dev team’s disposal and my contributions are mostly around the touchscreen and radio side
<@gj> I am working hard on deciphering some of that, you can see my notes on the wiki [[Gj’s curiosities]]
<@gj> anyway, that’s all

I can tell you this, they are very very close to overwriting the firmware. There is defiantly a race among many researchers around the world right now as to who will successfully unlock the iPhone as well as the SIM card.

Also if you have an iPhone and would like to spice it up with some wallpapers, check out: ThemeMyPhone.com.