Since we mentioned the codesigning bug disclosed by Charlie Miller (as discussed here a few days ago), I should also point out that it was fixed a couple of days later in the iOS update described here. Miller is slated to speak about the bug at SysCan in Taiwan (on 17th-18th November): I haven’t seen an agenda.
It also addresses:
- an issue with CFNetwork handling of maliciously crafted URLs
- memory corruption issues with Freetype that could have enabled arbitrary code execution
- an issue with certificates issued by DigiCert Malaysia
- an issue with libinfo’s handling of DNS lookups
- an iPad password lock issue
Apparently it also fixes the annoying battery drain issue.
David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus