Slashdot Mirror

← Back to Stories (view on slashdot.org)

CoreText Font Rendering Bug Leads To iOS, OS X Exploit

Posted by timothy on from the click-carefully dept.

redkemper writes with this news from BGR.com (based on a report at Hacker News), excerpting: "Android might be targeted by hackers and malware far more often than Apple's iOS platform, but that doesn't mean devices like the iPhone and iPad are immune to threats. A post on a Russian website draws attention to a fairly serious vulnerability that allows nefarious users to remotely crash apps on iOS 6, or even render them unusable. The vulnerability is seemingly due to a bug in Apple's CoreText font rendering framework, and OS X Mountain Lion is affected as well."

9 of 178 comments (clear)

  1. Character-based displays FTW! by sootman · · Score: 5, Funny

    I am totally safe.

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  2. Re:Who says? by larry+bagina · · Score: 5, Informative

    The Department of Homeland Security and FBI.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  3. Here's a link to the crasher string in question by Anonymous Coward · · Score: 5, Informative

    Here's a link to the crasher string in question:

    http://pastebin.com/kDhu72fh

    (warning: will crash Safari on OS X 10.8. Firefox doesn't crash.)

  4. Re:Who says? by P-niiice · · Score: 4, Informative

    The freedom to allow apps permissions for you system brings risks. Read the permissions screen before clicking 'allow', folks.

  5. Re:Le sigh. by Derek+Pomery · · Score: 5, Informative

    Did you know that TTF fonts are turing complete?
    http://en.wikipedia.org/wiki/True_Type_Font#Hinting_language

    "It really worries me that the FreeType font library is now being made to accept untrusted content from the web.

    The library probably wasnâ(TM)t written under the assumption that it would be fed much more than local fonts from trusted vendors who are already installing arbitrary executable on a computer, and itâ(TM)s already had a handful of vulnerabilities found in it shortly after it first saw use in Firefox.

    It is a very large library that actually includes a virtual machine that has been rewritten from pascal to single-threaded non-reentrant C to reentrant C⦠The code is extremely hairy and hard to review, especially for the VM."

    http://hackademix.net/2010/03/24/why-noscript-blocks-web-fonts/

    --
    -- perl -e'print pack"H*","6e656d6f406d38792e6f7267"' /. ate my old sig. Bastards.
  6. Good thing Slashdot doesn't support Unicode! by Anonymous Coward · · Score: 5, Funny

    Otherwise someone would post it in the comments here and crash iPhone users' browser!

  7. Re:iOS doesn't have exploits by gnasher719 · · Score: 5, Informative

    I thought Apple added address space randomization back in Leopard? What happened?

    The problem that was reported leads to a crash. A crash is _safe_. An attacker can't gain any advantage by crashing your computer. They can merely annoy you.

    Address Space Randomization cannot prevent crashes. Its purpose is to prevent crashes being turned into exploits. An attacker does two things: Find a way to make your software fail, then find a way to turn that failure into an advantage for the attacker. The second part is where Address Space Randomization comes in. The next step is Sandboxing, where even if the attacker finds a way past ASR and takes over your code, your code would be in a sandbox and can't do any harm outside.

  8. Re:Who says? by 0123456 · · Score: 4, Insightful

    Right, because having users manage their own risk profile has worked out so well in the PC/Windows world...

    Indeed. Letting someone else control your computer is much safer.

    Android's big problem is that you have no way of saying 'no, I'm not giving this app that permission', and can only choose to install or not install the Fluffy Kitty Screen Saver that wants access to your filesystem, the Internet, and the ability to send SMS messages.

  9. Re:Who says? by RoboJ1M · · Score: 4, Interesting

    Agreed.

    It's the same as Windows, you just target what gets you the largest return. Organised crime is a business, just like any other.
    However there is still the walled garden thing, even if Apple went back up to a 50:50 market share with Android, Android would get targeted more because every Android user can choose to install any application and give that app the permission to email their bank details to Russia.

    With iOS they have to wait for a good ol' fashioned buffer overflow before they can grab anything I guess.
    Unless you get that with iOS too? I don't know I've never owned one.

    But the 8:2 logic holds up, when the sample size it that large I'm guessing that's exactly the reason why.

    Ultimately it's all moot.

    If Apple had 100% of the market share this is what would happen:

    The crims would send everyone sms/emails with links to pages that asked them for their passwords an X percent of users would give it to them.

    No amount of security or walled gardens get around the fact most of you are really really thick.

    You don't have to install Cute Kitty Wallpapers with internet, sms and bank details access.
    Because that's all this "malware" is, it's not big or clever, 50% are just from the wrong side of the bell curve.

    Oh, an I use Linux.
    On the Desktop.
    Well, I used to, because who the hell uses a desktop anymore anyway?
    Have you seen this cute screensaver I found!!!