ArchLinux: 201701-34: libimobiledevice: access restriction bypass
Summary
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers on the local network to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
Resolution
Upgrade to 1.2.0-4.
# pacman -Syu "libimobiledevice>=1.2.0-4"
The problem has been fixed upstream but no release is available yet.
References
https://www.openwall.com/lists/oss-security/2016/05/26/6 https://security.archlinux.org/CVE-2016-5104
Workaround
None.