‫ Apple iOS Multiple Vulnerabilities

IRCAD2013092903
ID: IRCAD2013092903
Release Date: 2013-09-19
Criticality level: Highly critical
Software:
Apple iOS 4.x for iPhone 3GS and later
Apple iOS 4.x for iPhone 4 (CDMA)
Apple iOS 5.x for iPhone 3GS and later
Apple iOS 6.x for iPhone 3GS and later
Apple iOS for iPad 4.x
Apple iOS for iPad 5.x
Apple iOS for iPad 6.x
Apple iOS for iPod touch 6.x
Description:
Multiple weaknesses, a security issue, and some vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose sensitive information, conduct brute-force, spoofing, and cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device.
1) A boundary error exists in the CoreGraphics component.
2) A boundary error exists in the CoreMedia component.
3) A boundary error exists in the ImageIO component.
4) An error when handling interface events related to foreground and background processes within the IOKit component can be exploited to inject events to otherwise restricted foreground processes via the task completion or VoIP APIs.
5) A boundary error within the IOSerialFamily component can be exploited to bypass certain application restrictions and execute arbitrary code within the kernel.
6) An error exists within the IPSec component.
7) An error when handling certain packet fragments within the Kernel component can be exploited to cause a device to restart by sending specially crafted packet fragments.
8) An error when handling IPv6 ICMP packets within the Kernel component can be exploited to cause a high CPU load.
9) A boundary error when handling arguments to the posix_spawn API within the Kernel component can be exploited to bypass certain process restrictions and subsequently execute arbitrary code with kernel privileges.
10) An error within the Kext Management component does not properly verify authorisation, which can be exploited to bypass certain process restrictions and subsequently modify the set of loaded kernel extensions.
11) Multiple errors exists in the libxml component.
12) Multiple errors exist in the libxslt component.
13) A race condition error when handling phone calls and SIM card ejection within the Passcode Lock component can be exploited to bypass the passcode lock.
14) An error when generating passwords with weak entropy within the Personal Hotspot component can potentially be exploited to gain knowledge of the Personal Hotspot password via brute-force attacks.
15) An error within the Push Notifications component does not properly restrict access to a push notification token, which can be exploited to gain access to otherwise restricted push notifications.
16) A boundary error within the Safari component when handling XML files can be exploited to corrupt memory and execute arbitrary code.
17) An error within the Safari component when handling "Content-Type: text/plain" headers can potentially be exploited to conduct cross-site scripting attacks.
18) An error within the Safari component can be exploited to display an arbitrary URL in the URL bar.
19) An error within the Sandbox component when handling scripts can be exploited to bypass sandbox restrictions.
20) An error within the Springboard component does not properly restrict access to notifications on a device in Lost Mode, which can be exploited to view otherwise restricted notifications.
21) An error within the Telephony component does not properly restrict access to interfaces exposed by the telephony daemon, which can be exploited to interfere with or control telephony functionality by sending a direct request to a system daemon.
22) An error within the Twitter component does not properly restrict access to to interfaces exposed by the Twitter daemon, which can be exploited to send otherwise restricted tweets by sending a direct request to a system daemon.
23) Multiple errors exist in the WebKit component.
24) Multiple errors within the WebKit component can be exploited to cause memory corruption.
25) Another error within the WebKit component can be exploited to cause memory corruption.
26) Further multiple errors within the WebKit component can be exploited to cause memory corruption.
27) Another error within the WebKit component can be exploited to cause memory corruption.
28) Another error within the WebKit component can be exploited to cause memory corruption.
29) Another error within the WebKit component can be exploited to cause memory corruption.
The weaknesses, security issue, and vulnerabilities are reported in versions prior to 7.
Solution
Upgrade to version 7.
References:
APPLE-SA-2013-09-18-2:
Secunia
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0