‫ Apple iOS Multiple Vulnerabilities

IRCAD2012092201
ID: IRCAD2012092201
Release Date: 2012-09-20
Criticality level: Highly critical
 
Software:
Apple iOS 5.x for iPhone 3GS and later
Apple iOS for iPad 5.x
Apple iOS for iPod touch 5.x
 
Description:
Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious, local users to disclose system information and gain escalated privileges, by malicious people to disclose potentially sensitive information, conducts spoofing attacks, and compromise a user's device, and by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions.
1) An error in CFNetwork when handling certain URLs can be exploited to submit data to an incorrect hostname.
2) Some vulnerabilities exist in the bundled version of FreeType.
3) An error in CoreMedia when processing Sorenson encoded movies can be exploited to dereference uninitialized memory.
4) An error in DHCP when connection to WiFi networks may disclose a MAC address of previously accessed networks via DNAv4 protocol.
5) ImageIO bundles a vulnerable version of LibTIFF library.
6) ImageIO bundles a vulnerable version of libpng library.
7) An double-free error exists in ImageIO when processing JPEG images.
8) An error in International Components for Unicode when handling locale IDs can be exploited to cause a stack-based buffer overflow.
9) A boundary error in IPSec when loading racoon configuration files can be exploited to cause a buffer overflow.
10) An error in the kernel when handling packet filter IOCTLs can be exploited to dereference an invalid pointer.
11) An error in the kernel when related to BPF interpreter can be exploited to disclose certain memory content.
12) Some vulnerabilities exist in the bundled version of libxml library.
13) An error in Mail when handling attachments can be exploited to disclose a unintended attachments via the "Content-ID" field.
14) An error in Mail within Data Protection on attachments can be exploited to access an attachment without a passcode.
15) An error in Mail when processing S/MIME signed messages does not display the correct identity of a signer and can be exploited to spoof an identity via the "From" field.
16) An error in Messages when multiple email addresses are used may result in replies being sent using the wrong address.
17) An error in Office Viewer when processing document files may result in data being stored in temporary files in a decrypted state even when data protection / encryption is enabled.
18) An error in OpenGL when performing GLSL compilation can be exploited to corrupt memory.
19) An error in Passcode Lock related to "Slide to Power Off" slider may disclose the last used third party application.
20) An error in Passcode Lock related to termination of FaceTime calls may allow bypassing the screen lock.
21) An error in Passcode Lock related to lock screen photos may disclose all photos accessible at the lock screen.
22) An error in Passcode Lock related to Emergency Dialer screen may allow making FaceTime calls and disclose user's contacts.
23) An error in Passcode Lock related to the camera usage may allow bypassing the screen lock.
24) An error in Passcode Lock related lock state management may allow bypassing the screen lock.
25) An error in Restrictions during purchase transactions may result in transaction being made without the Appled ID credentials.
26) An error in Safari when handling certain Unicode characters may allow spoofing the lock icon in the page title.
27) An error in Safari when handling password input elements with a disabled "autocomplete" attribute allowed the input to be autocompleted.
28) An error in System Logs due to weak restrictions on the "/var/log" directory can be exploited by sandboxed applications to disclose log details.
29) An error in Telephony did not properly display the return address of SMS messages.
30) An off-by-one error in Telephony when handling SMS data headers can be exploited to disable cellular activity.
31) An error in UIKit within UIWebView may result in unencrypted files being stored even when a passcode is enabled.
32) Multiple vulnerabilities exist in WebKit.
 
Solution
Upgrade to iOS 6 via Software Update.
 
References:
Apple:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 2 مهر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0