فا

‫ Apple iOS Multiple Vulnerabilities

ID: IRCAD2015104130

Release Date: 2015-10-22

Software:

Apple iOS 9.x

Description:

Multiple security issues and some vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose potentially sensitive information and by malicious people to manipulate certain data, bypass certain security restrictions, and compromise a vulnerable device.

1) An error when handling the "Show on Lock Screen" feature within the Notification component can be exploited to disclose otherwise restricted Phone and Messages notifications.

2) An error when verifying a OCSP certificate within the OCSP client can be exploited to make an otherwise restricted, revoked certificate appear valid.

3) An error when handling kSecRevocationRequirePositiveResponse flag during revocation checks can be exploited to make an otherwise restricted trust evaluation succeed.

4) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.

5) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

6) Another unspecified error exists in WebKit, which can be exploited to cause memory corruption.

The security issues and the vulnerabilities are reported in versions prior to 9.1.

Solution

Update to version 9.1.

References:

APPLE-SA-2015-10-21-1:

https://support.apple.com/kb/HT205370

Secunia:

https://secunia.com/advisories/66968/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 13 آبان 1394

امتیاز

امتیاز شما
تعداد امتیازها: 0