‫ Apple iOS Multiple Vulnerabilities

ID: IRCAD2015043871
Release Date: 2015-04-09
Criticality level: Highly critical
Software:
Apple iOS 8.x
Description:
Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's device.
1) An error exists when handling redirects within CFNetwork HTTPProtocol.
2) An error exists when handling redirects within CFNetwork Session.
3) An input validation error exists related to URL processing within CFURL.
4) An error exists when handling XML External Entities related to NSXMLParser within Foundation, which can be exploited to disclose information to an otherwise restricted origin.
5) A boundary error exists when parsing font files within FontParser.
6) An error exists when handling iWork files within iWork Viewer.
7) An error exists when handling ICMP redirects within Kernel, which can be exploited to redirect otherwise restricted user traffic.
8) An error exists when handling certain IPv6 packets from remote network interfaces within Kernel.
9) An error exists related to user interface inconsistency in WebKit.
10) Multiple unspecified errors exist in WebKit.
11) An unspecified error exists in WebKit, which can be exploited to cause memory corruption.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
12) An error exists when handling credentials for FTP URLs in WebKit.
The vulnerabilities are reported in versions prior to 8.3.
Solution
Update to version 8.3.
References:
APPLE-SA-2015-04-08-3:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اردیبهشت 1394

امتیاز

امتیاز شما
تعداد امتیازها:0