‫ Apple iOS Security Issue and Multiple Vulnerabilities

 

ID: IRCAD2014093522

Release Date: 2014-09-18

Criticality level: Highly critical

Software:
Apple iOS 7.x for iPhone 4 and later
Apple iOS for iPad 7.x
Apple iOS for iPod touch 7.x
Description:

A security issue and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions and by malicious people to disclose certain sensitive information and compromise a vulnerable device.

1) An unspecified error related to unlocking behavior can be exploited to bypass the screen lock.

2) The Mail component does not properly handle the LOGINDISABLED IMAP capability. This can be exploited to disclose user credentials via e.g. Man-in-the-Middle (MitM) attacks.

3) An error exists within the Safari component.

4) An error when handling text message previews can be exploited to disclose received text messages.

5) An error within the Weather component related to API used to determine local weather can be exploited to disclose physical location of a user via Man-in-the-Middle (MitM) attacks.

6) Multiple errors exist within the WebKit component.

The security issue and vulnerabilities are reported in versions prior to 8 running on iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later.

Solution

Upgrade to version 8.

References:

APPLE-SA-2014-09-17-1:

Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 اردیبهشت 1391

امتیاز

امتیاز شما
تعداد امتیازها:0