فا

‫ Apple iOS Multiple Vulnerabilities

IRCAD2014073397

Number: IRCAD2014073397

Date: 2014/07/01

Criticality level: highly critical

Software:

Apple iOS 7.x for iPhone 4 and later

Apple iOS for iPad 7.x

Apple iOS for iPod touch 7.x

Description

Two security issues and multiple vulnerabilities have been reported in Apple iOS, where one has an unknown impact and others can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.

1) A boundary error within the CoreGraphics component when handling XBM files can be exploited to cause a stack-based buffer overflow via a specially crafted XBM file.

2) The device does not perform proper checks during device activation, which can be exploited to bypass Activation Lock.

3) A state management error within the Lock Screen component when handling the telephony state while in Airplane Mode can be exploited to gain access to the application that was in the foreground prior to locking.

4) A use-after-free error within the Safari component when handling URLs can be exploited to cause memory corruption.

5) An error can be exploited to disclose memory.

6) The application bundles a vulnerable version of WebKit.

7) An error can be exploited to bypass the origin check.

8) An error can be exploited to spoof the domain name of a web site in the address bar.

The security issues and vulnerabilities are reported in versions prior to 7.1.2.

Solution:

Update to version 7.1.2.

Resources:

APPLE-SA-2014-06-30-3:

secunia:
 
 
 
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 11 تیر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0