‫ Apple iOS Multiple Vulnerabilities


Number: IRCAD2014073397

Date: 2014/07/01

Criticality level: highly critical


Apple iOS 7.x for iPhone 4 and later

Apple iOS for iPad 7.x

Apple iOS for iPod touch 7.x


Two security issues and multiple vulnerabilities have been reported in Apple iOS, where one has an unknown impact and others can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.

1) A boundary error within the CoreGraphics component when handling XBM files can be exploited to cause a stack-based buffer overflow via a specially crafted XBM file.

2) The device does not perform proper checks during device activation, which can be exploited to bypass Activation Lock.

3) A state management error within the Lock Screen component when handling the telephony state while in Airplane Mode can be exploited to gain access to the application that was in the foreground prior to locking.

4) A use-after-free error within the Safari component when handling URLs can be exploited to cause memory corruption.

5) An error can be exploited to disclose memory.

6) The application bundles a vulnerable version of WebKit.

7) An error can be exploited to bypass the origin check.

8) An error can be exploited to spoof the domain name of a web site in the address bar.

The security issues and vulnerabilities are reported in versions prior to 7.1.2.


Update to version 7.1.2.





بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 11 تیر 1393


امتیاز شما
تعداد امتیازها:0