Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Apple iOS Multiple Vulnerabilities

-

Release Date:  2012-09-20    Views:  6,286

Secunia Advisory SA50586

Where:

From remote

Impact:

Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access

Solution Status:

Unpatched

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious, local users to disclose system information and gain escalated privileges, by malicious people to disclose potentially sensitive information, conducts spoofing attacks, and compromise a user's device, and by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions.

1) An error in CFNetwork when handling certain URLs can be exploited to submit data to an incorrect hostname.

2) Some vulnerabilities exist in the bundled version of FreeType.

For more information:
SA48268

3) An error in CoreMedia when processing Sorenson encoded movies can be exploited to dereference uninitialized memory.

4) An error in DHCP when connection to WiFi networks may disclose a MAC address of previously accessed networks via DNAv4 protocol.

5) ImageIO bundles a vulnerable version of LibTIFF library.

For more information:
SA43593
SA48684

6) ImageIO bundles a vulnerable version of libpng library.

For more information:
SA46148
SA48026
SA48587

7) An double-free error exists in ImageIO when processing JPEG images.

8) An error in International Components for Unicode when handling locale IDs can be exploited to cause a stack-based buffer overflow.

9) A boundary error in IPSec when loading racoon configuration files can be exploited to cause a buffer overflow.

10) An error in the kernel when handling packet filter IOCTLs can be exploited to dereference an invalid pointer.

11) An error in the kernel when related to BPF interpreter can be exploited to disclose certain memory content.

12) Some vulnerabilities exist in the bundled version of libxml library.

For more information:
SA44711
SA46632

13) An error in Mail when handling attachments can be exploited to disclose a unintended attachments via the "Content-ID" field.

14) An error in Mail within Data Protection on attachments can be exploited to access an attachment without a passcode.

15) An error in Mail when processing S/MIME signed messages does not display the correct identity of a signer and can be exploited to spoof an identity via the "From" field.

16) An error in Messages when multiple email addresses are used may result in replies being sent using the wrong address.

17) An error in Office Viewer when processing document files may result in data being stored in temporary files in a decrypted state even when data protection / encryption is enabled.

18) An error in OpenGL when performing GLSL compilation can be exploited to corrupt memory.

19) An error in Passcode Lock related to "Slide to Power Off" slider may disclose the last used third party application.

20) An error in Passcode Lock related to termination of FaceTime calls may allow bypassing the screen lock.

21) An error in Passcode Lock related to lock screen photos may disclose all photos accessible at the lock screen.

22) An error in Passcode Lock related to Emergency Dialer screen may allow making FaceTime calls and disclose user's contacts.

23) An error in Passcode Lock related to the camera usage may allow bypassing the screen lock.

24) An error in Passcode Lock related lock state management may allow bypassing the screen lock.

25) An error in Restrictions during purchase transactions may result in transaction being made without the Appled ID credentials.

26) An error in Safari when handling certain Unicode characters may allow spoofing the lock icon in the page title.

27) An error in Safari when handling password input elements with a disabled "autocomplete" attribute allowed the input to be autocompleted.

28) An error in System Logs due to weak restrictions on the "/var/log" directory can be exploited by sandboxed applications to disclose log details.

29) An error in Telephony did not properly display the return address of SMS messages.

30) An off-by-one error in Telephony when handling SMS data headers can be exploited to disable cellular activity.

31) An error in UIKit within UIWebView may result in unencrypted files being stored even when a passcode is enabled.

32) Multiple vulnerabilities exist in WebKit.

For more information:
SA46594
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058


Solution:
Upgrade to iOS 6 via Software Update.

Provided and/or discovered by:
8, 28) Reported by the vendor.

The vendor also credits:
1) Erling Ellingsen, Facebook
3) Will Dormann, CERT/CC
4) Mark Wuergler, Immunity, Inc.
7) Phil, PKJE Consulting
9, 10) iOS Jailbreak Dream Team
11) Dan Rosenberg
13) Angelo Prado, salesforce.com Product Security Team
14) Stephen Prairie, Travelers Insurance, Erich Stuntebeck of AirWatch
15) Anonymous person
16) Rodney S. Foley, Gnomesoft, LLC
17) Salvatore Cataudella, Open Systems Technologies
19) Chris Lawrence, DBB
20, 24) Ian Vitek, 2Secure AB
21, 22) Ade Barkah, BlueWax Inc.
23) Sebastian Spanninger, Austrian Federal Computing Centre (BRZ)
25) Kevin Makens, Redwood High School
26) Boku Kihara, Lepidum
27) Dan Poltawski, Moodle
29, 30) pod2g
31) Ben Smith, Box

Original Advisory:
Apple:
http://support.apple.com/kb/HT5503

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple iOS Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability