Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious, local users to disclose system information and gain escalated privileges, by malicious people to disclose potentially sensitive information, conducts spoofing attacks, and compromise a user's device, and by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions.
1) An error in CFNetwork when handling certain URLs can be exploited to submit data to an incorrect hostname.
2) Some vulnerabilities exist in the bundled version of FreeType.
Provided and/or discovered by: 8, 28) Reported by the vendor.
The vendor also credits:
1) Erling Ellingsen, Facebook
3) Will Dormann, CERT/CC
4) Mark Wuergler, Immunity, Inc.
7) Phil, PKJE Consulting
9, 10) iOS Jailbreak Dream Team
11) Dan Rosenberg
13) Angelo Prado, salesforce.com Product Security Team
14) Stephen Prairie, Travelers Insurance, Erich Stuntebeck of AirWatch
15) Anonymous person
16) Rodney S. Foley, Gnomesoft, LLC
17) Salvatore Cataudella, Open Systems Technologies
19) Chris Lawrence, DBB
20, 24) Ian Vitek, 2Secure AB
21, 22) Ade Barkah, BlueWax Inc.
23) Sebastian Spanninger, Austrian Federal Computing Centre (BRZ)
25) Kevin Makens, Redwood High School
26) Boku Kihara, Lepidum
27) Dan Poltawski, Moodle
29, 30) pod2g
31) Ben Smith, Box
Original Advisory: Apple:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Apple iOS Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.