Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Apple iOS Multiple Vulnerabilities

-

Description


Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.

1) An error when handling a validation failure of a AppleID certificate within the IdentityService can be exploited to potentially bypass the certificate-based AppleID authentication via an invalid AppleID certificate.

2) An error exists in International Components for Unicode.

For more information see vulnerability #2 in:
SA48618

3) An input validation error within the kernel can be exploited to bypass the validation check by using a pointer length of less than a page and access the first page of kernel memory.

4) An error when handling the JavaScript preferences of Safari in StoreKit can be exploited to re-enable JavaScript without user notice by visiting a site displaying a Smart App Banner.

5) Multiple vulnerabilities are caused due to a bundled vulnerable version of WebKit.

For more information:
SA49724
SA50105
SA50577

6) An unspecified error within WebKit can be exploited to corrupt memory.

7) Another unspecified error within WebKit can be exploited to corrupt memory.

8) Another unspecified error within WebKit can be exploited to corrupt memory.

9) Another unspecified error within WebKit can be exploited to corrupt memory.

10) Another unspecified error within WebKit can be exploited to corrupt memory.

11) Another unspecified error within WebKit can be exploited to corrupt memory.

12) Another unspecified error within WebKit can be exploited to corrupt memory.

13) Another unspecified error within WebKit can be exploited to corrupt memory.

14) Another unspecified error within WebKit can be exploited to corrupt memory.

15) Another unspecified error within WebKit can be exploited to corrupt memory.

16) Another unspecified error within WebKit can be exploited to corrupt memory.

17) Another unspecified error within WebKit can be exploited to corrupt memory.

Successful exploitation of vulnerabilities #3 and #5 through #17 may allow execution of arbitrary code.

18) Certain input pasted from a different origin is not properly sanitised in WebKit before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

19) Certain unspecified input related to frame handling is not properly sanitised before being returned to the user.

For more information see vulnerability #1 in:
SA50759

NOTE: Additionally a weakness exists within the handling of 802.11i information elements within Broadcom's BCM4325 and BCM4329 firmware, which can be exploited to disable WiFi.


Solution:
Apply iOS 6.1 Software Update.

Provided and/or discovered by:
1, 9, 13, and 14) Reported by the vendor

The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison, BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53

Original Advisory:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple iOS Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability