Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Apple iOS Multiple Vulnerabilities

-

Release Date:  2013-09-19    Last Update:  2013-09-20    Views:  4,170

Secunia Advisory SA54886

Where:

From remote

Impact:

Security Bypass, Cross Site Scripting, Spoofing, Brute force, Exposure of sensitive information, DoS, System access

Solution Status:

Unpatched

CVE Reference(s):

Description


Multiple weaknesses, a security issue, and some vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose sensitive information, conduct brute-force, spoofing, and cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable device.

1) A boundary error exists in the CoreGraphics component.

For more information:
SA54829 (#4)

2) A boundary error exists in the CoreMedia component.

For more information:
SA53520 (#6)

3) A boundary error exists in the ImageIO component.

For more information:
SA54829 (#5)

4) An error when handling interface events related to foreground and background processes within the IOKit component can be exploited to inject events to otherwise restricted foreground processes via the task completion or VoIP APIs.

5) A boundary error within the IOSerialFamily component can be exploited to bypass certain application restrictions and execute arbitrary code within the kernel.

6) An error exists within the IPSec component.

For more information:
SA54829 (#6)

7) An error when handling certain packet fragments within the Kernel component can be exploited to cause a device to restart by sending specially crafted packet fragments.

8) An error when handling IPv6 ICMP packets within the Kernel component can be exploited to cause a high CPU load.

9) A boundary error when handling arguments to the posix_spawn API within the Kernel component can be exploited to bypass certain process restrictions and subsequently execute arbitrary code with kernel privileges.

10) An error within the Kext Management component does not properly verify authorisation, which can be exploited to bypass certain process restrictions and subsequently modify the set of loaded kernel extensions.

11) Multiple errors exists in the libxml component.

For more information:
SA48000
SA49177
SA50092

12) Multiple errors exist in the libxslt component.

For more information:
SA49724 (#20)
SA50447 (#5)

13) A race condition error when handling phone calls and SIM card ejection within the Passcode Lock component can be exploited to bypass the passcode lock.

This may be related to weakness #1 in:
SA52173

14) An error when generating passwords with weak entropy within the Personal Hotspot component can potentially be exploited to gain knowledge of the Personal Hotspot password via brute-force attacks.

15) An error within the Push Notifications component does not properly restrict access to a push notification token, which can be exploited to gain access to otherwise restricted push notifications.

16) A boundary error within the Safari component when handling XML files can be exploited to corrupt memory and execute arbitrary code.

17) An error within the Safari component when handling "Content-Type: text/plain" headers can potentially be exploited to conduct cross-site scripting attacks.

18) An error within the Safari component can be exploited to display an arbitrary URL in the URL bar.

19) An error within the Sandbox component when handling scripts can be exploited to bypass sandbox restrictions.

20) An error within the Springboard component does not properly restrict access to notifications on a device in Lost Mode, which can be exploited to view otherwise restricted notifications.

21) An error within the Telephony component does not properly restrict access to interfaces exposed by the telephony daemon, which can be exploited to interfere with or control telephony functionality by sending a direct request to a system daemon.

22) An error within the Twitter component does not properly restrict access to to interfaces exposed by the Twitter daemon, which can be exploited to send otherwise restricted tweets by sending a direct request to a system daemon.

23) Multiple errors exist in the WebKit component.

For more information:
SA52761 (#8)
SA53471 (#3)
SA53430 (#5 and #11)
SA53711 (#4)

24) Multiple errors within the WebKit component can be exploited to cause memory corruption.

25) Another error within the WebKit component can be exploited to cause memory corruption.

26) Further multiple errors within the WebKit component can be exploited to cause memory corruption.

27) Another error within the WebKit component can be exploited to cause memory corruption.

28) Another error within the WebKit component can be exploited to cause memory corruption.

29) Another error within the WebKit component can be exploited to cause memory corruption.

The weaknesses, security issue, and vulnerabilities are reported in versions prior to 7.


Solution:
Upgrade to version 7.

Provided and/or discovered by:
7) Antti Levomäki and Lauri Virtanen, Vulnerability Analysis Group, Stonesoft, Joonas Kuorilehto, Codenomicon, and an anonymous person via CERT-FI
26) Reported by the vendor

The vendor credits:
4) Mackenzie Straight, Mobile Labs
5) @dent1zt
6) Alexander Traud, www.traud.de
8) Marc Heuse
9) Stefan Esser
10) Rainbow PRISM
13) videosdebarraquito
14) Andreas Kurtz, NESO Security Labs and Daniel Metz, University Erlangen-Nuremberg
15) Jack Flintermann, Grouper, Inc.
16) Kai Lu, Fortinet's FortiGuard Labs
17) Ben Toews, Github
18) Keita Haga, keitahaga.com, Lukasz Pilorz, RBS
19) evad3rs
20) Daniel Stangroom
21, 22) Jin Han, Institute for Infocomm Research, Qiang Yan and Su Mon Kywe, Singapore Management University, and Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee, Georgia Institute of Technology
24) Google Security Team
25) own-hero Research via iDefense VCP
27) miaubiz
28) Mario Heiderich
29) Erling A Ellingsen

Original Advisory:
APPLE-SA-2013-09-18-2:
http://support.apple.com/kb/HT5934

CERT-FI:
http://www.cert.fi/en/reports/2013/vulnerability722403.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Apple iOS Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability