Home / vulnerabilitiesPDF  

Apple Security Advisory 2015-06-30-1

Posted on 01 July 2015
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile app may prevent
apps from launching
Description: An issue existed in the install logic for universal
provisioning profile apps, which allowed a collision to occur with
existing bundle IDs. This issue was addressed through improved
collision checking.
CVE-ID
CVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from
FireEye, Inc.

Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to intercept network traffic
Description: An intermediate certificate was incorrectly issued by
the certificate authority CNNIC. This issue was addressed through the
addition of a mechanism to trust only a subset of certificates issued
prior to the mis-issuance of the intermediate. Further details are
available at https://support.apple.com/en-us/HT204938

Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT204132

CFNetwork HTTPAuthentication
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Following a maliciously crafted URL may lead to arbitrary
code execution
Description: A memory corruption issue existed in handling of
certain URL credentials. This issue was addressed with improved
memory handling.
CVE-ID
CVE-2015-3684 : Apple

CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of ICC profiles. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-3723 : chaithanya (SegFault) working with HP's Zero Day
Initiative
CVE-2015-3724 : WanderingGlitch of HP's Zero Day Initiative

CoreText
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted text file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of text files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-1157
CVE-2015-3685 : Apple
CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3689 : Apple

coreTLS
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: coreTLS accepted short ephemeral Diffie-Hellman (DH)
keys, as used in export-strength ephemeral DH cipher suites. This
issue, also known as Logjam, allowed an attacker with a privileged
network position to downgrade security to 512-bit DH if the server
supported an export-strength ephemeral DH cipher suite. The issue was
addressed by increasing the default minimum size allowed for DH
ephemeral keys to 768 bits.
CVE-ID
CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck

DiskImages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-ID
CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative

FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of font files. These issues were addressed through
improved input validation.
CVE-ID
CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team

ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .tiff file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the processing of
.tiff files. This issue was addressed with improved bounds checking.
CVE-ID
CVE-2015-3703 : Apple

ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities exist in libtiff, the most serious
of which may lead to arbitrary code execution
Description: Multiple vulnerabilities existed in libtiff versions
prior to 4.0.4. They were addressed by updating libtiff to version
4.0.4.
CVE-ID
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130

Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory management issue existed in the handling of
HFS parameters which could have led to the disclosure of kernel
memory layout. This issue was addressed through improved memory
management.
CVE-ID
CVE-2015-3721 : Ian Beer of Google Project Zero

Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted email can replace the message content
with an arbitrary webpage when the message is viewed
Description: An issue existed in the support for HTML email which
allowed message content to be refreshed with an arbitrary webpage.
The issue was addressed through restricted support for HTML content.
CVE-ID
CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek

MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile app can prevent a
Watch app from launching
Description: An issue existed in the install logic for universal
provisioning profile apps on the Watch which allowed a collision to
occur with existing bundle IDs. This issue was addressed through
improved collision checking.
CVE-ID
CVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from
FireEye, Inc.

Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may compromise user
information on the filesystem
Description: A state management issue existed in Safari that allowed
unprivileged origins to access contents on the filesystem. This issue
was addressed through improved state management.
CVE-ID
CVE-2015-1155 : Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative

Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to account
takeover
Description: An issue existed where Safari would preserve the Origin
request header for cross-origin redirects, allowing malicious
websites to circumvent CSRF protections. The issue was addressed
through improved handling of redirects.
CVE-ID
CVE-2015-3658 : Brad Hill of Facebook

Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: An integer overflow existed in the Security framework
code for parsing S/MIME e-mail and some other signed or encrypted
objects. This issue was addressed through improved validity checking.
CVE-ID
CVE-2013-1741

SQLite
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: Multiple buffer overflows existed in SQLite's printf
implementation. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative

Telephony
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted SIM cards may lead to arbitrary code
execution
Description: Multiple input validation issues existed in the parsing
of SIM/UIM payloads. These issues were addressed through improved
payload validation.
CVE-ID
CVE-2015-3726 : Matt Spisak of Endgame

WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website by clicking a link may lead to
user interface spoofing
Description: An issue existed in the handling of the rel attribute
in anchor elements. Target objects could get unauthorized access to
link objects. This issue was addressed through improved link type
adherence.
CVE-ID
CVE-2015-1156 : Zachary Durber of Moodle

WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1152 : Apple
CVE-2015-1153 : Apple

WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: An insufficient comparison issue existed in SQLite
authorizer which allowed invocation of arbitrary SQL functions. This
issue was addressed with improved authorization checks.
CVE-ID
CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative

WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted website can access the WebSQL
databases of other websites
Description: An issue existed in the authorization checks for
renaming WebSQL tables which could have allowed a maliciously crafted
website to access databases belonging to other websites. This was
addressed through improved authorization checks.
CVE-ID
CVE-2015-3727 : Peter Rutenbar working with HP's Zero Day Initiative

WiFi Connectivity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: iOS devices may auto-associate with untrusted access points
advertising a known ESSID but with a downgraded security type
Description: An insufficient comparison issue existed in WiFi
manager's evaluation of known access point advertisements. This issue
was addressed through improved matching of security parameters.
CVE-ID
CVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig
Young from TripWire

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.4".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVkr+6AAoJEBcWfLTuOo7tfDwP/1db2KLgQP+Pyb6av5awgS4m
hQul1ihU0JO8jAI2ww345v6jMFq7MIAs82DobbRwqtI97aTep5bieqr5qUautlFz
NtC4VQ5PsAyEoTo0cOSpvFOV3av6BdwFeNTI4w39n+bvKn6YUSJD0zswknUtI/G7
lpFx/KxvKBkXBhWWCg3cyVlo3Jap88svlyh9MZ+C0BYFyjZ+ZjYMlDZ6FdzRyBxI
4RHaXUFrtMQk3JAeIadSbevOH2mUwlCB9vDmFOC5BFTrMYV8nd3gyXMy924wLQli
l3gtx+Kgq3+i71Zay7HGmshv06vZop8X82fC/lNZmTQFfNABLLug0ve0tLH9+IRm
516Yb4UxUZ51Pnhbv1wvwqATGoJpK4oFXHsTx0rCVpkcxGMLmeYRyaxQYBUzh+ns
+9tcuqIBsvVudY8LGAF4yUxkmt2K5N6mqu9x+KqVmiI9M7DbBoc+AUNVJpoiEGmt
qB/eqkpGYKvHal3UEV6P3sSM3gBrzb5aFYNa8R31/cE8U+INeKTwd99KNoixJa9y
/rNOSnuwKsuD33NFUpOJo/MW70ts3BrjN8eIvtnZ7/GHVljkQde7LCCJ2k2iQWTW
lp+C5jWsR/2qXoCkG1p2oipBP/2OKo9wRzklkOo+1LJiWY18r/FlRMWqfkFUyMrK
+NEpxWhe8ytzIFIkrXDt
=iv++
-----END PGP SIGNATURE-----

 

TOP