SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Apple iOS Vendors:   Apple Computer
Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
SecurityTracker Alert ID:  1029054
SecurityTracker URL:  http://securitytracker.com/id/1029054
CVE Reference:   CVE-2011-2391, CVE-2013-0957, CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-3950, CVE-2013-3953, CVE-2013-3954, CVE-2013-3955, CVE-2013-4616, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5131, CVE-2013-5134, CVE-2013-5137, CVE-2013-5138, CVE-2013-5139, CVE-2013-5140, CVE-2013-5141, CVE-2013-5142, CVE-2013-5145, CVE-2013-5149, CVE-2013-5150, CVE-2013-5151, CVE-2013-5152, CVE-2013-5153, CVE-2013-5154, CVE-2013-5155, CVE-2013-5156, CVE-2013-5157, CVE-2013-5158, CVE-2013-5159   (Links to External Site)
Date:  Sep 18 2013
Impact:   Denial of service via local system, Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. An application can obtain elevated privileges on the target system. A local user can bypass the screen lock.

A remote user on the local network can send specially crafted IPv6 ICMP packets to cause excessive CPU resource consumption on the target system [CVE-2011-2391]. Marc Heuse reported this vulnerability.

An application can bypass passcode-attempt limits to attempt to determine the target user's passcode [CVE-2013-0957]. Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption flaw in the processing of XML files and execute arbitrary code [CVE-2013-1036]. Kai Lu of Fortinet's FortiGuard Labs reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code [CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047]. Google Chrome Security Team, own-hero Research (via iDefense VCP), Apple, and miaubiz reported this vulnerability.

A remote user that can cause arbitrary code execution may be able to cause the code to persist across reboots due to buffer overflows in the dyld openSharedCacheFile() function [CVE-2013-3950]. Stefan Esser reported this vulnerability.

An application can exploit a flaw in the mach_port_space_info API to gain kernel level privileges [CVE-2013-3953]. Stefan Esser reported this vulnerability.

An application can exploit a flaw in the posix_spawn API to gain kernel level privileges [CVE-2013-3954]. Stefan Esser reported this vulnerability.

A user that can mount a non-HFS filesystem can exploit a flaw in the processing of AppleDouble files to execute arbitrary with kernel privileges [CVE-2013-3955]. Stefan Esser reported this vulnerability.

A remote user may be able to exploit a flaw in the generation of Personal Hotspot passwords to predict the password and join the target user's Personal Hotspot [CVE-2013-4616]. Andreas Kurtz of NESO Security Labs and Daniel Metz of University Erlangen-Nuremberg reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption flaw in WebKit and execute arbitrary code [CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128] Google Chrome Security Team and Apple reported this vulnerability.

Dragging or pasting a selection may allow cross-site scripting attacks [CVE-2013-5129]. Mario Heiderich reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary scripting code in the context of another site [CVE-2013-5131]. Erling A Ellingsen reported this vulnerability.

A remote user that can intercept network traffic may be able to use a TrustWave sub-CA certificate to access user credentials or other sensitive information [CVE-2013-5134].

A background application can inject user interface events into the foreground application [CVE-2013-5137]. Mackenzie Straight at Mobile Labs reported this vulnerability.

An application can trigger a null pointer dereference in IOCatalogue and cause the system to crash [CVE-2013-5138]. Will Estes reported this vulnerability.

An application can trigger an array access flaw in the IOSerialFamily driver and execute arbitrary code with kernel privileges [CVE-2013-5139]. @dent1zt reported this vulnerability.

A remote user can send a specially crafted packet fragment to cause the target device to restart [CVE-2013-5140]. Joonas Kuorilehto of Codenomicon, an anonymous
researcher (via CERT-FI), Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, and Stonesoft reported this vulnerability.

An application can trigger an integer truncation flaw to cause the CPU to enter an infinite loop [CVE-2013-5141]. CESG reported this vulnerability.

An application can exploit a flaw in the msgctl and segctl APIs to access the contents of kernel stack memory [CVE-2013-5142]. Kenzley Alphonse of Kenx Technology, Inc reported this vulnerability.

An application can exploit a flaw in kextd in the handling of IPC messages from unauthenticated senders [CVE-2013-5145]. "Rainbow PRISM" reported this vulnerability.

An application may be able to access a push notification token when the user has not provided permission [CVE-2013-5149]. Jack Flintermann of Grouper, Inc. reported this vulnerability.

A physically local user can view the history of pages recently visited in an open tab after clearing the Safari history [CVE-2013-5150].

A remote user can create a specially crafted web site file rendered with the 'Content-Type: text/plain' header that, when viewed by the target user, will allow cross-site scripting attacks [CVE-2013-5151]. Ben Toews of Github reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will display an arbitrary URL [CVE-2013-5152]. Keita Haga of keitahaga.com and Lukasz Pilorz of RBS reported this vulnerability.

A physically local user with a device in Lost Mode may be able to view notifications [CVE-2013-5153]. Daniel Stangroom reported this vulnerability.

Script applications are not properly sandboxed. An application may be able to run without a sandbox [CVE-2013-5154]. evad3rs reported this vulnerability.

An application can write specific values to the /dev/random device to cause the CPU to enter an infinite loop [CVE-2013-5155]. CESG reported this vulnerability.

An application can exploit a flaw in the telephony subsystem to to bypass supported APIs and control or interfere with the telephony daemon [CVE-2013-5156]. Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University reported this vulnerability. Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology also reported this vulnerability.

An application can exploit a flaw in the Twitter subsystem to bypass supported APIs and control or interfere with the Twitter system daemon [CVE-2013-5157]. Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University reported this vulnerability. Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology also reported this vulnerability.

On systems with no passcode, a user can exploit a flaw in the Twitter icon cache determine the Twitter accounts that the target user had recently interacted with [CVE-2013-5158]. Jonathan Zdziarski reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in the the window.webkitRequestAnimationFrame() API and obtain information from the target user's system [CVE-2013-5159].

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can cause denial of service conditions.

A remote user can conduct cross-site scripting attacks.

A remote user can obtain potentially sensitive information.

An application can obtain elevated privileges on the target system.

A local user can bypass the screen lock.

Solution:   The vendor has issued a fix (7).

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT1222 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error, Input validation error, State error
Underlying OS:  

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 20 2013 (Apple Issues Fix for Apple TV) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for Apple TV.
Oct 23 2013 (Apple Issues Fix for iTunes) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for iTunes.
Oct 23 2013 (Apple Issues Fix for Safari) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for Safari.
Jan 23 2014 (Apple Issues Fix for Apple iTunes) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for Apple iTunes.



 Source Message Contents

Date:  Wed, 18 Sep 2013 22:20:09 +0000
Subject:  Apple iOS


Excerpt from APPLE-SA-2013-09-18-2 iOS 7

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker on a local network can cause a denial of service
Description:  An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse

Data Protection
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Apps could bypass passcode-attempt restrictions
Description:  A privilege separation issue existed in Data
Protection. An app within the third-party sandbox could repeatedly
attempt to determine the user's passcode regardless of the user's
"Erase Data" setting. This issue was addressed by requiring
additional entitlement checks.
CVE-ID
CVE-2013-0957 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
XML files. This issue was addressed through additional bounds
checking.
CVE-ID
CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz

dyld
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description:  Multiple buffer overflows existed in dyld's
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description:  An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description:  A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser

File Systems
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker who can mount a non-HFS filesystem may be able
to cause an unexpected system termination or arbitrary code execution
with kernel privileges
Description:  A memory corruption issue existed in the handling of
AppleDouble files. This issue was addressed by removing support for
AppleDouble files.
CVE-ID
CVE-2013-3955 : Stefan Esser

Personal Hotspot
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker may be able to join a Personal Hotspot network
Description:  An issue existed in the generation of Personal Hotspot
passwords, resulting in passwords that could be predicted by an
attacker to join a user's Personal Hotspot. The issue was addressed
by generating passwords with higher entropy.
CVE-ID
CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz
of University Erlangen-Nuremberg

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Dragging or pasting a selection may lead to a cross-site
scripting attack
Description:  Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation.
CVE-ID
CVE-2013-5129 : Mario Heiderich

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description:  A cross-site scripting issue existed in the handling of
URLs. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5131 : Erling A Ellingsen

Data Security
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description:  TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X's list of untrusted certificates.
CVE-ID
CVE-2013-5134

IOKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Background applications could inject user interface events
into the foreground app
Description:  It was possible for background applications to inject
user interface events into the foreground application using the task
completion or VoIP APIs. This issue was addressed by enforcing access
controls on foreground and background processes that handle interface
events.
CVE-ID
CVE-2013-5137 : Mackenzie Straight at Mobile Labs

IOKitUser
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious local application could cause an unexpected
system termination
Description:  A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes

IOSerialFamily
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Executing a malicious application may result in arbitrary
code execution within the kernel
Description:  An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A remote attacker can cause a device to unexpectedly restart
Description:  Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious local application could cause device hang
Description:  An integer truncation vulnerability in the kernel
socket interface could be leveraged to force the CPU into an infinite
loop. The issue was addressed by using a larger sized variable.
CVE-ID
CVE-2013-5141 : CESG

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Kernel stack memory may be disclosed to local users
Description:  An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc

Kext Management
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An unauthorized process may modify the set of loaded kernel
extensions
Description:  An issue existed in kextd's handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : "Rainbow PRISM"

Passcode Lock
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to the device may be able to
bypass the screen lock
Description:  A race condition issue existed in the handling of phone
calls and SIM card ejection at the lock screen. This issue was
addressed through improved lock state management.
CVE-ID
CVE-2013-5147 : videosdebarraquito

Push Notifications
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  The push notification token may be disclosed to an app
contrary to the user's decision
Description:  An information disclosure issue existed in push
notification registration. Apps requesting access to the push
notification access received the token before the user approved the
app's use of push notifications. This issue was addressed by
withholding access to the token until the user has approved access.
CVE-ID
CVE-2013-5149 : Jack Flintermann of Grouper, Inc.

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  History of pages recently visited in an open tab may remain
after clearing of history
Description:  Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing files on a website may lead to script execution even
when the server sends a 'Content-Type: text/plain' header
Description:  Mobile Safari sometimes treated files as HTML files
even when the server sent a 'Content-Type: text/plain' header. This
may lead to cross-site scripting on sites that allow users to upload
files. This issue was addressed through improved handling of files
when 'Content-Type: text/plain' is set.
CVE-ID
CVE-2013-5151 : Ben Toews of Github

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a malicious website may allow an arbitrary URL to
be displayed
Description:  A URL bar spoofing issue existed in Mobile Safari. This
issue was addressed through improved URL tracking.
CVE-ID
CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS

Springboard
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to a device in Lost Mode may
be able to view notifications
Description:  An issue existed in the handling of notifications when
a device is in Lost Mode. This update addresses the issue with
improved lock state management.
CVE-ID
CVE-2013-5153 : Daniel Stangroom

Sandbox
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Applications that are scripts were not sandboxed
Description:  Third-party applications which used the #! syntax to
run a script were sandboxed based on the identity of the script
interpreter, not the script. The interpreter may not have a sandbox
defined, leading to the application being run unsandboxed. This issue
was addressed by creating the sandbox based on the identity of the
script.
CVE-ID
CVE-2013-5154 : evad3rs

Sandbox
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Applications can cause a system hang
Description:  Malicious third-party applications that wrote specific
values to the /dev/random device could force the CPU to enter an
infinite loop. This issue was addressed by preventing third-party
applications from writing to /dev/random.
CVE-ID
CVE-2013-5155 : CESG

Telephony
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Malicious apps could interfere with or control telephony
functionality
Description:  An access control issue existed in the telephony
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
telephony functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the telephony daemon.
CVE-ID
CVE-2013-5156 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology

Twitter
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Sandboxed apps could send tweets without user interaction or
permission
Description:  An access control issue existed in the Twitter
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
Twitter functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the Twitter daemon.
CVE-ID
CVE-2013-5157 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology

Social
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Users recent Twitter activity could be disclosed on devices
with no passcode.
Description:  An issue existed where it was possible to determine
what Twitter accounts a user had recently interacted with. This issue
was resolved by restricting access to the Twitter icon cache.
CVE-ID
CVE-2013-5158 : Jonathan Zdziarski

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a malicious website may lead to information
disclosure
Description:  An information disclosure issue existed in the handling
of the window.webkitRequestAnimationFrame() API. A maliciously
crafted website could use an iframe to determine if another site used
window.webkitRequestAnimationFrame(). This issue was addressed
through improved handling of window.webkitRequestAnimationFrame().
CVE-ID
CVE-2013-5159





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC