SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
SecurityTracker Alert ID:  1029054
SecurityTracker URL:  http://securitytracker.com/id/1029054
CVE Reference:   CVE-2011-2391, CVE-2013-0957, CVE-2013-1036, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-3950, CVE-2013-3953, CVE-2013-3954, CVE-2013-3955, CVE-2013-4616, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128, CVE-2013-5129, CVE-2013-5131, CVE-2013-5134, CVE-2013-5137, CVE-2013-5138, CVE-2013-5139, CVE-2013-5140, CVE-2013-5141, CVE-2013-5142, CVE-2013-5145, CVE-2013-5149, CVE-2013-5150, CVE-2013-5151, CVE-2013-5152, CVE-2013-5153, CVE-2013-5154, CVE-2013-5155, CVE-2013-5156, CVE-2013-5157, CVE-2013-5158, CVE-2013-5159   (Links to External Site)
Date:  Sep 18 2013
Impact:   Denial of service via local system, Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. An application can obtain elevated privileges on the target system. A local user can bypass the screen lock.

A remote user on the local network can send specially crafted IPv6 ICMP packets to cause excessive CPU resource consumption on the target system [CVE-2011-2391]. Marc Heuse reported this vulnerability.

An application can bypass passcode-attempt limits to attempt to determine the target user's passcode [CVE-2013-0957]. Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption flaw in the processing of XML files and execute arbitrary code [CVE-2013-1036]. Kai Lu of Fortinet's FortiGuard Labs reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary code [CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047]. Google Chrome Security Team, own-hero Research (via iDefense VCP), Apple, and miaubiz reported this vulnerability.

A remote user that can cause arbitrary code execution may be able to cause the code to persist across reboots due to buffer overflows in the dyld openSharedCacheFile() function [CVE-2013-3950]. Stefan Esser reported this vulnerability.

An application can exploit a flaw in the mach_port_space_info API to gain kernel level privileges [CVE-2013-3953]. Stefan Esser reported this vulnerability.

An application can exploit a flaw in the posix_spawn API to gain kernel level privileges [CVE-2013-3954]. Stefan Esser reported this vulnerability.

A user that can mount a non-HFS filesystem can exploit a flaw in the processing of AppleDouble files to execute arbitrary with kernel privileges [CVE-2013-3955]. Stefan Esser reported this vulnerability.

A remote user may be able to exploit a flaw in the generation of Personal Hotspot passwords to predict the password and join the target user's Personal Hotspot [CVE-2013-4616]. Andreas Kurtz of NESO Security Labs and Daniel Metz of University Erlangen-Nuremberg reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption flaw in WebKit and execute arbitrary code [CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128] Google Chrome Security Team and Apple reported this vulnerability.

Dragging or pasting a selection may allow cross-site scripting attacks [CVE-2013-5129]. Mario Heiderich reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will execute arbitrary scripting code in the context of another site [CVE-2013-5131]. Erling A Ellingsen reported this vulnerability.

A remote user that can intercept network traffic may be able to use a TrustWave sub-CA certificate to access user credentials or other sensitive information [CVE-2013-5134].

A background application can inject user interface events into the foreground application [CVE-2013-5137]. Mackenzie Straight at Mobile Labs reported this vulnerability.

An application can trigger a null pointer dereference in IOCatalogue and cause the system to crash [CVE-2013-5138]. Will Estes reported this vulnerability.

An application can trigger an array access flaw in the IOSerialFamily driver and execute arbitrary code with kernel privileges [CVE-2013-5139]. @dent1zt reported this vulnerability.

A remote user can send a specially crafted packet fragment to cause the target device to restart [CVE-2013-5140]. Joonas Kuorilehto of Codenomicon, an anonymous
researcher (via CERT-FI), Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, and Stonesoft reported this vulnerability.

An application can trigger an integer truncation flaw to cause the CPU to enter an infinite loop [CVE-2013-5141]. CESG reported this vulnerability.

An application can exploit a flaw in the msgctl and segctl APIs to access the contents of kernel stack memory [CVE-2013-5142]. Kenzley Alphonse of Kenx Technology, Inc reported this vulnerability.

An application can exploit a flaw in kextd in the handling of IPC messages from unauthenticated senders [CVE-2013-5145]. "Rainbow PRISM" reported this vulnerability.

An application may be able to access a push notification token when the user has not provided permission [CVE-2013-5149]. Jack Flintermann of Grouper, Inc. reported this vulnerability.

A physically local user can view the history of pages recently visited in an open tab after clearing the Safari history [CVE-2013-5150].

A remote user can create a specially crafted web site file rendered with the 'Content-Type: text/plain' header that, when viewed by the target user, will allow cross-site scripting attacks [CVE-2013-5151]. Ben Toews of Github reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will display an arbitrary URL [CVE-2013-5152]. Keita Haga of keitahaga.com and Lukasz Pilorz of RBS reported this vulnerability.

A physically local user with a device in Lost Mode may be able to view notifications [CVE-2013-5153]. Daniel Stangroom reported this vulnerability.

Script applications are not properly sandboxed. An application may be able to run without a sandbox [CVE-2013-5154]. evad3rs reported this vulnerability.

An application can write specific values to the /dev/random device to cause the CPU to enter an infinite loop [CVE-2013-5155]. CESG reported this vulnerability.

An application can exploit a flaw in the telephony subsystem to to bypass supported APIs and control or interfere with the telephony daemon [CVE-2013-5156]. Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University reported this vulnerability. Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology also reported this vulnerability.

An application can exploit a flaw in the Twitter subsystem to bypass supported APIs and control or interfere with the Twitter system daemon [CVE-2013-5157]. Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University reported this vulnerability. Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology also reported this vulnerability.

On systems with no passcode, a user can exploit a flaw in the Twitter icon cache determine the Twitter accounts that the target user had recently interacted with [CVE-2013-5158]. Jonathan Zdziarski reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in the the window.webkitRequestAnimationFrame() API and obtain information from the target user's system [CVE-2013-5159].

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can cause denial of service conditions.

A remote user can conduct cross-site scripting attacks.

A remote user can obtain potentially sensitive information.

An application can obtain elevated privileges on the target system.

A local user can bypass the screen lock.

Solution:   The vendor has issued a fix (7).

The vendor's advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT1222 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 20 2013 (Apple Issues Fix for Apple TV) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for Apple TV.
Oct 23 2013 (Apple Issues Fix for iTunes) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for iTunes.
Oct 23 2013 (Apple Issues Fix for Safari) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for Safari.
Jan 23 2014 (Apple Issues Fix for Apple iTunes) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for Apple iTunes.
Oct 17 2014 (Apple Issues Fix for OS X) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for OS X.
Oct 17 2014 (Apple Issues Fix for OS X) Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Deny Service, Obtain Information, and Conduct Cross-Site Scripting Attacks and Let Applications Gain Elevated Privileges
Apple has issued a fix for OS X.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC