SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
SecurityTracker Alert ID:  1033275
SecurityTracker URL:  http://securitytracker.com/id/1033275
CVE Reference:   CVE-2015-3756, CVE-2015-3758, CVE-2015-3759, CVE-2015-3763, CVE-2015-3766, CVE-2015-3768, CVE-2015-3776, CVE-2015-3778, CVE-2015-3782, CVE-2015-3784, CVE-2015-3793, CVE-2015-3795, CVE-2015-3796, CVE-2015-3797, CVE-2015-3798, CVE-2015-3800, CVE-2015-3802, CVE-2015-3803, CVE-2015-3804, CVE-2015-3805, CVE-2015-3806, CVE-2015-3807, CVE-2015-5746, CVE-2015-5749, CVE-2015-5752, CVE-2015-5755, CVE-2015-5756, CVE-2015-5757, CVE-2015-5758, CVE-2015-5759, CVE-2015-5761, CVE-2015-5766, CVE-2015-5769, CVE-2015-5770, CVE-2015-5773, CVE-2015-5774, CVE-2015-5775, CVE-2015-5776, CVE-2015-5777, CVE-2015-5778, CVE-2015-5781, CVE-2015-5782   (Links to External Site)
Date:  Aug 14 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.4.1
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions on the target system. A local user can bypass security restrictions. An application can gain elevated privileges. A remote user can obtain potentially sensitive information on the target system.

An application can supply a specially crafted afc command to exploit a symlink flaw and access ostensibly protected parts of the filesystem [CVE-2015-5746].

An application can exploit a path traversal flaw in AirTraffic to access ostensibly protected parts of the filesystem [CVE-2015-5766].

An application can exploit a symlink flaw in Backup to access ostensibly protected parts of the filesystem [CVE-2015-5752].

A remote Wi-Fi network can exploit a flaw in bootp to determine networks that a target device has previously accessed [CVE-2015-3778].

A remote user in a privileged network position can, in conjunction with a physically local user can accept untrusted certificates via the lock screen [CVE-2015-3756].

An application can access the iCloud user record of a previously signed in user [CVE-2015-3782].

An application can exploit a flaw in the third-party app sandbox profile to read the managed preferences of other apps [CVE-2015-3793, CVE-2015-5749].

An application can exploit a code signing flaw to execute unsigned code [CVE-2015-3803, CVE-2015-3806].

A local user can exploit a code signing flaw to execute unsigned code [CVE-2015-3802, CVE-2015-3805].

A remote user can create a specially crafted movie file that, when viewed by the target user, will trigger a memory corruption error in CoreMedia Playback and execute arbitrary code [CVE-2015-5777, CVE-2015-5778].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in CoreText and execute arbitrary code [CVE-2015-5755, CVE-2015-5761].

A remote user can create a specially crafted DMG image file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-3800].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in FontParser and execute arbitrary code [CVE-2015-3804, CVE-2015-5756, CVE-2015-5775].

A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a memory corruption error in ImageIO and execute arbitrary code [CVE-2015-5758].

A remote user can create specially crafted PNG files that, when loaded by the target user, will trigger a memory initialization error in ImageIO to obtain from process memory [CVE-2015-5781].

A remote user can create a specially crafted TIFF file that, when loaded by the target user, will trigger a memory initialization error in ImageIO to obtain from process memory [CVE-2015-5782].

An application can create a specially crafted plist that, when parsed, will trigger a memory corruption error in IOKit and execute arbitrary code with system privileges [CVE-2015-3776].

A local user can trigger a buffer overflow in IOHIDFamily to execute arbitrary code with system privileges [CVE-2015-5774].

An application can trigger a flaw in the mach_port_space_info interface to obtain information about kernel memory layout [CVE-2015-3766].

An application can trigger an integer overflow in IOKit to execute arbitrary code with system privileges [CVE-2015-3768].

An application can process a specially crafted regular expression to trigger memory corruption error in the Libc TRE library and execute arbitrary code [CVE-2015-3796, CVE-2015-3797, CVE-2015-3798].

A remote user can trigger a memory corruption error in the handling of AF_INET6 sockets in Libinfo to execute arbitrary code [CVE-2015-5776].

An application can trigger a memory corruption error in the processing of syscalls in libpthread to execute arbitrary code with system privileges [CVE-2015-5757].

A remote user can create a specially crafted XML document that, when parsed, will trigger a flaw in libxml2 and disclose user information [CVE-2015-3807].

An application can issue a specially crafted XPC message to trigger a memory corruption error and execute arbitrary code with system privileges [CVE-2015-3795].

A local user can exploit a symlink flaw to modify ostensibly protected parts of the filesystem [CVE-2015-3759].

An enterprise application can exploit an install logic flaw for universal provisioning profile apps to replace extensions for other apps [CVE-2015-5770].

A remote user can create a specially crafted video that, when loaded by the target user, will trigger a flaw in the MSVDX Driver and cause the system to crash [CVE-2015-5769].

A remote user can create a specially crafted XML file that, when loaded by the target user via the Office Viewer, will trigger an XML external entity processing flaw and disclosure user information [CVE-2015-3784].

A remote user can create a specially crafted QL Office document that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-5773].

A remote web server can cause an infinite number of alert messages to be generated [CVE-2015-3763].

An application can exploit a FaceTime URL parsing flaw in WebViews to initiate FaceTime calls without user authorization [CVE-2015-3758].

A remote web server can exploit a flaw in WebKit to cause a tap event to issue a synthetic click on a different web page [CVE-2015-5759].

Phillip Moon and Matt Weston of Sandfield, Brian Simmons of Salesforce, Guillaume Ross, Andreas Weinlein of the Appthority Mobility Threat Team, Bruno Morisson of INTEGRITY S.A., Proteas of Qihoo 360 Nirvan Team, FireEye, Cererdlong of Alibaba Mobile Security Team, Mathew Rowley, Michal Zalewski, Lufeng Li of Qihoo 360, Ian Beer of Google Project Zero, Ilja van Sprundel, Cererdlong of Alibaba Mobile Security Team, @PanguTeam, TaiG Jailbreak Team, Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany, John Villamil (@day6reak), Yahoo Pentest Team, Frank Graziano of the Yahoo Pentest Team, Deepkanwal Plaha of University of Toronto, Andy Grant of NCC Group, Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project), and evad3rs reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local user can bypass security controls on the target system.

An application can gain elevated privileges on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (8.4.1).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT205030

Vendor URL:  support.apple.com/en-us/HT205030 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 16 2015 (Apple Issues Fix for Apple iTunes) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple iTunes for Windows.
Oct 16 2015 (Apple Issues Fix for Apple Keynote) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple Keynote.
Oct 16 2015 (Apple Issues Fix for Apple Pages) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple Pages.
Oct 16 2015 (Apple Issues Fix for Apple Numbers) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple Numbers.
Dec 8 2015 (Apple Issues Fix for Apple OS X) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple OS X.
Dec 9 2015 (Apple Issues Fix for Apple TV) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple TV.
Feb 25 2016 (Apple Issues Fix for Apple TV) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Deny Service and Let Apps Gain Elevated Privileges
Apple has issued a fix for Apple TV.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC