SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1035353
SecurityTracker URL:  http://securitytracker.com/id/1035353
CVE Reference:   CVE-2015-8659, CVE-2016-0801, CVE-2016-0802, CVE-2016-1734, CVE-2016-1740, CVE-2016-1748, CVE-2016-1750, CVE-2016-1751, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1760, CVE-2016-1761, CVE-2016-1762, CVE-2016-1763, CVE-2016-1766, CVE-2016-1775, CVE-2016-1778, CVE-2016-1779, CVE-2016-1780, CVE-2016-1781, CVE-2016-1782, CVE-2016-1783, CVE-2016-1784, CVE-2016-1785, CVE-2016-1786, CVE-2016-1788   (Links to External Site)
Date:  Mar 22 2016
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.3
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can obtain potentially sensitive information. An application can obtain elevated privileges on the target system. An application can bypass security controls on the target system.

An application can exploit a memory corruption flaw in AppleUSBNetworking to execute arbitrary code with kernel privileges [CVE-2016-1734].

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in FontParser and execute arbitrary code on the target system [CVE-2016-1740].

A remote user can exploit a flaw in nghttp2 to execute arbitrary code on the target system [CVE-2015-8659].

An application can trigger a memory corruption error to determine kernel memory layout [CVE-2016-1748].

An application can trigger a validation flaw in the kernel and cause denial of service conditions [CVE-2016-1752].

An application can trigger a use-after-free memory error in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1750].

An application can trigger an integer overflow in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1753].

An application can exploit a permissions flaw in the kernel to bypass code signing [CVE-2016-1751].

An application can trigger a race condition in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1757].

An application can trigger a null pointer dereference in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1756].

An application can trigger a memory corruption error in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1754, CVE-2016-1755].

An application can trigger an out-of-bounds memory read error to determine kernel memory layout [CVE-2016-1758].

An application can exploit an event handler validation flaw in LaunchServices in the XPC Service API to modify events from other applications [CVE-2016-1760].

A remote user can create specially crafted XML that, when loaded by the target user, will trigger a memory corruption error in libxml2 and execute arbitrary code on the target user's system [CVE-2016-1761, CVE-2016-1762].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an SMS URL parsing error and auto-fill text into other message threads [CVE-2016-1763].

A remote user that can monitor network communications and inject messages can decrypt and read attachments in certain cases [CVE-2016-1788].

The system may display an untrusted mobile device management (MDM) profile as verified due to a certification validation flaw [CVE-2016-1766].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in TrueTypeScaler and execute arbitrary code on the target user's system [CVE-2016-1775].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target user's system [CVE-2016-1778, CVE-2016-1783].

A remote user (website) can exploit a flaw in the handling of attachment URLs to track potentially sensitive user information [CVE-2016-1781].

A remote user (website) can use a hidden web page to access the target user's device orientation and device motion data [CVE-2016-1780].

A remote user (website) can supply specially crafted geolocation requests to determine the target user's current location [CVE-2016-1779].

A remote user (website) can exploit a port redirection flaw to access restricted ports on arbitrary servers [CVE-2016-1782].

A remote user can create specially crafted HTML that, when loaded by the target user, will consume excessive resources on the target system and cause the target user's browser to crash [CVE-2016-1784].

A remote user (website) can return specially crafted redirect responses to spoof a URL and gain read access to cached contents of the specified URL [CVE-2016-1786].

A remote user (website) can exploit a character encoding caching flaw in WebKit to access cross-origin data [CVE-2016-1785].

A remote user in a privileged network position can trigger a frame validation and memory corruption error in the Wi-Fi component to execute arbitrary code [CVE-2016-0801, CVE-2016-0802].

Andrea Barisani and Andrej Rosano of Inverse Path, HappilyCoded (ant4g0nist and r3dsm0k3) (via Trend Micro's Zero Day Initiative (ZDI)), Brandon Azad, CESG, Juwei Lin of Trend Micro (via Trend Micro's Zero Day Initiative (ZDI)), Eric Monti of Square Mobile Security, Ian Beer of Google Project Zero, Pedro Vilaca, Lufeng Li of Qihoo 360 Vulcan Team,
Proteas of Qihoo 360 Nirvan Team, wol0xff (via Trend Micro's Zero Day Initiative (ZDI)), Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University, CityTog, Taylor Boyko (via Trend Micro's Zero Day Initiative (ZDI)), 0x1byte (via Trend Micro's Zero Day Initiative (ZDI)), Mihai Parparita of Google,
Devdatta Akhawe of Dropbox, Inc., Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK, xisigr of Tencent's Xuanwu Lab (http://www.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd., Moony Li and Jack Tang of TrendMicro, PKAV Team (PKAV.net), ma.la of LINE Corporation, and an anonymous researcher reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote or local user can obtain potentially sensitive information on the target system.

An application can obtain elevated privileges on the target system.

An application can bypass security controls on the target system.

Solution:   The vendor has issued a fix (9.3).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT206166

Vendor URL:  support.apple.com/en-us/HT206166 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, Resource error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 22 2016 (Apple Issues Fix for Apple Safari) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
Apple has issued a fix for Apple Safari.
Mar 22 2016 (Apple Issues Fix for Apple TV) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
Apple has issued a fix for Apple TV.
Mar 22 2016 (Apple Issues Fix for Apple Watch) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
Apple has issued a fix for Apple Watch.
Mar 22 2016 (Apple Issues Fix for Apple Watch) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
Apple has issued a fix for Apple Watch.
Mar 22 2016 (Apple Issues Fix for Apple OS X) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
Apple has issued a fix for Apple OS X.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC