ID

VAR-201509-0109

CVE

CVE-2015-5809

TITLE

Apple iOS and iTunes Used in etc. WebKit Vulnerable to arbitrary code execution

DESCRIPTION

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3. Apple iOS and iTunes Used in etc. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; iTunes is a set of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-2 Safari 9 Safari 9 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa Safari Downloads Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: LaunchServices' quarantine history may reveal browsing history Description: Access to LaunchServices' quarantine history may have revealed browsing history based on file downloads. This issue was addressed through improved deletion of quarantine history. Safari Extensions Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Local communication between Safari extensions and companion apps may be compromised Description: The local communication between Safari extensions such as password managers and their native companion apps could be comprised by another native app. This issue was addressed through a new, authenticated communications channel between Safari extensions and companion apps. Safari Extensions Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Safari extensions may be replaced on disk Description: A validated, user-installed Safari extension could be replaced on disk without prompting the user. This issue was addressed by improved validation of extensions. CVE-ID CVE-2015-5780 : Ben Toms of macmule.com Safari Safe Browsing Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M (@rahulmfg) of TagsDock WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Partially loaded images may exfiltrate data across origins Description: A race condition existed in validation of image origins. This issue was addressed by improved validation of resource origins. CVE-ID CVE-2015-5788 : Apple WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5791 : Apple CVE-2015-5792 : Apple CVE-2015-5793 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5798 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5808 : Joe Vennix CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5814 : Apple CVE-2015-5815 : Apple CVE-2015-5816 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Guillaume Ross, Andrei Neculaesei WebKit CSS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptior, Chris Evans WebKit JavaScript Bindings Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic WebKit Plug-ins Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Safari plugins may send an HTTP request without knowing the request was redirected Description: The Safari plugins API did not communicate to plugins that a server-side redirect had happened. This could lead to unauthorized requests. This issue was addressed through improved API support. CVE-ID CVE-2015-5828 : Lorenzo Fontana Safari 9 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWDB23AAoJEBcWfLTuOo7teGkQAK3KZHfKYeJ6NJP2rdBCeGGE 0zPFtcgjzbHSOG1KB5Q/gHBChmVukmgC/QCCueKmA5TOxXjhuEj2CRpe/+Zf349H zvfdvU2Q4qM7byOY/q7g77Cae6K/nrnX7FaHRjdREniZUBIsm826o69Qbpeudlns n4IhPIaUPiq0M+o1EzPgnHWJ1GpHcFD7C0bZ6tSlBea8iJi2Ai9EOZUXaskJg2mx 9tCijYN8IVKGApJT3CiFUHgx9zgDq9vbWJ1spnxwK0IgYd8zhEf18sZZmdAd5szS bpU1KyFsFRYqRjV4ctTBhj8FnZ4Cjxxq9xXXGNrrlsIXBBRDENNiwUaHhoiYVBjH mPV76aNQjgImbi2T3gamUFZLSB8IdklMbFXo+HYUX3k4eDis0f/dFRoDb4XWfXiX 168c79nGIc6bDz+7tP7Z7gC9rYCJRdJqHObky+2K1A43Urp1EkgH8oy+a2EbstfY wvoQ/kUkFsDY3NM4xwa9gqhdYFcJSQy0kfzcZB/LinjLSEBkG/7nu+XuWlrwSavJ qLvUyUpdP5ei0Scmz8YCymrf2aMG4yZEN4PyUkBPPW2DgNiXgbE5K+8kHnqmUlRF OJ9+P/2tIED63euI0n1UcrfLOHAEUgZe2jmVfye7BB9KreVh02u/ziFl46Gghdsd TksTuX7uQIiE70E/qZlh =FuAM -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2937-1 March 21, 2016 webkitgtk vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkitgtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.14.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany and Evolution, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2937-1 CVE-2014-1748, CVE-2015-1071, CVE-2015-1076, CVE-2015-1081, CVE-2015-1083, CVE-2015-1120, CVE-2015-1122, CVE-2015-1127, CVE-2015-1153, CVE-2015-1155, CVE-2015-3658, CVE-2015-3659, CVE-2015-3727, CVE-2015-3731, CVE-2015-3741, CVE-2015-3743, CVE-2015-3745, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3752, CVE-2015-5788, CVE-2015-5794, CVE-2015-5801, CVE-2015-5809, CVE-2015-5822, CVE-2015-5928 Package Information: https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.14.04.1

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple and John Villamil (@day6reak), Yahoo Pentest Team

SOURCES

LAST UPDATE DATE

2025-04-13T22:27:23.618000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE