ID

VAR-201510-0238

CVE

CVE-2015-5928

TITLE

Apple iOS Used in etc. WebKit Vulnerable to arbitrary code execution

DESCRIPTION

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. Apple iOS , Safari and iTunes Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.1, Safari versions prior to 9.0.1, and iTunes versions prior to 12.3.1. ============================================================================ Ubuntu Security Notice USN-2937-1 March 21, 2016 webkitgtk vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkitgtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.15.10.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libjavascriptcoregtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libjavascriptcoregtk-3.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-1.0-0 2.4.10-0ubuntu0.14.04.1 libwebkitgtk-3.0-0 2.4.10-0ubuntu0.14.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany and Evolution, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2937-1 CVE-2014-1748, CVE-2015-1071, CVE-2015-1076, CVE-2015-1081, CVE-2015-1083, CVE-2015-1120, CVE-2015-1122, CVE-2015-1127, CVE-2015-1153, CVE-2015-1155, CVE-2015-3658, CVE-2015-3659, CVE-2015-3727, CVE-2015-3731, CVE-2015-3741, CVE-2015-3743, CVE-2015-3745, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3752, CVE-2015-5788, CVE-2015-5794, CVE-2015-5801, CVE-2015-5809, CVE-2015-5822, CVE-2015-5928 Package Information: https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/webkitgtk/2.4.10-0ubuntu0.14.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2025-04-13T22:32:44.923000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE