VARIoT IoT vulnerabilities database
| VAR-201609-0228 | CVE-2016-4727 | Apple OS X of IOThunderboltFamily Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
IOThunderboltFamily in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IOThunderboltFamily kext. The issue lies in the failure to properly initialize memory prior to accessing it. An attacker can leverage this vulnerability to escalate privileges under the context of the kernel. Apple OS X is a set of special operating systems developed by Apple Inc. for Mac computers. IOThunderboltFamily is one of the IO management control components.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12
| VAR-201609-0232 | CVE-2016-4731 | Apple iOS and Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729. Apple iOS and Safari Used in etc. Apple Safari,Webkit and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser or the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store
| VAR-201609-0282 | CVE-2016-4718 | plural Apple Product FontParser Vulnerable to buffer overflow |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Both Apple iOS and tvOS are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; Safari is a web browser that comes with the Mac OS X and iOS operating systems as the default browser; watchOS is a smart TV operating system. Watch OS. FontParser is one of the font parsing components. A buffer overflow vulnerability exists in FontParser in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0236 | CVE-2016-4736 | Apple OS X of libarchive Service disruption in (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
These issues are fixed in:
Apple macOS 10.12. libarchive is one of the multi-format archive and compression library components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-10-31-8
Additional information for APPLE-SA-2017-09-25-1
macOS High Sierra 10.13
macOS High Sierra 10.13 addresses the following:
802.1X
Available for: OS X Mountain Lion 10.8 and later
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS
1.1 and TLS 1.2.
CVE-2017-13832: an anonymous researcher
Entry added October 31, 2017
apache
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in Apache
Description: Multiple issues were addressed by updating to version
2.4.27.
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789
Entry added October 31, 2017
apache
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in Apache
Description: Multiple issues existed in Apache. These were addressed
by updating Apache to version 2.4.25.
CVE-2016-736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
Entry added October 31, 2017
AppleScript
Available for: OS X Mountain Lion 10.8 and later
Impact: Decompiling an AppleScript with osadecompile may lead to
arbitrary code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13809: an anonymous researcher
Entry added October 31, 2017
Application Firewall
Available for: OS X Lion v10.8 and later
Impact: A previously denied application firewall setting may take
effect after upgrading
Description: An upgrade issue existed in the handling of firewall
settings. This issue was addressed through improved handling of
firewall settings during upgrades.
CVE-2017-7074: Daniel Jalkut of Red Sweater Software
ATS
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2017-13820: John Villamil, Doyensec
Entry added October 31, 2017
Audio
Available for: OS X Mountain Lion 10.8 and later
Impact: Parsing a maliciously crafted QuickTime file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team
Entry added October 31, 2017
Captive Network Assistant
Available for: OS X Lion v10.8 and later
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The security state of the captive portal browser was not
obvious. This issue was addressed with improved visibility of the
captive portal browser security state.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
CFString
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13821: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
CoreAudio
Available for: OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro
CoreText
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13825: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
Directory Utility
Available for: OS X Lion v10.8 and later
Impact: A local attacker may be able to determine the Apple ID of the
owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID. This issue was addressed with improved access controls.
CVE-2017-7138: an anonymous researcher
file
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.30.
CVE-2017-7121: found by OSS-Fuzz
CVE-2017-7122: found by OSS-Fuzz
CVE-2017-7123: found by OSS-Fuzz
CVE-2017-7124: found by OSS-Fuzz
CVE-2017-7125: found by OSS-Fuzz
CVE-2017-7126: found by OSS-Fuzz
file
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.31.
CVE-2017-13815
Entry added October 31, 2017
Fonts
Available for: OS X Mountain Lion 10.8 and later
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13828: an anonymous researcher
Entry added October 31, 2017
fsck_msdos
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13811: an anonymous researcher
Entry added October 31, 2017
HelpViewer
Available for: OS X Mountain Lion 10.8 and later
Impact: A quarantined HTML file may execute arbitrary JavaScript
cross-origin
Description: A cross-site scripting issue existed in HelpViewer. This
issue was addressed by removing the affected file.
CVE-2017-13819: an anonymous researcher
Entry added October 31, 2017
HFS
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum
Entry added October 31, 2017
ImageIO
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-13814: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
ImageIO
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-2017-13831: an anonymous researcher
Entry added October 31, 2017
Installer
Available for: OS X Mountain Lion 10.8 and later
Impact: A malicious application may be able to access the FileVault
unlock key
Description: This issue was addressed by removing additional
entitlements.
CVE-2017-13837: Patrick Wardle of Synack
Entry added October 31, 2017
IOFireWireFamily
Available for: OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7077: Brandon Azad
IOFireWireFamily
Available for: OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,
Benjamin Gnahm (@mitp0sh) of PDX
Kernel
Available for: OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in kernel packet counters.
This issue was addressed through improved permission validation.
CVE-2017-13810: an anonymous researcher
Entry added October 31, 2017
Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13817: Maxime Villard (m00nbsd)
Entry added October 31, 2017
Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13818: The UK's National Cyber Security Centre (NCSC)
CVE-2017-13836: an anonymous researcher, an anonymous researcher
CVE-2017-13841: an anonymous researcher
CVE-2017-13840: an anonymous researcher
CVE-2017-13842: an anonymous researcher
CVE-2017-13782: Kevin Backhouse of Semmle Ltd.
Entry added October 31, 2017
Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13843: an anonymous researcher
Entry added October 31, 2017
Kernel
Available for: OS X Mountain Lion 10.8 and later
Impact: Processing a malformed mach binary may lead to arbitrary code
execution
Description: A memory corruption issue was addressed through improved
validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Entry added October 31, 2017
kext tools
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2017-13827: an anonymous researcher
Entry added October 31, 2017
libarchive
Available for: OS X Mountain Lion 10.8 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-13813: found by OSS-Fuzz
CVE-2017-13816: found by OSS-Fuzz
Entry added October 31, 2017
libarchive
Available for: OS X Mountain Lion 10.8 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2017-13812: found by OSS-Fuzz
Entry added October 31, 2017
libarchive
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2016-4736: Proteas of Qihoo 360 Nirvan Team
Entry added October 31, 2017
libc
Available for: OS X Lion v10.8 and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-1000373
libexpat
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233
Mail
Available for: OS X Lion v10.8 and later
Impact: The sender of an email may be able to determine the IP
address of the recipient
Description: Turning off "Load remote content in messages" did not
apply to all mailboxes. This issue was addressed with improved
setting propagation.
CVE-2017-7141: an anonymous researcher
Mail Drafts
Available for: OS X Lion v10.8 and later
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher
ntp
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in ntp
Description: Multiple issues were addressed by updating to version
4.2.8p10
CVE-2017-6451: Cure53
CVE-2017-6452: Cure53
CVE-2017-6455: Cure53
CVE-2017-6458: Cure53
CVE-2017-6459: Cure53
CVE-2017-6460: Cure53
CVE-2017-6462: Cure53
CVE-2017-6463: Cure53
CVE-2017-6464: Cure53
CVE-2016-9042: Matthew Van Gundy of Cisco
Open Scripting Architecture
Available for: OS X Mountain Lion 10.8 and later
Impact: Decompiling an AppleScript with osadecompile may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13824: an anonymous researcher
Entry added October 31, 2017
PCRE
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.40.
CVE-2017-13846
Entry added October 31, 2017
Postfix
Available for: OS X Mountain Lion 10.8 and later
Impact: Multiple issues in Postfix
Description: Multiple issues were addressed by updating to version
3.2.2.
CVE-2017-13826: an anonymous researcher
Entry added October 31, 2017
Quick Look
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13822: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
Quick Look
Available for: OS X Mountain Lion 10.8 and later
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7132: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017
QuickTime
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13823: an anonymous researcher
Entry added October 31, 2017
Remote Management
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13808: an anonymous researcher
Entry added October 31, 2017
Sandbox
Available for: OS X Mountain Lion 10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13838: an anonymous researcher
Entry added October 31, 2017
Screen Lock
Available for: OS X Lion v10.8 and later
Impact: Application Firewall prompts may appear over Login Window
Description: A window management issue was addressed through improved
state management.
CVE-2017-7082: Tim Kingman
Security
Available for: OS X Lion v10.8 and later
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune
Darrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher,
an anonymous researcher
Spotlight
Available for: OS X Mountain Lion 10.8 and later
Impact: Spotlight may display results for files not belonging to the
user
Description: An access issue existed in Spotlight. This issue was
addressed through improved access restrictions.
CVE-2017-13839: an anonymous researcher
Entry added October 31, 2017
SQLite
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version
3.19.3.
CVE-2017-7127: an anonymous researcher
WebKit
Available for: OS X Lion v10.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher
zlib
Available for: OS X Lion v10.8 and later
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
Installation note:
macOS High Sierra 10.13 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8MpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaV7BAA
oPmo5pAA/HORVC3jl7tvStUpsUUiiez204FhuoVFsvHq0w7eYjsYDilzw7f6yveV
e9Xhlbz7jhFpa1SXQhtiK5SSA1aJqhXIzZPSSf4ex/6qBZCSUrAZi1vC05TuQFi2
bvZ9N2mr3Mwd4GlxN7XZ6DLi3BqQPaKIavmuxOLkUSCpkwj9npS1oPDvMCP8DX4q
goywFq4QOgvSJnohH/G8IGSm2Txy/IES68vvxdPRUi3IzjGM7E88QHkwKBDiqZRG
ozuhx8Zs+cEh8yIzLO2UoTJe5gVgz1si7J4tgCPTT65r3Uf2sizkOMMdX8PHmCCi
WTs3adVyJgC8nNql24cvPpJ4UM7bia0adzNf7cjTf7KKtVomIzR6IFaa+V737a+A
jESOB5J0iy1oqzfGN8/zf724N+rc5jp/QejM6tTvcNuc807Z4jVpR3CEr+GkMENz
Hq1Vr06gnBolmwnwlhCHujYwOpJXJ2xllQavNoe6r57XTYid1rjuRG5KXNWPlEgw
GyoB8rTLY+BzLszUtrQlhh5QXa8WaQLg0uPJJDHH3DUM7jEXRBrk7nhrz4z2qq7S
j1hlkhZbW2HuYg9URLhgYtkMgVjbTneZkWhEqER+AIbqFKdwTkuNgu5sHnWCrXG0
N+hmcqhXbgblWwiT0ma/I7Yn0b7O9g9stN88cL9cr3I=
=887+
-----END PGP SIGNATURE-----
. This issue was
addressed by limiting the time the FileVault decryption buffers are
DMA mapped to the duration of the I/O operation.
CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L
| VAR-201609-0230 | CVE-2016-4729 | Apple iOS and Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4731. Apple iOS and Safari Used in etc. Apple Safari,Webkit and iOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser or the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store
| VAR-201609-0267 | CVE-2016-4702 | plural Apple Vulnerability to execute arbitrary code in product audio |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, tvOS, OS X, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. Audio is one of the audio components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0235 | CVE-2016-4735 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4734. Apple iOS , Safari ,and tvOS Used in etc.
Attackers can exploit these issues to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0273 | CVE-2016-4708 | plural Apple Product CFNetwork Vulnerability in which important information is obtained |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response. plural Apple Product CFNetwork Is Set-Cookie There is a vulnerability in which important information can be obtained because the header is analyzed incorrectly. Supplementary information : CWE Vulnerability type by CWE-787: Out-of-bounds Write ( Out-of-bounds writing ) Has been identified. http://cwe.mitre.org/data/definitions/787.htmlSkillfully crafted by a third party HTTP Important information may be obtained through the response. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, tvOS, OS X, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. CFNetwork is a low-level, high-performance framework that is an extension of BSD sockets (sockets). The vulnerability is caused by the program not correctly parsing the Set-Cookie header. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0234 | CVE-2016-4734 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 9.6 Severity: CRITICAL |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735. Apple iOS , Safari ,and tvOS Used in etc.
Attackers can exploit these issues to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0237 | CVE-2016-4737 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS, tvOS, watchoS and Safari are prone to a multiple memory corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 10, tvOS 10, watchOS 3 and Safari 10 are vulnerable. Apple iOS, tvOS, iTunes, and Safari are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; iTunes is a set of media player applications; Safari is a web browser that comes with the Mac OS X and iOS operating systems. default browser for . WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0233 | CVE-2016-4733 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. Apple iOS , Safari ,and tvOS Used in etc.
Attackers can exploit these issues to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0231 | CVE-2016-4730 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735. Apple iOS , Safari ,and tvOS Used in etc.
Attackers can exploit these issues to execute arbitrary code and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store
| VAR-201609-0229 | CVE-2016-4728 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site. Apple iTunes/TV OS/Safari/iOS are prone to multiple memory-corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, tvOS, iTunes, and Safari are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; iTunes is a set of media player applications; Safari is a web browser that comes with the Mac OS X and iOS operating systems. default browser for . WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit in several Apple products. The following versions are affected: Apple iOS prior to 10, tvOS prior to 10, iTunes prior to 12.5.1 on Windows-based platforms, Safari prior to 10. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
CVE-2016-4618 : an anonymous researcher
Safari Tabs
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue existed in the handling of tab
sessions.
CVE-2016-4769 : Tongbo Luo of Palo Alto Networks
Safari 10 may be obtained from the Mac App Store. ==========================================================================
Ubuntu Security Notice USN-3166-1
January 10, 2017
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
- webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3166-1
CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707,
CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735,
CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762,
CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768,
CVE-2016-4769, CVE-2016-7578
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
| VAR-201609-0238 | CVE-2016-4738 | plural Apple Product libxslt Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, watchOS, OS X El Capitan, and tvOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; OS X El Capitan is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. A memory corruption vulnerability exists in libxslt in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3709-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 08, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libxslt
CVE ID : CVE-2016-4738
Debian Bug : 842570
Nick Wellnhofer discovered that the xsltFormatNumberConversion function
in libxslt, an XSLT processing runtime library, does not properly check
for a zero byte terminating the pattern string. This flaw can be
exploited to leak a couple of bytes after the buffer that holds the
pattern string.
For the stable distribution (jessie), this problem has been fixed in
version 1.1.28-2+deb8u2.
For the testing distribution (stretch), this problem has been fixed
in version 1.1.29-2.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.29-2.
We recommend that you upgrade your libxslt packages.
Alternatively, on your watch, select "My Watch > General > About". ==========================================================================
Ubuntu Security Notice USN-3271-1
April 28, 2017
libxslt vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Libxslt.
Software Description:
- libxslt: XSLT processing library
Details:
Holger Fuhrmannek discovered an integer overflow in the
xsltAddTextString() function in Libxslt. (CVE-2017-5029)
Nicolas Gregoire discovered that Libxslt mishandled namespace
nodes. An attacker could use this to craft a malicious document that,
when opened, could cause a denial of service (application crash)
or possibly execute arbtrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1683)
Sebastian Apelt discovered that a use-after-error existed in the
xsltDocumentFunctionLoadDocument() function in Libxslt. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1841)
It was discovered that a type confusion error existed in the
xsltStylePreCompute() function in Libxslt. An attacker could use this
to craft a malicious XML file that, when opened, caused a denial of
service (application crash). This issue only affected Ubuntu 14.04
LTS and Ubuntu 12.04 LTS. (CVE-2015-7995)
Nicolas Gregoire discovered the Libxslt mishandled the 'i' and 'a'
format tokens for xsl:number data. An attacker could use this to
craft a malicious document that, when opened, could cause a denial of
service (application crash). This issue only affected Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. (CVE-2016-1684)
It was discovered that the xsltFormatNumberConversion() function
in Libxslt did not properly handle empty decimal separators. An
attacker could use this to craft a malicious document that, when
opened, could cause a denial of service (application crash). This
issue only affected Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS,
and Ubuntu 12.04 LTS. (CVE-2016-4738)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libxslt1.1 1.1.29-2ubuntu0.1
Ubuntu 16.10:
libxslt1.1 1.1.29-1ubuntu0.1
Ubuntu 16.04 LTS:
libxslt1.1 1.1.28-2.1ubuntu0.1
Ubuntu 14.04 LTS:
libxslt1.1 1.1.28-2ubuntu0.1
Ubuntu 12.04 LTS:
libxslt1.1 1.1.26-8ubuntu1.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3271-1
CVE-2015-7995, CVE-2016-1683, CVE-2016-1684, CVE-2016-1841,
CVE-2016-4738, CVE-2017-5029
Package Information:
https://launchpad.net/ubuntu/+source/libxslt/1.1.29-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.29-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.28-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.4
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201804-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxslt: Multiple vulnerabilities
Date: April 04, 2018
Bugs: #598204, #612194
ID: 201804-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities were discovered in libxslt, the worst of which
may allow a remote attacker to execute arbitrary code.
Background
==========
libxslt is the XSLT C library developed for the GNOME project. XSLT is
an XML language to define transformations for XML.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxslt < 1.1.30 >= 1.1.30
Description
===========
Multiple vulnerabilities have been discovered in libxslt. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxslt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.30"
References
==========
[ 1 ] CVE-2016-4738
https://nvd.nist.gov/vuln/detail/CVE-2016-4738
[ 2 ] CVE-2017-5029
https://nvd.nist.gov/vuln/detail/CVE-2017-5029
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201804-01
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-201609-0227 | CVE-2016-4726 | plural Apple Product IOAcceleratorFamily Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. IOAcceleratorFamily is one of the IO acceleration management components. A memory corruption vulnerability exists in the IOAcceleratorFamily in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0226 | CVE-2016-4725 | plural Apple Product IOAcceleratorFamily Vulnerability in which important information is obtained from process memory |
CVSS V2: 5.8 CVSS V3: 8.1 Severity: HIGH |
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. IOAcceleratorFamily is one of the IO acceleration management components. A memory corruption vulnerability exists in the IOAcceleratorFamily in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0225 | CVE-2016-4658 | Multiple Apple product libxml2 Memory corruption vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. Apple iOS, tvOS,MacOS and watchOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, cause a denial-of-service condition, perform unauthorized actions and gain system privileges; this may aid in launching further attacks.
Versions prior to iOS 10, watchOS 3, MacOS 10.12, and tvOS 10 are vulnerable. Apple iOS, OS X, tvOS, and watchOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A memory corruption vulnerability exists in Libxml2 in several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libxml2 security update
Advisory ID: RHSA-2021:3810-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3810
Issue date: 2021-10-12
CVE Names: CVE-2016-4658
=====================================================================
1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
Security Fix(es):
* libxml2: Use after free via namespace node in XPointer ranges
(CVE-2016-4658)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update
to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1384424 - CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
libxml2-2.9.1-6.el7_9.6.src.rpm
x86_64:
libxml2-2.9.1-6.el7_9.6.i686.rpm
libxml2-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-devel-2.9.1-6.el7_9.6.i686.rpm
libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-static-2.9.1-6.el7_9.6.i686.rpm
libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libxml2-2.9.1-6.el7_9.6.src.rpm
x86_64:
libxml2-2.9.1-6.el7_9.6.i686.rpm
libxml2-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-devel-2.9.1-6.el7_9.6.i686.rpm
libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-static-2.9.1-6.el7_9.6.i686.rpm
libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libxml2-2.9.1-6.el7_9.6.src.rpm
ppc64:
libxml2-2.9.1-6.el7_9.6.ppc.rpm
libxml2-2.9.1-6.el7_9.6.ppc64.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64.rpm
libxml2-devel-2.9.1-6.el7_9.6.ppc.rpm
libxml2-devel-2.9.1-6.el7_9.6.ppc64.rpm
libxml2-python-2.9.1-6.el7_9.6.ppc64.rpm
ppc64le:
libxml2-2.9.1-6.el7_9.6.ppc64le.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64le.rpm
libxml2-devel-2.9.1-6.el7_9.6.ppc64le.rpm
libxml2-python-2.9.1-6.el7_9.6.ppc64le.rpm
s390x:
libxml2-2.9.1-6.el7_9.6.s390.rpm
libxml2-2.9.1-6.el7_9.6.s390x.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.s390x.rpm
libxml2-devel-2.9.1-6.el7_9.6.s390.rpm
libxml2-devel-2.9.1-6.el7_9.6.s390x.rpm
libxml2-python-2.9.1-6.el7_9.6.s390x.rpm
x86_64:
libxml2-2.9.1-6.el7_9.6.i686.rpm
libxml2-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-devel-2.9.1-6.el7_9.6.i686.rpm
libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libxml2-debuginfo-2.9.1-6.el7_9.6.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64.rpm
libxml2-static-2.9.1-6.el7_9.6.ppc.rpm
libxml2-static-2.9.1-6.el7_9.6.ppc64.rpm
ppc64le:
libxml2-debuginfo-2.9.1-6.el7_9.6.ppc64le.rpm
libxml2-static-2.9.1-6.el7_9.6.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.1-6.el7_9.6.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.s390x.rpm
libxml2-static-2.9.1-6.el7_9.6.s390.rpm
libxml2-static-2.9.1-6.el7_9.6.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-static-2.9.1-6.el7_9.6.i686.rpm
libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libxml2-2.9.1-6.el7_9.6.src.rpm
x86_64:
libxml2-2.9.1-6.el7_9.6.i686.rpm
libxml2-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-devel-2.9.1-6.el7_9.6.i686.rpm
libxml2-devel-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-python-2.9.1-6.el7_9.6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_9.6.x86_64.rpm
libxml2-static-2.9.1-6.el7_9.6.i686.rpm
libxml2-static-2.9.1-6.el7_9.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4658
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYWWqlNzjgjWX9erEAQglcQ//SUNNJGppCVp7noool8BcQdiZYbHQYIZc
Ip2xZN+MskEdApJVdj+miteXwKbQlzOBC2O7NxxTagWuQd/ZTeojWIBbpN3wDWK4
iEHxXnJxSCc5Mnz98gW5uiiuOZ7YYNenqpf0CwiR8TTaCfzRZviHA5nt6uRCsOoF
XnNRQBkGevmh4VE1J8Mn2aD1fZrvxa1K5SywrF01ZI8ySjqEvm0lajuQD/4evvi8
gcjJlkCx8l/IOD4LowDCXrdxG/eiTYGpLYOdE6ZSOAX+pW4MtJm8R+gusQ+jwyJ+
pe5ITvZw2lycRboQEdr0bg/PiMJfguKA0tbf2Ra096ka1VThIFMZO7SDxhAjtohr
v/M3Q+4uLIMei1KapYHo09RO7QwAzViT2p3ycsU+9mEVRNJZcCAeVY3naRkaMEnQ
SuM57XSYJXJN7w8tQGzFTnzrZZYKv0XkrMG+sIiVgBAQKgPAppomE1PIeORIJqbb
PeASp+08mO37T0Aw5e4SUuzd+MiE7LtGE9RzNzFTWMqT2qQptezmJx/+x0FRu3fv
UcfEicz2xh0aV4wptaY4wnqvd4juAOO+AgY5QabO4KZPdvvpcMyQ6twt+sdehQjl
03ChiCTvXyZmWO+IhdEYqGWeh9i6eWoK3QF3cZOXOQSLfNKKvGPJMfHYxch18nU/
aV/GyGATRM8=
=M6KE
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxml2: Multiple vulnerabilities
Date: January 16, 2017
Bugs: #564776, #566374, #572878, #573820, #577998, #582538,
#582540, #583888, #589816, #597112, #597114, #597116
ID: 201701-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in libxml2, the worst of which
could lead to the execution of arbitrary code.
Background
==========
libxml2 is the XML (eXtended Markup Language) C parser and toolkit
initially developed for the Gnome project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"
References
==========
[ 1 ] CVE-2015-1819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819
[ 2 ] CVE-2015-5312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312
[ 3 ] CVE-2015-7497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497
[ 4 ] CVE-2015-7498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498
[ 5 ] CVE-2015-7499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499
[ 6 ] CVE-2015-7500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500
[ 7 ] CVE-2015-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941
[ 8 ] CVE-2015-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942
[ 9 ] CVE-2015-8035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035
[ 10 ] CVE-2015-8242
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242
[ 11 ] CVE-2015-8806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806
[ 12 ] CVE-2016-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836
[ 13 ] CVE-2016-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838
[ 14 ] CVE-2016-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839
[ 15 ] CVE-2016-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840
[ 16 ] CVE-2016-2073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073
[ 17 ] CVE-2016-3627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627
[ 18 ] CVE-2016-3705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705
[ 19 ] CVE-2016-4483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483
[ 20 ] CVE-2016-4658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658
[ 21 ] CVE-2016-5131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-37
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
===========================================================================
Ubuntu Security Notice USN-3235-1
March 16, 2017
libxml2 vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04
LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448)
It was discovered that libxml2 incorrectly handled certain malformed
documents.
(CVE-2016-4658)
Nick Wellnhofer discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-5131)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
libxml2 2.9.4+dfsg1-2ubuntu0.1
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.2
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.9
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.17
After a standard system update you need to reboot your computer to make
all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-6 tvOS 10
The tvOS 10 advisory has been released to describe the entries below:
Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
CFNetwork
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CoreCrypto
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4775: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
libxml2
Available for: Apple TV (4th generation)
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Security
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4730: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select
"Settings -> General -> About.a
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4YUuAAoJEIOj74w0bLRGEKwQAND90p4tiCZDr5z+T94m4428
e2g+h5c5RtY0tV7j1whSLrPSoX0ez7S9T3p9/O9VoHHKhm8AvE/bqm79tjsi4TwB
oEutlCLTRvq8LeDbIhG5qDsUm+bTfgBfJ+1XCHLVFi2Bbm0fZgi6TbDsSCxLgmZU
DWNfUz24QV1gOMS7rZVQ8Og7tNQsv78CExENnQFgN0dM9XfAn97JgTnwQwzjf9sf
ywbbhVjLOH1NTrevFisZKq8NLbh+keXT8Ek8axyvk2CiVOeWFoRrVtZX03J73iAG
NCCiY1wgKSET91lLyBkneWj4eeHH1kvZ/DExfg7MxTg3N9z7EHSyKF1ON3BqdtBO
hSYpux4K+zN48bgPbgB+O+qy4t4m7mwrz2C4K7gW6whgN6DC/mH6P1qyQv4rXBXv
LGzEjXzMjbb0Ux5xuw81tkFkfMEY2uRlgNaaYO0R86YinMkgOyRYdDbmbK62AReq
DWuiB0o0CJ9ip8YKLuBS7jT5/0uNEp4Nc6s1Y/D4hx/SxIhNRPMRryoEkrFLxG0q
hZBaNeCKa+Vy7S0Tfd8c3x3vUybpaRZjFUlal3cD2hgLiKkxMFIKli+y5rNCG8zH
EbLmWFA8RwaDlEKkKmKD8bASRqw/tILbgJ9E5As0U12h81CJsNPDweQTShaN6Z+B
svyBFoBkuLMo7dSDZ9iW
=y/KT
-----END PGP SIGNATURE-----
. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.1.12 General
Availability release images, which provide security fixes and update the
container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains updates to one or more container images for Red Hat
Advanced Cluster Management for Kubernetes. See the following Release Notes
documentation, which will be updated shortly for this release, for
additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana
gement_for_kubernetes/2.1/html/release_notes/
Security fixes:
* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
* redis: Integer overflow issue with Streams (CVE-2021-32627)
* redis: Integer overflow bug in the ziplist data structure
(CVE-2021-32628)
* redis: Integer overflow issue with intsets (CVE-2021-32687)
* redis: Integer overflow issue with strings (CVE-2021-41099)
* redis: Denial of service via Redis Standard Protocol (RESP) request
(CVE-2021-32675)
* redis: Out of bounds read in lua debugger protocol parser
(CVE-2021-32672)
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Container updates:
* RHACM 2.1.12 images (BZ# 2007489)
3. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. To apply this upgrade,
you
must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):
2007489 - RHACM 2.1.12 images
2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets
2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request
2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser
2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure
2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams
2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack
2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
5
| VAR-201609-0011 | CVE-2016-0917 | plural EMC VNX Product SMB Vulnerability in arbitrary code execution in service |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. Multiple EMC Products are prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. EMC VNX2 File OE and others are all hybrid storage platforms of EMC. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
EMC Identifier: ESA-2016-096
CVE Identifier: CVE-2016-0917
Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected products:
EMC Software: EMC VNX2 File OE versions prior to 8.1.9.155
EMC Software: EMC VNX1 File OE versions prior to 7.1.80.3
EMC Software: EMC VNXe (all supported versions)
EMC Software: EMC Celerra (all supported versions)Note: EMC Unity (all versions) is not affected by this issue.
Summary:
SMB implementation in EMC Celerra, VNX1, VNX2 and VNXe are affected by an NTLM authentication weak nonce vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Details:
An unauthenticated remote attacker may potentially exploit the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces to potentially access the SMB service of the target system under the credentials of an authorized user. This issue is similar to the Microsoft Windows SMB implementation issue that is described under CVE-2010-0231 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0231).
Resolution:
The following releases contain resolutions for this issue:
- - EMC VNX2 File OE versions 8.1.9.155
- - EMC VNX1 File OE versions 7.1.80.3
EMC recommends all customers upgrade at the earliest opportunity. This advisory will be updated when fixes for EMC VNXe will be available. There is currently no plan to release fixes for EMC Celerra based on the current support lifecycle of the product.
Workaround:
Customers that are unable to upgrade should use Kerberos authentication instead of NTLM.
Link to remedies:
Registered EMC Support customers can download EMC VNX2 and VNX1 software from the EMC Online Support web site at https://support.emc.com.
[The following is standard text included in all security advisories. Please do not change or delete.]
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJX4AB5AAoJEHbcu+fsE81ZhUQIAKH6Sf0wN3aaJ3h7zd0WRO57
HF1+PfQyE3eG2pcLYqC4kVYBD6q8uXHrWqo8mvj5GmX5JZGfJfoUjYG5YRjBGvSU
1lU9y7UB4sF0cRKLtcv7MjKvjzCV5YTmqP4XR2kp3NSqLwTThUVlMdu333F5tc5b
FAvgk2QtdxLHh/KS8gd65K6Mu5dAQqy3oIDFw8s/TMemJwOX/1859rXQZ7Kt/3fZ
IDnHxxWzvvvxTrvngLO0zcGPE8yq6WikXDgosZm9vgELYgEDFlpXppaLO5ZHK2Ob
UIIIanWTLCWSSo9K7d7Z2TCle7QYbdBe5aNEKEN+YzwUNMJV2xhn2CQ/GL7gwD4=
=Uueq
-----END PGP SIGNATURE-----
| VAR-201609-0599 | No CVE | AB 1769 PLC ARP Syntax Denial of Service Vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
AB 1769 PLC is an integrated industrial high-performance programmable controller.
AB 1769 PLC has ARP syntax denial of service vulnerability. By modifying the ARP header, an attacker can cause the device protocol stack to crash or even cause the device to go down
| VAR-201609-0695 | No CVE | Schneider Electric PowerLogic PM8ECC Module Unauthorized Access Vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Schneider Electric PowerLogic PM8ECC is a communication module used by Schneider Electric (France) for 800 series meters.
The Schneider Electric PowerLogic PM8ECC module has an unauthorized access vulnerability that allows an attacker to exploit this vulnerability to gain all permissions of the Web management interface and FTP.