VARIoT IoT vulnerabilities database
| VAR-201609-0455 | CVE-2016-4276 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of SWF data. A crafted SWF can trigger a read past the end of an allocated buffer. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:1865-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1865.html
Issue date: 2016-09-14
CVE Names: CVE-2016-4271 CVE-2016-4272 CVE-2016-4274
CVE-2016-4275 CVE-2016-4276 CVE-2016-4277
CVE-2016-4278 CVE-2016-4279 CVE-2016-4280
CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
CVE-2016-4284 CVE-2016-4285 CVE-2016-4287
CVE-2016-6921 CVE-2016-6922 CVE-2016-6923
CVE-2016-6924 CVE-2016-6925 CVE-2016-6926
CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
CVE-2016-6931 CVE-2016-6932
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.635. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274,
CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,
CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923,
CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1375725 - flash-plugin: multiple code execution issues fixed in APSB16-29
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4271
https://access.redhat.com/security/cve/CVE-2016-4272
https://access.redhat.com/security/cve/CVE-2016-4274
https://access.redhat.com/security/cve/CVE-2016-4275
https://access.redhat.com/security/cve/CVE-2016-4276
https://access.redhat.com/security/cve/CVE-2016-4277
https://access.redhat.com/security/cve/CVE-2016-4278
https://access.redhat.com/security/cve/CVE-2016-4279
https://access.redhat.com/security/cve/CVE-2016-4280
https://access.redhat.com/security/cve/CVE-2016-4281
https://access.redhat.com/security/cve/CVE-2016-4282
https://access.redhat.com/security/cve/CVE-2016-4283
https://access.redhat.com/security/cve/CVE-2016-4284
https://access.redhat.com/security/cve/CVE-2016-4285
https://access.redhat.com/security/cve/CVE-2016-4287
https://access.redhat.com/security/cve/CVE-2016-6921
https://access.redhat.com/security/cve/CVE-2016-6922
https://access.redhat.com/security/cve/CVE-2016-6923
https://access.redhat.com/security/cve/CVE-2016-6924
https://access.redhat.com/security/cve/CVE-2016-6925
https://access.redhat.com/security/cve/CVE-2016-6926
https://access.redhat.com/security/cve/CVE-2016-6927
https://access.redhat.com/security/cve/CVE-2016-6929
https://access.redhat.com/security/cve/CVE-2016-6930
https://access.redhat.com/security/cve/CVE-2016-6931
https://access.redhat.com/security/cve/CVE-2016-6932
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX2Pp+XlSAg2UNWIIRAp1iAKCmfmh77bYTg10K3b0b6aJuxtLEgACfZlyh
ynwsnFlRoTlOLVQLiobHvps=
=1fXO
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201609-0453 | CVE-2016-4274 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:1865-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1865.html
Issue date: 2016-09-14
CVE Names: CVE-2016-4271 CVE-2016-4272 CVE-2016-4274
CVE-2016-4275 CVE-2016-4276 CVE-2016-4277
CVE-2016-4278 CVE-2016-4279 CVE-2016-4280
CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
CVE-2016-4284 CVE-2016-4285 CVE-2016-4287
CVE-2016-6921 CVE-2016-6922 CVE-2016-6923
CVE-2016-6924 CVE-2016-6925 CVE-2016-6926
CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
CVE-2016-6931 CVE-2016-6932
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.635. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274,
CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,
CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923,
CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1375725 - flash-plugin: multiple code execution issues fixed in APSB16-29
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4271
https://access.redhat.com/security/cve/CVE-2016-4272
https://access.redhat.com/security/cve/CVE-2016-4274
https://access.redhat.com/security/cve/CVE-2016-4275
https://access.redhat.com/security/cve/CVE-2016-4276
https://access.redhat.com/security/cve/CVE-2016-4277
https://access.redhat.com/security/cve/CVE-2016-4278
https://access.redhat.com/security/cve/CVE-2016-4279
https://access.redhat.com/security/cve/CVE-2016-4280
https://access.redhat.com/security/cve/CVE-2016-4281
https://access.redhat.com/security/cve/CVE-2016-4282
https://access.redhat.com/security/cve/CVE-2016-4283
https://access.redhat.com/security/cve/CVE-2016-4284
https://access.redhat.com/security/cve/CVE-2016-4285
https://access.redhat.com/security/cve/CVE-2016-4287
https://access.redhat.com/security/cve/CVE-2016-6921
https://access.redhat.com/security/cve/CVE-2016-6922
https://access.redhat.com/security/cve/CVE-2016-6923
https://access.redhat.com/security/cve/CVE-2016-6924
https://access.redhat.com/security/cve/CVE-2016-6925
https://access.redhat.com/security/cve/CVE-2016-6926
https://access.redhat.com/security/cve/CVE-2016-6927
https://access.redhat.com/security/cve/CVE-2016-6929
https://access.redhat.com/security/cve/CVE-2016-6930
https://access.redhat.com/security/cve/CVE-2016-6931
https://access.redhat.com/security/cve/CVE-2016-6932
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX2Pp+XlSAg2UNWIIRAp1iAKCmfmh77bYTg10K3b0b6aJuxtLEgACfZlyh
ynwsnFlRoTlOLVQLiobHvps=
=1fXO
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201609-0451 | CVE-2016-4271 | Adobe Flash Player Vulnerable to access restrictions |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue. Adobe Flash Player is prone to multiple unspecified security-bypass vulnerabilities. The product enables viewing of applications, content and video across screens and browsers.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:1865-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1865.html
Issue date: 2016-09-14
CVE Names: CVE-2016-4271 CVE-2016-4272 CVE-2016-4274
CVE-2016-4275 CVE-2016-4276 CVE-2016-4277
CVE-2016-4278 CVE-2016-4279 CVE-2016-4280
CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
CVE-2016-4284 CVE-2016-4285 CVE-2016-4287
CVE-2016-6921 CVE-2016-6922 CVE-2016-6923
CVE-2016-6924 CVE-2016-6925 CVE-2016-6926
CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
CVE-2016-6931 CVE-2016-6932
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.635. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274,
CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,
CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923,
CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1375725 - flash-plugin: multiple code execution issues fixed in APSB16-29
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4271
https://access.redhat.com/security/cve/CVE-2016-4272
https://access.redhat.com/security/cve/CVE-2016-4274
https://access.redhat.com/security/cve/CVE-2016-4275
https://access.redhat.com/security/cve/CVE-2016-4276
https://access.redhat.com/security/cve/CVE-2016-4277
https://access.redhat.com/security/cve/CVE-2016-4278
https://access.redhat.com/security/cve/CVE-2016-4279
https://access.redhat.com/security/cve/CVE-2016-4280
https://access.redhat.com/security/cve/CVE-2016-4281
https://access.redhat.com/security/cve/CVE-2016-4282
https://access.redhat.com/security/cve/CVE-2016-4283
https://access.redhat.com/security/cve/CVE-2016-4284
https://access.redhat.com/security/cve/CVE-2016-4285
https://access.redhat.com/security/cve/CVE-2016-4287
https://access.redhat.com/security/cve/CVE-2016-6921
https://access.redhat.com/security/cve/CVE-2016-6922
https://access.redhat.com/security/cve/CVE-2016-6923
https://access.redhat.com/security/cve/CVE-2016-6924
https://access.redhat.com/security/cve/CVE-2016-6925
https://access.redhat.com/security/cve/CVE-2016-6926
https://access.redhat.com/security/cve/CVE-2016-6927
https://access.redhat.com/security/cve/CVE-2016-6929
https://access.redhat.com/security/cve/CVE-2016-6930
https://access.redhat.com/security/cve/CVE-2016-6931
https://access.redhat.com/security/cve/CVE-2016-6932
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX2Pp+XlSAg2UNWIIRAp1iAKCmfmh77bYTg10K3b0b6aJuxtLEgACfZlyh
ynwsnFlRoTlOLVQLiobHvps=
=1fXO
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201609-0428 | CVE-2016-4287 | Adobe Flash Player Integer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player Contains an integer overflow vulnerability. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. http://cwe.mitre.org/data/definitions/190.htmlAn attacker could execute arbitrary code. Failed attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2016:1865-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1865.html
Issue date: 2016-09-14
CVE Names: CVE-2016-4271 CVE-2016-4272 CVE-2016-4274
CVE-2016-4275 CVE-2016-4276 CVE-2016-4277
CVE-2016-4278 CVE-2016-4279 CVE-2016-4280
CVE-2016-4281 CVE-2016-4282 CVE-2016-4283
CVE-2016-4284 CVE-2016-4285 CVE-2016-4287
CVE-2016-6921 CVE-2016-6922 CVE-2016-6923
CVE-2016-6924 CVE-2016-6925 CVE-2016-6926
CVE-2016-6927 CVE-2016-6929 CVE-2016-6930
CVE-2016-6931 CVE-2016-6932
=====================================================================
1. Summary:
An update for flash-plugin is now available for Red Hat Enterprise Linux 5
Supplementary and Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update upgrades Flash Player to version 11.2.202.635. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274,
CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,
CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,
CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923,
CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,
CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1375725 - flash-plugin: multiple code execution issues fixed in APSB16-29
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
x86_64:
flash-plugin-11.2.202.635-1.el5_11.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
x86_64:
flash-plugin-11.2.202.635-1.el6_8.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-4271
https://access.redhat.com/security/cve/CVE-2016-4272
https://access.redhat.com/security/cve/CVE-2016-4274
https://access.redhat.com/security/cve/CVE-2016-4275
https://access.redhat.com/security/cve/CVE-2016-4276
https://access.redhat.com/security/cve/CVE-2016-4277
https://access.redhat.com/security/cve/CVE-2016-4278
https://access.redhat.com/security/cve/CVE-2016-4279
https://access.redhat.com/security/cve/CVE-2016-4280
https://access.redhat.com/security/cve/CVE-2016-4281
https://access.redhat.com/security/cve/CVE-2016-4282
https://access.redhat.com/security/cve/CVE-2016-4283
https://access.redhat.com/security/cve/CVE-2016-4284
https://access.redhat.com/security/cve/CVE-2016-4285
https://access.redhat.com/security/cve/CVE-2016-4287
https://access.redhat.com/security/cve/CVE-2016-6921
https://access.redhat.com/security/cve/CVE-2016-6922
https://access.redhat.com/security/cve/CVE-2016-6923
https://access.redhat.com/security/cve/CVE-2016-6924
https://access.redhat.com/security/cve/CVE-2016-6925
https://access.redhat.com/security/cve/CVE-2016-6926
https://access.redhat.com/security/cve/CVE-2016-6927
https://access.redhat.com/security/cve/CVE-2016-6929
https://access.redhat.com/security/cve/CVE-2016-6930
https://access.redhat.com/security/cve/CVE-2016-6931
https://access.redhat.com/security/cve/CVE-2016-6932
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFX2Pp+XlSAg2UNWIIRAp1iAKCmfmh77bYTg10K3b0b6aJuxtLEgACfZlyh
ynwsnFlRoTlOLVQLiobHvps=
=1fXO
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, or bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player 23.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-23.0.0.205"
All Adobe Flash Player 11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.635"
References
==========
[ 1 ] CVE-2016-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4182
[ 2 ] CVE-2016-4271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4271
[ 3 ] CVE-2016-4272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4272
[ 4 ] CVE-2016-4273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4273
[ 5 ] CVE-2016-4274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4274
[ 6 ] CVE-2016-4275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4275
[ 7 ] CVE-2016-4276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4276
[ 8 ] CVE-2016-4277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4277
[ 9 ] CVE-2016-4278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4278
[ 10 ] CVE-2016-4279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4279
[ 11 ] CVE-2016-4280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4280
[ 12 ] CVE-2016-4281
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4281
[ 13 ] CVE-2016-4282
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4282
[ 14 ] CVE-2016-4283
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4283
[ 15 ] CVE-2016-4284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4284
[ 16 ] CVE-2016-4285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4285
[ 17 ] CVE-2016-4286
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4286
[ 18 ] CVE-2016-4287
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4287
[ 19 ] CVE-2016-6921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6921
[ 20 ] CVE-2016-6922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6922
[ 21 ] CVE-2016-6923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6923
[ 22 ] CVE-2016-6924
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6924
[ 23 ] CVE-2016-6925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6925
[ 24 ] CVE-2016-6926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6926
[ 25 ] CVE-2016-6927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6927
[ 26 ] CVE-2016-6929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6929
[ 27 ] CVE-2016-6930
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6930
[ 28 ] CVE-2016-6931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6931
[ 29 ] CVE-2016-6932
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6932
[ 30 ] CVE-2016-6981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6981
[ 31 ] CVE-2016-6982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6982
[ 32 ] CVE-2016-6983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6983
[ 33 ] CVE-2016-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6984
[ 34 ] CVE-2016-6985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6985
[ 35 ] CVE-2016-6986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6986
[ 36 ] CVE-2016-6987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6987
[ 37 ] CVE-2016-6989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6989
[ 38 ] CVE-2016-6990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6990
[ 39 ] CVE-2016-6992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6992
[ 40 ] CVE-2016-7855
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7855
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201609-0333 | CVE-2016-4620 | Apple iOS Sandbox Profile Component vulnerable to retrieving text message recipients |
CVSS V2: 4.3 CVSS V3: 3.3 Severity: LOW |
The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Sandbox Profiles is one of the Sandbox (Sandbox) components. An attacker could exploit this vulnerability with the help of a specially crafted application to discover text-message recipients. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
| VAR-201609-0270 | CVE-2016-4705 | Apple Xcode of otool Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. otool is one of the decompilation tools for Mac OS X applications. A security vulnerability exists in otool in versions prior to Apple Xcode 8. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-13-2 Xcode 8
Xcode 8 is now available and addresses the following:
otool
Available for: OS X El Capitan 10.11.5 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4704 : Shrek_wzw of Qihoo 360 Nirvan Team
CVE-2016-4705 : riusksk of Tencent Security Platform Department
Xcode 8.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "8".
Information will also be posted to the Apple Security Updates
web site:
https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX2FJ8AAoJEIOj74w0bLRG7DcP/2hIkiXK3p/OlMlfRM9kWds/
AOfwzvh5uuH67CECt8uOPVh3VL9r/pPHBKez8xBtCBFdJMe5MXHsvjM6sFfS09hk
h0ivVexk0Ofd22jo6hq/LViNaJb/3TmQ97j+Wz0SI6sBz7ksbE/okwmoGdqqwOe4
EJeuUXmciM94qlk42qHtXIhJGw04OItI9utkjA7dNag5v8n+UpgVMLZKmuAV2RfX
3XrVFSfN7CIKxef+4fl9L38wMP86qeuYIVS5mdbmA0hFC6Gk6gy/4b7QpqhII8SI
DD93Px9v8pvdW/tLzrkAgz4qzhk2FvPMhUgl+QanVmQfFmCEplHLMGge2Fd4T8vL
3EiC2TRFJhyRMUKY3Exupi6iLWpPY4Ax5TE0O98Y7KnS5S3YttoYZJ3R7v/1M3n6
GIYLIzSnJ1KJ37JYMFRPH19PF4bwWyuSsYTY69ocQJvt4yrRSqm54iHKybzvJm5V
JnDY5fAipMwHhqyLRJeNsM0z5RnXlXvMElnL8e57ZcCO9YG0PmbAKe0o85bmiLIU
uiI0/9EgwVsjxbH+v0iNaBeYfHQeCVTKvC/Z4/kIqZDNBiek8hUP1uBlbQNO5ia8
hWgbHCvLyLWjOgq2tqDYvlqA3Q9o1oZG1JaM1khh4JQ48dwPKXrLa7Z1+UD4gaPu
UQtBYqyCpohYmzRIfkZo
=SRht
-----END PGP SIGNATURE-----
| VAR-201609-0269 | CVE-2016-4704 | Apple Xcode of otool Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. otool is one of the decompilation tools for Mac OS X applications. A security vulnerability exists in the otool component in versions prior to Apple Xcode 8. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-13-2 Xcode 8
Xcode 8 is now available and addresses the following:
otool
Available for: OS X El Capitan 10.11.5 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4704 : Shrek_wzw of Qihoo 360 Nirvan Team
CVE-2016-4705 : riusksk of Tencent Security Platform Department
Xcode 8.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "8".
Information will also be posted to the Apple Security Updates
web site:
https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX2FJ8AAoJEIOj74w0bLRG7DcP/2hIkiXK3p/OlMlfRM9kWds/
AOfwzvh5uuH67CECt8uOPVh3VL9r/pPHBKez8xBtCBFdJMe5MXHsvjM6sFfS09hk
h0ivVexk0Ofd22jo6hq/LViNaJb/3TmQ97j+Wz0SI6sBz7ksbE/okwmoGdqqwOe4
EJeuUXmciM94qlk42qHtXIhJGw04OItI9utkjA7dNag5v8n+UpgVMLZKmuAV2RfX
3XrVFSfN7CIKxef+4fl9L38wMP86qeuYIVS5mdbmA0hFC6Gk6gy/4b7QpqhII8SI
DD93Px9v8pvdW/tLzrkAgz4qzhk2FvPMhUgl+QanVmQfFmCEplHLMGge2Fd4T8vL
3EiC2TRFJhyRMUKY3Exupi6iLWpPY4Ax5TE0O98Y7KnS5S3YttoYZJ3R7v/1M3n6
GIYLIzSnJ1KJ37JYMFRPH19PF4bwWyuSsYTY69ocQJvt4yrRSqm54iHKybzvJm5V
JnDY5fAipMwHhqyLRJeNsM0z5RnXlXvMElnL8e57ZcCO9YG0PmbAKe0o85bmiLIU
uiI0/9EgwVsjxbH+v0iNaBeYfHQeCVTKvC/Z4/kIqZDNBiek8hUP1uBlbQNO5ia8
hWgbHCvLyLWjOgq2tqDYvlqA3Q9o1oZG1JaM1khh4JQ48dwPKXrLa7Z1+UD4gaPu
UQtBYqyCpohYmzRIfkZo
=SRht
-----END PGP SIGNATURE-----
| VAR-201609-0245 | CVE-2016-4747 | Apple iOS Vulnerability in obtaining email credentials in email |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
Mail in Apple iOS before 10 mishandles certificates, which makes it easier for man-in-the-middle attackers to discover mail credentials via unspecified vectors. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Mail is one of the mail clients. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-13-1 iOS 10
iOS 10 is now available and addresses the following:
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741 : Raul Siles of DinoSec
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719 : Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746 : Antoine M of France
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747 : Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740 : Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749 : an anonymous researcher
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620 : Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX2FJ5AAoJEIOj74w0bLRGa6sQAMPluedIChXWvW/EaZwX/EQ1
cWc7AmcLoWQskymTmN3pzy/WPARDaBFPrMlkGK3KvpB8bvPSFcp+1QI6vUFwLhyV
s3Rj5qlqQmEKlyC53BjxrdcbnHGOFzsApEZ43+awZQnDVOnGPQP+NAgq8HUDxy/g
8BK2kdmj++8bEA6MgwaeMNxjzEDXMALxdFBVD3kPUH2na1Y3aji8LQoaDc0OzsqJ
nNYmuFbJAAsDAhpuN5fQYhCZhXbiNnQ0b+4X9tALwDAAIxU4nDRlCk8wc+S3MkVZ
L78dW+0H0wV1kLyUmjK+sbRjPa56MCd35C3xylDJFVfvWzxjISmGvZvGyXNphQ67
ibbo9NUZArLAGQrXOlY31W5JGegnV2ex6GUmEELsTlPLv3FL5a4sgKVvYY0d9wYz
Awa6GG1IjyeWA776ati/gUQYyfnaNn81ccvOdzm97IKETMn5KX15xdgUN6Amqu5H
J2q56H4zM6HRIqOUOOWHMoVFMmfeH27c8pbgAi2BIrQOw2jlCoxolwuhfkperoN3
iaUpWIhmmqLxyFpYBwNkEs0/rbVo68fCGQ6eHWPdwr8AVs8aYecUtT8yFFEIpZFy
FajGgKdBKrxoXuzNJpBRT3LvZ6tmbEq9u7Lo4DVNNjA5AIgejpyHk3f6OX951a5z
SRLzhSdcnaoOnuDWwk/v
=Mouo
-----END PGP SIGNATURE-----
| VAR-201609-0247 | CVE-2016-4749 | Apple iOS of Printing UIKit Plaintext in AirPrint Vulnerability to get preview content |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Printing UIKit is one of the printing control packages. The vulnerability stems from the program's improper handling of environment variables. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-13-1 iOS 10
iOS 10 is now available and addresses the following:
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741 : Raul Siles of DinoSec
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719 : Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746 : Antoine M of France
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747 : Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740 : Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749 : an anonymous researcher
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620 : Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX2FJ5AAoJEIOj74w0bLRGa6sQAMPluedIChXWvW/EaZwX/EQ1
cWc7AmcLoWQskymTmN3pzy/WPARDaBFPrMlkGK3KvpB8bvPSFcp+1QI6vUFwLhyV
s3Rj5qlqQmEKlyC53BjxrdcbnHGOFzsApEZ43+awZQnDVOnGPQP+NAgq8HUDxy/g
8BK2kdmj++8bEA6MgwaeMNxjzEDXMALxdFBVD3kPUH2na1Y3aji8LQoaDc0OzsqJ
nNYmuFbJAAsDAhpuN5fQYhCZhXbiNnQ0b+4X9tALwDAAIxU4nDRlCk8wc+S3MkVZ
L78dW+0H0wV1kLyUmjK+sbRjPa56MCd35C3xylDJFVfvWzxjISmGvZvGyXNphQ67
ibbo9NUZArLAGQrXOlY31W5JGegnV2ex6GUmEELsTlPLv3FL5a4sgKVvYY0d9wYz
Awa6GG1IjyeWA776ati/gUQYyfnaNn81ccvOdzm97IKETMn5KX15xdgUN6Amqu5H
J2q56H4zM6HRIqOUOOWHMoVFMmfeH27c8pbgAi2BIrQOw2jlCoxolwuhfkperoN3
iaUpWIhmmqLxyFpYBwNkEs0/rbVo68fCGQ6eHWPdwr8AVs8aYecUtT8yFFEIpZFy
FajGgKdBKrxoXuzNJpBRT3LvZ6tmbEq9u7Lo4DVNNjA5AIgejpyHk3f6OX951a5z
SRLzhSdcnaoOnuDWwk/v
=Mouo
-----END PGP SIGNATURE-----
| VAR-201609-0240 | CVE-2016-4740 | Apple iOS Vulnerability in which important information is obtained |
CVSS V2: 1.9 CVSS V3: 2.9 Severity: LOW |
Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
| VAR-201609-0283 | CVE-2016-4719 | Apple iOS and watchOS of GeoServices Vulnerability of obtaining physical location information in components |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The GeoServices component in Apple iOS before 10 and watchOS before 3 does not properly restrict access to PlaceData information, which allows attackers to discover physical locations via a crafted application. This may lead to further attacks. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS and watchOS are both products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Apple watchOS is an operating system for smart watches. GeoServices is one of the service components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-201609-0241 | CVE-2016-4741 | Apple iOS Vulnerabilities that block software updates in asset components |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
The Assets component in Apple iOS before 10 allows man-in-the-middle attackers to block software updates via vectors related to lack of an HTTPS session for retrieving updates. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Assets is one of the library components that supports multi-picture selection. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
| VAR-201609-0244 | CVE-2016-4746 | Apple iOS Vulnerability in obtaining important information in the keyboard component |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information.
Versions prior to iOS 10 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Keyboards is one of the keyboard components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-09-20-3 iOS 10
The iOS 10 advisory has been updated to include additional entries as
noted below.
AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in the task port inheritance
policy. This issue was addressed through improved validation of the
process entitlement and Team ID.
CVE-2016-4698: Pedro VilaASSa
Entry added September 20, 2016
Assets
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
block a device from receiving software updates
Description: An issue existed in iOS updates, which did not properly
secure user communications. This issue was addressed by using HTTPS
for software updates.
CVE-2016-4741: Raul Siles of DinoSec
Audio
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4702: YoungJin Yoon, MinSik Shin, HoJae Han, Sunghyun Park,
and Taekyoung Kwon of Information Security Lab, Yonsei University
Entry added September 20, 2016
Certificate Trust Policy
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/HT204132.
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local user may be able to discover websites a user has
visited
Description: An issue existed in Local Storage deletion. This issue
was addressed through improved Local Storage cleanup.
CVE-2016-4707: an anonymous researcher
Entry added September 20, 2016
CFNetwork
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may compromise
user information
Description: An input validation issue existed in the parsing of the
set-cookie header. This issue was addressed through improved
validation checking.
CVE-2016-4708: Dawid Czagan of Silesia Security Lab
Entry added September 20, 2016
CommonCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application using CCrypt may disclose sensitive plaintext
if the output and input buffer are the same
Description: An input validation issue existed in corecrypto. This
issue was addressed through improved input validation.
CVE-2016-4711: Max Lohrmann
Entry added September 20, 2016
CoreCrypto
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code
Description: An out-of-bounds write issue was addressed by removing
the vulnerable code.
CVE-2016-4712: Gergo Koteles
Entry added September 20, 2016
FontParser
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A buffer overflow existed in the handling of font files.
This issue was addressed through improved bounds checking.
CVE-2016-4718: Apple
Entry added September 20, 2016
GeoServices
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in PlaceData. This issue was
addressed through improved permission validation.
CVE-2016-4719: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
IDS - Connectivity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: A spoofing issue existed in the handling of Call Relay.
This issue was addressed through improved input validation.
CVE-2016-4722: Martin Vigo (@martin_vigo) of salesforce.com
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-2016-4724: Cererdlong, Eakerqiu of Team OverSky
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2016-4725: Rodger Combs of Plex, Inc.
Entry added September 20, 2016
IOAcceleratorFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4726: an anonymous researcher
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A local application may be able to access restricted files
Description: A parsing issue in the handling of directory paths was
addressed through improved path validation.
CVE-2016-4771: Balazs Bucsay, Research Director of MRG Effitas
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A remote attacker may be able to cause a denial of service
Description: A lock handling issue was addressed through improved
lock handling.
CVE-2016-4772: Marc Heuse of mh-sec
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to determine kernel memory layout
Description: Multiple out-of-bounds read issues existed that led to
the disclosure of kernel memory. These were addressed through
improved input validation.
CVE-2016-4773: Brandon Azad
CVE-2016-4774: Brandon Azad
CVE-2016-4776: Brandon Azad
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An untrusted pointer dereference was addressed by
removing the affected code.
CVE-2016-4777: Lufeng Li of Qihoo 360 Vulcan Team
Entry added September 20, 2016
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4778: CESG
Entry added September 20, 2016
Keyboards
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Keyboard auto correct suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed through improved heuristics.
CVE-2016-4746: Antoine M of France
libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Multiple issues in libxml2, the most significant of which may
lead to unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4658: Nick Wellnhofer
CVE-2016-5131: Nick Wellnhofer
Entry added September 20, 2016
libxslt
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4738: Nick Wellnhofer
Entry added September 20, 2016
Mail
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker with a privileged network position may be able to
intercept mail credentials
Description: An issue existed when handling untrusted certificates.
This was addressed by terminating untrusted connections.
CVE-2016-4747: Dave Aitel
Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Messages may be visible on a device that has not signed in to
Messages
Description: An issue existed when using Handoff for Messages. This
issue was resolved via better state management.
CVE-2016-4740: Step Wallace
Printing UIKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An unencrypted document may be written to a temporary file
when using AirPrint preview
Description: An issue existed in AirPrint preview. This was addressed
through improved environment sanitization.
CVE-2016-4749: an anonymous researcher
S2 Camera
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4750: Jack Tang (@jacktang310) and Moony Li of Trend Micro
working with Trend Microas Zero Day Initiative
Entry added September 20, 2016
Safari Reader
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Enabling the Safari Reader feature on a maliciously crafted
webpage may lead to universal cross site scripting
Description: Multiple validation issues were addressed through
improved input sanitization.
CVE-2016-4618: an anonymous researcher
Entry added September 20, 2016
Sandbox Profiles
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to determine whom a user
is texting
Description: An access control issue existed in SMS draft
directories. This issue was addressed by preventing apps from
stat'ing the affected directories.
CVE-2016-4620: Razvan Deaconescu, Mihai Chiroiu (University
POLITEHNICA of Bucharest); Luke Deshotels, William Enck (North
Carolina State University); Lucas Vincenzo Davi, Ahmad-Reza Sadeghi
(TU Darmstadt)
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A validation issue existed in signed disk images. This
issue was addressed through improved size validation.
CVE-2016-4753: Mark Mentovai of Google Inc.
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A parsing issue existed in the handling of error
prototypes. This was addressed through improved validation.
CVE-2016-4728: Daniel Divricean
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: A permissions issue existed in the handling of the
location variable. This was addressed though additional ownership
checks.
CVE-2016-4758: Masato Kinugawa of Cure53
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2016-4611: Apple
CVE-2016-4729: Apple
CVE-2016-4730: Apple
CVE-2016-4731: Apple
CVE-2016-4734: Natalie Silvanovich of Google Project Zero
CVE-2016-4735: AndrA(c) Bargull
CVE-2016-4737: Apple
CVE-2016-4759: Tongbo Luo of Palo Alto Networks
CVE-2016-4762: Zheng Huang of Baidu Security Lab
CVE-2016-4766: Apple
CVE-2016-4767: Apple
CVE-2016-4768: Anonymous working with Trend Micro's Zero Day
Initiative
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A malicious website may be able to access non-HTTP services
Description: Safari's support of HTTP/0.9 allowed cross-protocol
exploitation of non-HTTP services using DNS rebinding. The issue was
addressed by restricting HTTP/0.9 responses to default ports and
canceling resource loads if the document was loaded with a different
HTTP protocol version.
CVE-2016-4760: Jordan Milne
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2016-4733: Natalie Silvanovich of Google Project Zero
CVE-2016-4765: Apple
Entry added September 20, 2016
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
intercept and alter network traffic to applications using WKWebView
with HTTPS
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed through improved validation.
CVE-2016-4763: an anonymous researcher
Entry added September 20, 2016
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJX4XmJAAoJEIOj74w0bLRGF8MP+QE+9R4gRHqm60pjik77U5BQ
QQGDt+VpQrXXCO0OqBiS6d7JLuZz7nBNWp33kRa1McJWgMeeXCOa5z4jlVhD2DPS
dCWPjCFfLqaLJ2YZNkCdo5ugULfmq5R5aEdOnbXHl+b9S6boWNsYl2hlMcrPb9FY
M7pSLyMuKCpXtQwU8XkHcf+YM7zpZCgBgpgKjIZ6wbMdJPtvkqtDmbpZgX69OeuY
Q2imB/Oqgfn741E0Z3qooYPtGIHeGoH3Stonz8vsP6m6Fn24mqQAQ7uJcPc5Vbdv
u04GiraN2wry6V9KAJCvnFbybn80SFum4+7l8zKHFQxVBG8Ns4ugxwMrgxWEhyZD
q4J1S+dVX10Ir7hDOO+O7b2IA/nmriEbgeUnSxEZ/re62xHP6YT2wdUzAUWUd0xp
j3AySRJhi64t1IxRTN3UXReHZgydgU34q6gy38TTie8EIueyLLgnQxDruD/8+Bes
PUTjYC+0cbF8XYcvfGQ9CKgePgkc36sosT/JJxSbtmz8TUHmGPrqh4WxoyriIB+F
Zldb5fn+TR8K8lSqjw8lb40uknHnUFiAtWDbtSh+eulBxzx2jGqWtihhEag6hbSc
2T/a/XpADjza6iXEojtzj5lNWvCT4SClcjvP+31pmd+8T+aqc8AcfgV+aXdUqhdG
nMQ1SmBTu+2VRAwGOc4t
=H/Kd
-----END PGP SIGNATURE-----
.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
| VAR-201609-0437 | CVE-2016-4382 | HPE Performance Center Remote Security Bypass Vulnerability |
CVSS V2: 6.0 CVSS V3: 8.3 Severity: HIGH |
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. HPE Performance Center is a performance load testing software from HP in the United States. This may lead to further attacks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05269356
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05269356
Version: 1
HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
References:
CVE-2016-4382
PSRT110072
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPE Performance Center 11.52, 12.00, 12.01, 12.20, 12.50
BACKGROUND
CVSS Base Metrics
=================
Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-4382
8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has made the following mitigation information available to resolve the
vulnerability for the impacted versions of HPE Performance Center:
https://softwaresupport.hpe.com/km/KM02540472
HISTORY
Version:1 (rev.1) - 12 September 2016 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported
product:
Web form: https://www.hpe.com/info/report-security-vulnerability
Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJX1v/7AAoJEGIGBBYqRO9/dNwIAMzKAgW7+n8Ppr/X2c6DWlE4
Zc2nQ/EV/zP3SxiY4QxRu8IymKf7e0fanREXwEWXA+s1ILFo/Eb+jEQmbDmGZ1SY
V/aOvKU+RAxLfPDZyo08gTPmr2a7baU1QnrNtXRGN3hBHcZ6WrQMCyG0Oo8IJ884
SPDF5rKgHmouCNIRC/xdVEV4F/aWkf1U2mD0Ym7ACFPwqYoaPNEb8yUIAR/+hTNo
GjQf9shnm+4uvNO4SjVaYs5eJydA+sNIlS1wIj6bf2pRzQPyGvmzlDXwl1dTe6eU
V0iKxIiiy+ti6ty0einGm/aXF5pr/6DHuLL1GNVltPrRj1rEMPww5aeBifeWvHk=
=DMdg
-----END PGP SIGNATURE-----
| VAR-201702-0424 | CVE-2016-5809 | plural Schneider Electric of IONXXXX Series and PM5XXX Vulnerability to execute unauthenticated setting change in series power meter |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved. SchneiderElectricIONPowerMeter is an electric energy meter. SchneiderElectricIONPowerMeter has a cross-site request forgery vulnerability. The remote attacker is allowed to exploit the vulnerability to perform certain unauthorized operations and access to the affected device because the program failed to properly validate the HTTP request. are all power quality analysis instruments of French Schneider Electric (Schneider Electric). The vulnerability stems from the program not properly validating HTTP requests
| VAR-201609-0688 | No CVE | Enterprise routing product iKuai white command injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Enterprise router ikuai Xiaobai is an enterprise router of China Quanxun Convergence Network Technology Corporation. There is a command injection vulnerability in the enterprise routing product iKuai Xiaobai 1.3.1 and historical versions. An attacker could exploit this vulnerability to inject arbitrary commands.
| VAR-201609-0693 | No CVE | Enterprise-class flow control routing product iKuai IK-G20 SQL Injection Vulnerability |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The enterprise-class flow control routing IkuaiIK-G20 is an enterprise-class flow control routing of China Quanxun Convergence Network Technology. There is a SQL injection vulnerability in the enterprise-level flow control routing product iKuaiIK-G20iKuai8_2.6.5_Build20160815 and the historical version. An attacker could exploit the vulnerability to obtain an administrator account and password, modify any user password, and write arbitrary data to the file.
| VAR-201609-0699 | No CVE | Enterprise routing product iKuai white SQL injection vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Enterprise router ikuai Xiaobai is an enterprise router of China Quanxun Convergence Network Technology Corporation. SQL injection vulnerability exists in enterprise-level routing products iKuai Xiaobai 1.3.1 and historical versions. An attacker could exploit this vulnerability to inject arbitrary SQL commands.
| VAR-201609-0582 | CVE-2016-6938 | Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255. This vulnerability CVE-2016-4255 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of XObject streams. The issue lies in the failure to properly validate the existence of an object prior to performing operations on it. Failed attacks may cause a denial-of-service condition. Adobe Reader, etc. are all products of Adobe (Adobe) in the United States. Adobe Reader is a free PDF file reader; Acrobat is a PDF file editing and conversion tool; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF
| VAR-201609-0687 | No CVE | Belkin F9K1122v1 'fmmgmt.c' Buffer Overflow Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Belkin F9K1122v1 is a wireless dual-band router product. A buffer overflow vulnerability exists in BelkinF9K1122v11.00.30 version 'fmmgmt.c'. Allows an attacker to exploit a vulnerability to cause a buffer overflow by cross-site request forgery.