VARIoT IoT vulnerabilities database
| VAR-201603-0243 | CVE-2016-1783 | Apple iOS Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities and an unspecified denial-of-service vulnerability.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
libxml2
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1762
Security
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1783 : Mihai Parparita of Google
WebKit History
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
Wi-Fi
Available for: Apple TV (4th generation)
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE
v9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl
xA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE
2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M
B+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h
QW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE
4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ
BL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma
Vua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG
ErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr
lNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL
EKY5qeXLPmBhjG354Sz2
=qtHe
-----END PGP SIGNATURE-----
. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store
| VAR-201603-0218 | CVE-2016-1758 | Apple iOS and Apple OS X Vulnerability in obtaining important memory layout information in the kernel |
CVSS V2: 4.3 CVSS V3: 3.3 Severity: LOW |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. Apple iOS and Mac OS X are prone to multiple remote code-execution vulnerabilities and an information-disclosure vulnerability.
Successful exploits of these issues may allow remote attackers to execute arbitrary code in the context of the kernel or obtain potentially sensitive information. Failed exploits may result in denial-of-service conditions. in the United States. The former is a set of operating systems developed for mobile devices, and the latter is a set of dedicated operating systems developed for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0217 | CVE-2016-1757 | Apple iOS and Apple OS X Kernel kernel arbitrary code execution vulnerability in privileged context |
CVSS V2: 9.3 CVSS V3: 7.0 Severity: HIGH |
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS and Mac OS X are prone to multiple remote code-execution vulnerabilities and an information-disclosure vulnerability. Failed exploits may result in denial-of-service conditions. in the United States. The former is a set of operating systems developed for mobile devices, and the latter is a set of dedicated operating systems developed for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0216 | CVE-2016-1756 | Apple iOS and Apple OS X Kernel kernel arbitrary code execution vulnerability in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple iOS and Mac OS X are prone to multiple remote code-execution vulnerabilities and an information-disclosure vulnerability.
Successful exploits of these issues may allow remote attackers to execute arbitrary code in the context of the kernel or obtain potentially sensitive information. Failed exploits may result in denial-of-service conditions. in the United States. The former is a set of operating systems developed for mobile devices, and the latter is a set of dedicated operating systems developed for Mac computers. Kernel is one of the kernel components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0235 | CVE-2016-1775 | plural Apple Product TrueTypeScaler Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of TTF fonts. The issue lies in the handling of the bdat table. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.3, watchOS 2.2, OS X 10.11.4, and tvOS 9.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. TrueTypeScaler is one of the font file processing components. A security vulnerability exists in the TrueTypeScaler of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0215 | CVE-2016-1755 | plural Apple Vulnerability in the kernel of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.3, watchOS 2.2, OS X 10.11.4, and tvOS 9.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components. There are security vulnerabilities in the kernel of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0206 | CVE-2016-1784 | Apple iOS Used in etc. WebKit Service disruption in the implementation of history (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities and an unspecified denial-of-service vulnerability.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause resource exhaustion; other attacks may also be possible. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. There are security vulnerabilities in the implementation of History in WebKit of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, Safari versions prior to 9.1, and tvOS versions prior to 9.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-3 tvOS 9.2
tvOS 9.2 is now available and addresses the following:
FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: Apple TV (4th generation)
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
libxml2
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1762
Security
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: Apple TV (4th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
Wi-Fi
Available for: Apple TV (4th generation)
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JP8AAoJEBcWfLTuOo7tR/kP/RD4JRXU2YPUzW1uW8wZp/uE
v9ezAlKGUpUwjkRd2CFt7hb1AO1Eic2BSRpmElWmet+LKOmm6E1AUJWzjB/3/8rl
xA/KFLamFu7avei6OZEaRwHAYzCmqE9OZT6PjJNSxNpFhcXsk3pr88Mt+L6QNsVE
2Fvx986a1Y4qlpQBREnfXfOzYKNBHBdO8t0XzjECyWzbB9mXgCx9sgj22Ia/L10M
B+vDQhi55M46NgbImCNp3ix5XD+zHQabLQ/rTtMe3fkWZMa6uCdFRzEac0E7FR/h
QW04J3P+nSiuTWyYddGsFpTs0SPDPhUPa7WwQwOTIOZjHjh9NMyqCediQYbO1FhE
4MqjuQg+vYHljTeAPZQydCqGoTj+sbGQqSg07oa0PVPanNaSZoJPHUnxvnmP/kWQ
BL9UwECdbfjTG65mDHZ9OmDZTLLSZX5FZ03cXd+/VkELRinIO5kMyc3RMIVHlkma
Vua8/5Nh7pcRUoRtw46TJn0pFih6GOyZzow4sonZoUAT/wHQRR5WSJw/aWuwhurG
ErAFG/vUjyKdYDc7o8394kefn1cpl0PbBtpa2IvDcig1dzTF0iWmlhNI8TMeqPQr
lNVS1pW1F8FqMCGFPmBoKaJGJckYz5QI7XCddBhxtBxwDeZS8PjmsQ01MlDe9RaL
EKY5qeXLPmBhjG354Sz2
=qtHe
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store
| VAR-201603-0213 | CVE-2016-1753 | plural Apple Integer overflow vulnerability in product kernel |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app. This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the IOGeneralMemoryDescriptor interface. The issue lies in the failure to test user-supplied input for integer overflow. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.3, watchOS 2.2, OS X 10.11.4, and tvOS 9.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components. An integer overflow vulnerability exists in the kernel of several Apple products.
CVE-ID
CVE-2016-1722 : Joshua J. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0214 | CVE-2016-1754 | plural Apple Vulnerability in the kernel of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.3, watchOS 2.2, OS X 10.11.4, and tvOS 9.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components. There are security vulnerabilities in the kernel of several Apple products.
CVE-ID
CVE-2016-1722 : Joshua J. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0158 | CVE-2016-1750 | plural Apple Vulnerability in the kernel of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.3, watchOS 2.2, OS X 10.11.4, and tvOS 9.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components. A use-after-free vulnerability exists in the kernel of several Apple products.
CVE-ID
CVE-2016-1722 : Joshua J. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0222 | CVE-2016-1762 | libxml2 of xmlNextChar Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 5.8 CVSS V3: 8.1 Severity: HIGH |
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. libxml2 is prone to multiple memory-corruption vulnerabilities.
A remote attacker can leverage these issues to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple iOS, OS X, Safari, tvOS and watchOS are all products of Apple Inc. in the United States. Apple iOS is a set of operating systems developed for mobile devices; Apple OS X is a set of dedicated operating systems developed for Mac computers; and the default browser that comes with the iOS operating system; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in libxml2 of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, OS X versions prior to 10.11.4, Safari versions prior to 9.1, tvOS versions prior to 9.2, and watchOS versions prior to 2.2. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,
CVE-2016-4448, CVE-2016-4449)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2
library must be restarted, or the system rebooted.
5. Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-2.7.6-21.el6_8.1.ppc.rpm
libxml2-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-2.7.6-21.el6_8.1.s390.rpm
libxml2-2.7.6-21.el6_8.1.s390x.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm
libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64:
libxml2-2.9.1-6.el7_2.3.ppc.rpm
libxml2-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-2.9.1-6.el7_2.3.s390.rpm
libxml2-2.9.1-6.el7_2.3.s390x.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm
libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-static-2.9.1-6.el7_2.3.s390.rpm
libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4447
https://access.redhat.com/security/cve/CVE-2016-4448
https://access.redhat.com/security/cve/CVE-2016-4449
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm
ZsVLEgJAF0Zt6xZVzqvVW7U=
=fREV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5755B7E3.5040103@canonical.com>
Subject: [USN-2994-1] libxml2 vulnerabilities
============================================================================
Ubuntu Security Notice USN-2994-1
June 06, 2016
libxml2 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and
Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-4483)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.1
Ubuntu 15.10:
libxml2 2.9.2+zdfsg1-4ubuntu0.4
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.8
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.15
After a standard system update you need to reboot your computer to make
all the necessary changes.
For the stable distribution (jessie), these problems have been fixed in
version 2.9.1+dfsg1-5+deb8u2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6.
Security Fix(es):
* This update fixes several flaws in OpenSSL. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)
as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),
Hanno BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,
CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj
Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom
(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv
University), and Nadia Heninger (University of Pennsylvania) as the
original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as
the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).
After installing the updated packages, the httpd daemon will be restarted
automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
| VAR-201605-0211 | CVE-2016-3627 | libxml2 of tree.c of xmlStringGetNodeList Denial of service in functions (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. Libxml2 is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: libxml2 security update
Advisory ID: RHSA-2016:1292-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2016:1292
Issue date: 2016-06-23
CVE Names: CVE-2016-1762 CVE-2016-1833 CVE-2016-1834
CVE-2016-1835 CVE-2016-1836 CVE-2016-1837
CVE-2016-1838 CVE-2016-1839 CVE-2016-1840
CVE-2016-3627 CVE-2016-3705 CVE-2016-4447
CVE-2016-4448 CVE-2016-4449
=====================================================================
1. Summary:
An update for libxml2 is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The libxml2 library is a development toolbox providing the implementation
of various XML standards.
Security Fix(es):
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. (CVE-2016-1834,
CVE-2016-1840)
Multiple denial of service flaws were found in libxml2.
(CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447,
CVE-2016-4448, CVE-2016-4449)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all applications linked to the libxml2
library must be restarted, or the system rebooted.
5. Bugs fixed (https://bugzilla.redhat.com/):
1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file
1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar
1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral
1338700 - CVE-2016-4448 libxml2: Format string vulnerability
1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey
1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString
1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal
1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup
1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat
1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar
6. Package List:
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-2.7.6-21.el6_8.1.ppc.rpm
libxml2-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc.rpm
libxml2-devel-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-python-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-2.7.6-21.el6_8.1.s390.rpm
libxml2-2.7.6-21.el6_8.1.s390x.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390.rpm
libxml2-devel-2.7.6-21.el6_8.1.s390x.rpm
libxml2-python-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
ppc64:
libxml2-debuginfo-2.7.6-21.el6_8.1.ppc64.rpm
libxml2-static-2.7.6-21.el6_8.1.ppc64.rpm
s390x:
libxml2-debuginfo-2.7.6-21.el6_8.1.s390x.rpm
libxml2-static-2.7.6-21.el6_8.1.s390x.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
libxml2-2.7.6-21.el6_8.1.src.rpm
i386:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-python-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-2.7.6-21.el6_8.1.i686.rpm
libxml2-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-devel-2.7.6-21.el6_8.1.i686.rpm
libxml2-devel-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-python-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
libxml2-debuginfo-2.7.6-21.el6_8.1.i686.rpm
libxml2-static-2.7.6-21.el6_8.1.i686.rpm
x86_64:
libxml2-debuginfo-2.7.6-21.el6_8.1.x86_64.rpm
libxml2-static-2.7.6-21.el6_8.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
ppc64:
libxml2-2.9.1-6.el7_2.3.ppc.rpm
libxml2-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-devel-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-python-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-2.9.1-6.el7_2.3.s390.rpm
libxml2-2.9.1-6.el7_2.3.s390x.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390.rpm
libxml2-devel-2.9.1-6.el7_2.3.s390x.rpm
libxml2-python-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64.rpm
ppc64le:
libxml2-debuginfo-2.9.1-6.el7_2.3.ppc64le.rpm
libxml2-static-2.9.1-6.el7_2.3.ppc64le.rpm
s390x:
libxml2-debuginfo-2.9.1-6.el7_2.3.s390.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.s390x.rpm
libxml2-static-2.9.1-6.el7_2.3.s390.rpm
libxml2-static-2.9.1-6.el7_2.3.s390x.rpm
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
libxml2-2.9.1-6.el7_2.3.src.rpm
x86_64:
libxml2-2.9.1-6.el7_2.3.i686.rpm
libxml2-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-devel-2.9.1-6.el7_2.3.i686.rpm
libxml2-devel-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
libxml2-debuginfo-2.9.1-6.el7_2.3.i686.rpm
libxml2-debuginfo-2.9.1-6.el7_2.3.x86_64.rpm
libxml2-static-2.9.1-6.el7_2.3.i686.rpm
libxml2-static-2.9.1-6.el7_2.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2016-1762
https://access.redhat.com/security/cve/CVE-2016-1833
https://access.redhat.com/security/cve/CVE-2016-1834
https://access.redhat.com/security/cve/CVE-2016-1835
https://access.redhat.com/security/cve/CVE-2016-1836
https://access.redhat.com/security/cve/CVE-2016-1837
https://access.redhat.com/security/cve/CVE-2016-1838
https://access.redhat.com/security/cve/CVE-2016-1839
https://access.redhat.com/security/cve/CVE-2016-1840
https://access.redhat.com/security/cve/CVE-2016-3627
https://access.redhat.com/security/cve/CVE-2016-3705
https://access.redhat.com/security/cve/CVE-2016-4447
https://access.redhat.com/security/cve/CVE-2016-4448
https://access.redhat.com/security/cve/CVE-2016-4449
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFXa8B8XlSAg2UNWIIRAh9ZAJ99xgPhOaIopIxmynm+vlDcmw4jFACeLvTm
ZsVLEgJAF0Zt6xZVzqvVW7U=
=fREV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201701-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxml2: Multiple vulnerabilities
Date: January 16, 2017
Bugs: #564776, #566374, #572878, #573820, #577998, #582538,
#582540, #583888, #589816, #597112, #597114, #597116
ID: 201701-37
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in libxml2, the worst of which
could lead to the execution of arbitrary code.
Background
==========
libxml2 is the XML (eXtended Markup Language) C parser and toolkit
initially developed for the Gnome project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.4-r1 >= 2.9.4-r1
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.4-r1"
References
==========
[ 1 ] CVE-2015-1819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1819
[ 2 ] CVE-2015-5312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5312
[ 3 ] CVE-2015-7497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7497
[ 4 ] CVE-2015-7498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7498
[ 5 ] CVE-2015-7499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7499
[ 6 ] CVE-2015-7500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7500
[ 7 ] CVE-2015-7941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7941
[ 8 ] CVE-2015-7942
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7942
[ 9 ] CVE-2015-8035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8035
[ 10 ] CVE-2015-8242
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8242
[ 11 ] CVE-2015-8806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8806
[ 12 ] CVE-2016-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1836
[ 13 ] CVE-2016-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1838
[ 14 ] CVE-2016-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1839
[ 15 ] CVE-2016-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1840
[ 16 ] CVE-2016-2073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2073
[ 17 ] CVE-2016-3627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3627
[ 18 ] CVE-2016-3705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3705
[ 19 ] CVE-2016-4483
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4483
[ 20 ] CVE-2016-4658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4658
[ 21 ] CVE-2016-5131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-37
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5755B7E3.5040103@canonical.com>
Subject: [USN-2994-1] libxml2 vulnerabilities
============================================================================
Ubuntu Security Notice USN-2994-1
June 06, 2016
libxml2 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in libxml2. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled certain
malformed documents. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and
Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external entities. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain
malformed documents. (CVE-2016-4483)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libxml2 2.9.3+dfsg1-1ubuntu0.1
Ubuntu 15.10:
libxml2 2.9.2+zdfsg1-4ubuntu0.4
Ubuntu 14.04 LTS:
libxml2 2.9.1+dfsg1-3ubuntu4.8
Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.15
After a standard system update you need to reboot your computer to make
all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05157239
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05157239
Version: 2
HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager
using libXML2 library, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-06-09
Last Updated: 2016-06-09
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY
Security vulnerabilities in the libXML2 library could potentially impact HPE
IceWall Federation Agent and IceWall File Manager resulting in Remote Denial
of Service (DoS).
References:
- CVE-2016-3627
- CVE-2016-3705
- PSRT110132
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- IceWall Federation Agent 3.0 using libXML2
- IceWall File Manager 3.0 using libXML2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2016-3627 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2016-3705 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE recommends applying the latest OS vendor security patches for libXML2 to
resolve the vulnerabilities in the libXML2 library.
HISTORY
Version:1 (rev.1) - 9 June 2016 Initial release
Version:2 (rev.2) - 9 June 2016 Corrected content
Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported
product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
For the stable distribution (jessie), these problems have been fixed in
version 2.9.1+dfsg1-5+deb8u2. Description:
This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a
replacement for JBoss Core Services Apache HTTP Server 2.4.6.
Security Fix(es):
* This update fixes several flaws in OpenSSL. (CVE-2016-1762,
CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,
CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,
CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)
* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,
CVE-2016-7141)
* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)
* This update fixes two flaws in mod_cluster. (CVE-2016-4459,
CVE-2016-8612)
* A buffer overflow flaw when concatenating virtual host names and URIs was
fixed in mod_jk. (CVE-2016-6808)
* A memory leak flaw was fixed in expat. Upstream acknowledges Stephen Henson (OpenSSL development team)
as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),
Hanno BAPck, and David Benjamin (Google) as the original reporters of
CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,
CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj
Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom
(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv
University), and Nadia Heninger (University of Pennsylvania) as the
original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as
the original reporter of CVE-2016-0705.
See the corresponding CVE pages linked to in the References section for
more information about each of the flaws listed in this advisory. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).
After installing the updated packages, the httpd daemon will be restarted
automatically. JIRA issues fixed (https://issues.jboss.org/):
JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]
JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service
6
| VAR-201603-0242 | CVE-2016-1782 | Apple iOS and Safari Used in etc. WebKit Vulnerable to port restrictions |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. Apple iOS and Safari Used in etc. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit for Apple iOS versions prior to 9.3 and Safari versions prior to 9.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles
attachment URLs, which makes it easier for remote web servers to
track users via unspecified vectors.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0240 | CVE-2016-1780 | Apple iOS Used in etc. WebKit Vulnerabilities in which important information about the physical environment of devices is obtained |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. Apple iOS Used in etc. WebKit is prone to an information-disclosure vulnerability.
Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions prior to Apple iOS 9.3
| VAR-201603-0239 | CVE-2016-1779 | Apple iOS and Safari Used in etc. WebKit Vulnerabilities that bypass the same origin policy |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request. Apple iOS and Safari Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions of Apple Safari prior to 9.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0241 | CVE-2016-1781 | Apple iOS and Safari Used in etc. WebKit User-tracked vulnerability |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. Apple iOS and Safari Used in etc. Webkit Is attached URL Vulnerabilities that allow users to be tracked due to mishandling of. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlRemote Web The server may be able to track you. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit versions of Apple Safari prior to 9.1 due to the program's incorrect handling of URLs for attachments. Attackers can exploit this vulnerability to track sensitive user information through a specially crafted Web site. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not
properly restrict redirects that specify a TCP port number, which
allows remote attackers to bypass intended port restrictions via a
crafted web site.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
The Page Loading implementation in WebKit in Apple iOS before 9.3
and Safari before 9.1 mishandles character encoding during access to
cached data, which allows remote attackers to bypass the Same Origin
Policy and obtain sensitive information via a crafted web site.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
The Page Loading implementation in WebKit in Apple iOS before 9.3
and Safari before 9.1 mishandles HTTP responses with a 3xx (aka
redirection) status code, which allows remote attackers to spoof the
displayed URL, bypass the Same Origin Policy, and obtain sensitive
cached information via a crafted web site.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0236 | CVE-2016-1776 | Apple OS X Server of Web Vulnerability in server where important setting information is obtained |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party HTTP Important setting information may be obtained through a request. Apple Mac OS X Server is prone to the following security vulnerabilities:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
An attacker can leverage these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Web Server is one of the Web servers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-7 OS X Server 5.1
OS X Server 5.1 is now available and addresses the following:
Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions enabled
Description: An issue in Time Machine server did not properly warn
administrators if permissions were ignored when performing a server
backup. This issue was addressed through improved warnings.
CVE-ID
CVE-2016-1774 : CJKApps
Web Server
Available for: OS X Yosemite v10.10.5 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: RC4 was removed as a supported cipher. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2016-1776 : Shawn Pullum of University of California, Irvine
Wiki Server
Available for: OS X Yosemite v10.10.5 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An access issue existed in some Wiki pages. This issue
was addressed through improved access restrictions.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQQAAoJEBcWfLTuOo7txasP/RcVgQ2t03szn0LLt0PSFjD9
PZg339iTYRk7sCHyNYwEnBeqdyDuO3005d4yaZ2R2OAI8Q806DJSpcTMG8Nu3sm3
xXceiVb/k+sRzh0nJaSHSVkw2GRzElsm5i6b3yFndeVnXF9eDphrjTeV2MFvoTRl
t2Ml6IiTu944yJlh/NOmdjQZ+Uc2I+REDbUimeCMJVuuVmtd9UNS5VesC5u1BHyb
bDmrd+pazmEjGwWwvxTE4raN7o/st7ZV2uxcjl8/73b/lVy9wBR/J4sxltyWNnm8
PJKbn/J5t8+tqKHupVvOuj4L6GnsOe154oL7bbOmrAhkVBeqBSdUBe9eQNIH0ji3
YwUdyDb3Wy1SyVNvN69tTd+ICTyh7XQQWMUTqV3xgp6tNJ19FXPdv9K/E55n62kw
alfIzLhRafLV7NzUbAgsY8iuC6b3YTd9EJM0mDuh8hlTWYRC7N8HEtyxe4hAhfuO
wMy1sRXWAiTBIZRJKL8KgAiIf7GdyKOvhgfcoL3dEGe5lw2Z9DCHyRihMOWFo2/Q
LsJTxV9grMWN4WJLAm0h9z6AVbIELpRp4HBiq95ndaWm7bZbj6tFCRXvQaMerPut
kuXD3izfEVZvtCSs7i4HKPgZLRgFRd687yVYeTSx2nyhOIeKd+tTfmUjMEw06PaT
9p0+e+mVlJlCmWiFIwsu
=nxck
-----END PGP SIGNATURE-----
| VAR-201603-0233 | CVE-2016-1773 | Apple OS X Vulnerabilities in the presence of arbitrary files in the code signing subsystem |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable
| VAR-201603-0234 | CVE-2016-1774 | Apple OS X Server of Server App of Time Machine Vulnerability in server where important information is obtained |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlIf a third party reads unlimited backup data, important information may be obtained. Apple Mac OS X Server is prone to the following security vulnerabilities:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
An attacker can leverage these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Server App is a set of server management tools. Time Machine is one of the system backup software components. The vulnerability stems from the fact that the program does not notify the user of the ignored permissions when backing up. This issue was addressed through improved warnings.
CVE-ID
CVE-2016-1774 : CJKApps
Web Server
Available for: OS X Yosemite v10.10.5 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: RC4 was removed as a supported cipher.
CVE-ID
CVE-2016-1777 : Pepi Zawodsky
Web Server
Available for: OS X Yosemite v10.10.5 and later
Impact: A remote user may be able to view sensitive configuration
information
Description: A file access issue existed in Apache with .DS_Store
and .htaccess files. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2016-1776 : Shawn Pullum of University of California, Irvine
Wiki Server
Available for: OS X Yosemite v10.10.5 and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An access issue existed in some Wiki pages. This issue
was addressed through improved access restrictions.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQQAAoJEBcWfLTuOo7txasP/RcVgQ2t03szn0LLt0PSFjD9
PZg339iTYRk7sCHyNYwEnBeqdyDuO3005d4yaZ2R2OAI8Q806DJSpcTMG8Nu3sm3
xXceiVb/k+sRzh0nJaSHSVkw2GRzElsm5i6b3yFndeVnXF9eDphrjTeV2MFvoTRl
t2Ml6IiTu944yJlh/NOmdjQZ+Uc2I+REDbUimeCMJVuuVmtd9UNS5VesC5u1BHyb
bDmrd+pazmEjGwWwvxTE4raN7o/st7ZV2uxcjl8/73b/lVy9wBR/J4sxltyWNnm8
PJKbn/J5t8+tqKHupVvOuj4L6GnsOe154oL7bbOmrAhkVBeqBSdUBe9eQNIH0ji3
YwUdyDb3Wy1SyVNvN69tTd+ICTyh7XQQWMUTqV3xgp6tNJ19FXPdv9K/E55n62kw
alfIzLhRafLV7NzUbAgsY8iuC6b3YTd9EJM0mDuh8hlTWYRC7N8HEtyxe4hAhfuO
wMy1sRXWAiTBIZRJKL8KgAiIf7GdyKOvhgfcoL3dEGe5lw2Z9DCHyRihMOWFo2/Q
LsJTxV9grMWN4WJLAm0h9z6AVbIELpRp4HBiq95ndaWm7bZbj6tFCRXvQaMerPut
kuXD3izfEVZvtCSs7i4HKPgZLRgFRd687yVYeTSx2nyhOIeKd+tTfmUjMEw06PaT
9p0+e+mVlJlCmWiFIwsu
=nxck
-----END PGP SIGNATURE-----
| VAR-201603-0232 | CVE-2016-1772 | Apple Safari of Top Sites User-tracked vulnerability in functionality |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors. Apple Safari is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, cause a denial-of-service condition or bypass security restrictions and perform unauthorized actions. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Safari Top Sites is one of the components that automatically tracks viewed web pages and places them in the home view based on frequency of use. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----