VARIoT IoT vulnerabilities database
| VAR-201603-0230 | CVE-2016-1770 | Apple OS X Vulnerabilities that bypass the user confirmation request in the reminder component |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy the attacker, tel: URL Via the user confirmation request may be avoided and dialing may be triggered. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. Reminders is one of the application components used to set various reminders. A security vulnerability exists in Reminders versions of Apple iOS prior to 10.11.4
| VAR-201603-0229 | CVE-2016-1769 | Apple OS X of QuickTime Vulnerabilities in arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. QuickTime is one of the multimedia playback components
| VAR-201603-0231 | CVE-2016-1771 | Apple Safari Service operation interruption in the download function (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: 6.5 Severity: MEDIUM |
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmSkillfully crafted by a third party Web Service disruption through the site (DoS) There is a possibility of being put into a state.
An attacker can exploit this issue to crash the affected application,denying service to legitimate users. Apple Safari is prone to multiple security vulnerabilities.
Attackers can exploit these issues to obtain sensitive information, cause a denial-of-service condition or bypass security restrictions and perform unauthorized actions. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Safari Downloads is one of the download management plugins. An attacker could use a specially crafted webpage to exploit this vulnerability to cause a denial of service.'OnWindowRemovingFromRootWindow' in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome 32.0.1700.75 and earlier on Windows and Google Chrome 32.0.1700.76 and earlier on Mac OS X and . -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0228 | CVE-2016-1768 | Apple OS X of QuickTime Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. QuickTime is one of the multimedia playback components
| VAR-201603-0227 | CVE-2016-1767 | Apple OS X of QuickTime Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. QuickTime is one of the multimedia playback components
| VAR-201603-0225 | CVE-2016-1765 | Apple Xcode of otool Vulnerability gained in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
A remote attacker can leverage this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. otool is one of the decompilation tools for Mac OS X applications. A security vulnerability exists in otool in versions prior to Apple Xcode 7.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-4 Xcode 7.3
Xcode 7.3 is now available and addresses the following:
otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1765 : Proteas of Qihoo 360 Nirvan Team and Will Estes
(@squiffy)
subversion
Available for: OS X El Capitan v10.11 and later
Impact: A malicious server may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in subversion versions
prior to 1.7.21, the most serious of which may have led to remote
code execution. These were addressed by updating subversion to
version 1.7.22.
CVE-ID
CVE-2015-3184 : C. Michael Pilato, CollabNet
CVE-2015-3187 : C. Michael Pilato, CollabNet
Xcode 7.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.3".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQAAAoJEBcWfLTuOo7tO6gQAJAW+kXp0TuFMDT6xHo2YVIq
OiRdtYYsaQ0vLXHhDFQP+8uXPSz6KnunxKYZhA3JsSIjXZcv+O0Vw9hP/5A3/nj8
vXYCFmVW9m7rse4k7m117PYdPuKuWtAvDU19b7B2/vPsrv1R6C5R+jZj7hi9Vp2T
4Vx4oLeXCAhzpuDNfvtnyI756b8j63si2eSMSIPp+smQl4RKWtEJEAX5yHkDpeyl
cuCHiEbwx4+UomEp5jpOPGjcmohjpTrbBJE8hH/k6W85bBj+rhBPJoBAYafW7nHt
6uokIgZtU59ZEAwC8hme0vzApINfslV1fiJk1HN/rP6Cp+ptdIZGL8zydmzIh7yq
gEnfcEEhD2TTkJYnt22l42ZtCDsGJkFBF/r77EHmYWUJfmR4a4Jismp4sGGPgZ12
OitRfBzojK1+Ah6tkYV2LKIfjstprBTRZdz0XKQtjgAwfgktAalrWiibZs2zBNF5
UfZKAsM3Qc9RBK5pNQpGMlrHQtnFdD74Df4TYRlSuKZRO5DLr0STDeHXQfn4Ti/9
8+ZifqggFuWBfh5es4EFdcpxRRqWI9OKOdgQ0Oc5tXwIyAlOshxNuP3qAgVQzwwd
COicsW/1HsUoaopDuf+bzDcJPL/L9H3SRYfg4S/uv5JOjoaPr0pQC8mUfR25dZAw
cU0NiqyyiqU1H29UaU50
=9aiD
-----END PGP SIGNATURE-----
| VAR-201603-0224 | CVE-2016-1764 | Apple OS X Vulnerability in Important Information Acquisition in Content Security Policy Implementation of Message |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. Messages is one of the application components for sending texts, photos and videos. Attackers can exploit this vulnerability through JavaScript links to leak sensitive user information
| VAR-201603-0238 | CVE-2016-1778 | Apple iOS and Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple iOS and Safari Used in etc. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of events. The issue lies in the processing of the dispatchEvent function. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0226 | CVE-2016-1766 | Apple iOS In the profile component of MDM Vulnerabilities that spoof profile trust relationships |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of signed MDM profiles. The issue lies in the failure to properly check the certificate chain. Apple iOS is prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. Profiles is one of the configuration file components. A security vulnerability exists in Apple iOS versions prior to 9.3 Profiles. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0223 | CVE-2016-1763 | Apple iOS Vulnerability in which important information is obtained in messages |
CVSS V2: 3.5 CVSS V3: 3.5 Severity: LOW |
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. Apple iOS is prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. Messages is one of the application components for sending texts, photos and videos. A security vulnerability exists in Messages in versions prior to Apple iOS 9.3. The vulnerability stems from the program not determining that the autofill action is applicable to the given message thread. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0219 | CVE-2016-1759 | Apple OS X Kernel kernel arbitrary code execution vulnerability in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X is prone to multiple memory-corruption vulnerabilities.
Attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition. Kernel is one of the kernel components
| VAR-201603-0220 | CVE-2016-1760 | Apple iOS of LaunchServices of XPC Services API Vulnerable to circumventing event handler restrictions |
CVSS V2: 2.1 CVSS V3: 6.2 Severity: MEDIUM |
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlThrough a crafted application by an attacker, Event handler restrictions could be bypassed and any application event could be modified. Apple iOS is prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. LaunchServices is one of the components that uses a running application to open other applications or documents. The XPC Services API is one of the components that provides a lightweight mechanism for integrating GCD and launchd's basic interprocess communication. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0221 | CVE-2016-1761 | plural Apple Product libxml2 Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of XML files. The issue lies in the handling of ENTITY declarations that reference unsupported protocols. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple Mac OS X, iOS and WatchOS are prone to multiple memory corruption vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple watchOS is a smart watch operating system. Libxml2 is one of the function library components based on C language for parsing XML documents. A security vulnerability exists in libxml2 of several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.3, OS X versions prior to 10.11.4, and watchOS versions prior to 2.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0210 | CVE-2016-1788 | plural Apple Vulnerability in reading message attachments in product messages |
CVSS V2: 2.6 CVSS V3: 5.9 Severity: MEDIUM |
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. Apple Mac OS X, iOS and WatchOS are prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
Note: This issue was previously titled 'Apple iOS Weak Encryption Security Bypass Vulnerability'. The title has been changed to better reflect the vulnerability information. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. Messages is one of the application components for sending texts, photos and videos. There are security vulnerabilities in Messages of many Apple products. The vulnerability stems from the incorrect implementation of the encryption protection mechanism in the program. The following products and versions are affected: Apple iOS versions prior to 9.3, OS X versions prior to 10.11.4, and watchOS versions prior to 2.2
| VAR-201603-0209 | CVE-2016-1787 | Apple OS X Server of Wiki On the server Wiki Vulnerability that can retrieve important information from the page |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. Apple Mac OS X Server is prone to the following security vulnerabilities:
1. Multiple security-bypass vulnerabilities
2. Multiple information-disclosure vulnerabilities
An attacker can leverage these issues to obtain sensitive information, bypass security restrictions and perform unauthorized actions. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. Wiki Server is one of the web-based services that provides functions such as wikis, blogs, calendars, and contacts. An attacker could exploit this vulnerability to disclose sensitive user information with elevated privileges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-7 OS X Server 5.1
OS X Server 5.1 is now available and addresses the following:
Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions enabled
Description: An issue in Time Machine server did not properly warn
administrators if permissions were ignored when performing a server
backup. This issue was addressed through improved warnings.
CVE-ID
CVE-2016-1774 : CJKApps
Web Server
Available for: OS X Yosemite v10.10.5 and later
Impact: An attacker may be able to exploit weaknesses in the RC4
cryptographic algorithm
Description: RC4 was removed as a supported cipher.
CVE-ID
CVE-2016-1777 : Pepi Zawodsky
Web Server
Available for: OS X Yosemite v10.10.5 and later
Impact: A remote user may be able to view sensitive configuration
information
Description: A file access issue existed in Apache with .DS_Store
and .htaccess files. This issue was addressed through improved access
restrictions. This issue
was addressed through improved access restrictions.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQQAAoJEBcWfLTuOo7txasP/RcVgQ2t03szn0LLt0PSFjD9
PZg339iTYRk7sCHyNYwEnBeqdyDuO3005d4yaZ2R2OAI8Q806DJSpcTMG8Nu3sm3
xXceiVb/k+sRzh0nJaSHSVkw2GRzElsm5i6b3yFndeVnXF9eDphrjTeV2MFvoTRl
t2Ml6IiTu944yJlh/NOmdjQZ+Uc2I+REDbUimeCMJVuuVmtd9UNS5VesC5u1BHyb
bDmrd+pazmEjGwWwvxTE4raN7o/st7ZV2uxcjl8/73b/lVy9wBR/J4sxltyWNnm8
PJKbn/J5t8+tqKHupVvOuj4L6GnsOe154oL7bbOmrAhkVBeqBSdUBe9eQNIH0ji3
YwUdyDb3Wy1SyVNvN69tTd+ICTyh7XQQWMUTqV3xgp6tNJ19FXPdv9K/E55n62kw
alfIzLhRafLV7NzUbAgsY8iuC6b3YTd9EJM0mDuh8hlTWYRC7N8HEtyxe4hAhfuO
wMy1sRXWAiTBIZRJKL8KgAiIf7GdyKOvhgfcoL3dEGe5lw2Z9DCHyRihMOWFo2/Q
LsJTxV9grMWN4WJLAm0h9z6AVbIELpRp4HBiq95ndaWm7bZbj6tFCRXvQaMerPut
kuXD3izfEVZvtCSs7i4HKPgZLRgFRd687yVYeTSx2nyhOIeKd+tTfmUjMEw06PaT
9p0+e+mVlJlCmWiFIwsu
=nxck
-----END PGP SIGNATURE-----
| VAR-201603-0212 | CVE-2016-1752 | plural Apple Service disruption in the product kernel (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. plural Apple Product kernel has a service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operations through a specially crafted application by an attacker (DoS) There is a possibility of being put into a state. Apple Mac OS X, watchOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code or cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. Kernel is one of the kernel components.
CVE-ID
CVE-2016-1722 : Joshua J. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-1 iOS 9.3
iOS 9.3 is now available and addresses the following:
AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
data from USB devices. This issue was addressed through improved
input validation.
CVE-ID
CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with
Trend Micro's Zero Day Initiative (ZDI)
HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple vulnerabilities existed in nghttp2 versions
prior to 1.6.0, the most serious of which may have led to remote code
execution. These were addressed by updating nghttp2 to version 1.6.0.
CVE-ID
CVE-2015-8659
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1748 : Brandon Azad
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through
improved validation.
CVE-ID
CVE-2016-1752 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed through improved
memory management.
CVE-ID
CVE-2016-1750 : CESG
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple integer overflows were addressed through
improved input validation.
CVE-ID
CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero
Day Initiative (ZDI)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to bypass code signing
Description: A permissions issue existed in which execute permission
was incorrectly granted. This issue was addressed through improved
permission validation.
CVE-ID
CVE-2016-1751 : Eric Monti of Square Mobile Security
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition existed during the creation of new
processes. This was addressed through improved state handling.
CVE-ID
CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaça
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A null pointer dereference was addressed through
improved input validation.
CVE-ID
CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2016-1755 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-ID
CVE-2016-1758 : Brandon Azad
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to modify events from other
applications
Description: An event handler validation issue existed in the XPC
Services API. This issue was addressed through improved message
validation.
CVE-ID
CVE-2016-1760 : Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-1819
CVE-2015-5312 : David Drysdale of Google
CVE-2015-7499
CVE-2015-7500 : Kostya Serebryany of Google
CVE-2015-7942 : Kostya Serebryany of Google
CVE-2015-8035 : gustavo.grieco
CVE-2015-8242 : Hugh Davenport
CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1762
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may auto-fill text
into other Message threads
Description: An issue existed in the parsing of SMS URLs. This issue
was addressed through improved URL validation.
CVE-ID
CVE-2016-1763 : CityTog
Messages
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who is able to bypass Apple's certificate
pinning, intercept TLS connections, inject messages, and record
encrypted attachment-type messages may be able to read attachments
Description: A cryptographic issue was addressed by rejecting
duplicate messages on the client.
CVE-ID
CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,
Ian Miers, and Michael Rushanan of Johns Hopkins University
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An untrusted MDM profile may be incorrectly displayed as
verified
Description: A certificate validation issue existed in MDM profiles.
This was addressed through additional checks.
CVE-ID
CVE-2016-1766 : Taylor Boyko working with Trend Micro's Zero Day
Initiative (ZDI)
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue existed in the ASN.1 decoder.
This issue was addressed through improved input validation.
CVE-ID
CVE-2016-1950 : Francis Gabriel of Quarkslab
TrueTypeScaler
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1781 : Devdatta Akhawe of Dropbox, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to track sensitive user information
Description: A hidden web page may be able to access device-
orientation and device-motion data. This issue was addressed by
suspending the availability of this data when the web view is hidden.
CVE-ID
CVE-2016-1780 : Maryam Mehrnezhad, Ehsan Toreini, Siamak F.
Shahandashti, and Feng Hao of the School of Computing Science,
Newcastle University, UK
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
CVE-ID
CVE-2016-1782 : Muneaki Nishimura (nishimunea) of Recruit
Technologies Co.,Ltd.
WebKit History
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
WebKit Page Loading
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
Wi-Fi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: A frame validation and memory corruption issue existed
for a given ethertype. This issue was addressed through additional
ethertype validation and improved memory handling.
CVE-ID
CVE-2016-0801 : an anonymous researcher
CVE-2016-0802 : an anonymous researcher
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.3 ".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JPyAAoJEBcWfLTuOo7tWzQP/i8AwdkoE9uvhfe5X5p1yDxr
YVcAkvHAgWzNee9Tvc6ERa2KWdOkmbVRGzySyG62lhGnrUTSMtlCs0/Bp/Ui5p65
FF2viREhDJNA83WZcsFP0ELZVJ5VwUv6BJR0L0ERn7QSfaftAwVSFmyHHURA7rGj
IRQWnwD6IOblI0veLXjJjN8nPY2ueAzVvyv5mD8c4MdCxwxZNi2X9ugtIBBbZr6Y
arjAVh/wfB0m+f50feDaPvo/8mZDn1UwrDu0YPtGDmGebgX17TE39q0YgOFf0uXv
HzA0S1+mDURGR3h+7wpyO25+uOPHyGkeIA1GVISA2O7pmHKTcY5pvWC4zyIsDfRC
ziI4AIml9ySY7nIltuUWeUdO81nHrjvEtXyWZ6VBH4Dah4yne80B04UGgLIzD1ON
hTlTySVnMBJ8+N0g+e3ldGTuf49ISEKh9s6u+ABtBi9+sDSiWxGIkvNuZN37522O
dK4MsAZIffxbKo2DuJxiWrfIzhAOO3rZbRD8oFkOtKh5QHlS1eOBlN29U9S1Cq+P
jZ/sffscri8q9m8KUx4a+1HG3N6TDIJtIz7/jJyTld2Aw+1JAlU4DG41t1lkEs6S
41wah3j9YrqXCp2uc3JmcI6k2XW2pj73T9Mqqz5e/xk2sfwnJ299dAK7vXkGR3ix
Fg29LzTb0eQ9Ub1Mkn5E
=Ouex
-----END PGP SIGNATURE-----
| VAR-201603-0207 | CVE-2016-1785 | Apple iOS and Safari Used in etc. WebKit Vulnerabilities that bypass the same origin policy in a page load implementation |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. Apple iOS and Safari Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is a security vulnerability in the Page Loading implementation of WebKit in versions prior to Apple iOS 9.3 and Safari versions prior to 9.1. The vulnerability stems from incorrect handling of character encoding when the program accesses cached data. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles
attachment URLs, which makes it easier for remote web servers to
track users via unspecified vectors.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0208 | CVE-2016-1786 | Apple iOS and Safari Used in etc. WebKit Vulnerabilities that bypass the same origin policy in a page load implementation |
CVSS V2: 5.8 CVSS V3: 5.4 Severity: MEDIUM |
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site. Apple iOS and Safari Used in etc. WebKit is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, conduct phishing attacks, and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. There is a security vulnerability in the Page Loading implementation of WebKit in versions prior to Apple iOS 9.3 and Safari versions prior to 9.1. The vulnerability stems from the fact that the program does not correctly handle HTTP responses with 3xx status codes. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------
Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory URL : http://webkitgtk.org/security/WSA-2016-0003.html
CVE identifiers : CVE-2016-1778, CVE-2016-1779, CVE-2016-1781,
CVE-2016-1782, CVE-2016-1783, CVE-2016-1785,
CVE-2016-1786.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2016-1778
Versions affected: WebKitGTK+ before 2.10.5.
Credit to 0x1byte working with Trend Micro's Zero Day Initiative
(ZDI).
CVE-2016-1779
Versions affected: WebKitGTK+ before 2.10.5.
Credit to xisigr of Tencent's Xuanwu Lab (http://www.tencent.com).
CVE-2016-1781
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Devdatta Akhawe of Dropbox, Inc.
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles
attachment URLs, which makes it easier for remote web servers to
track users via unspecified vectors.
CVE-2016-1782
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Muneaki Nishimura (nishimunea) of Recruit Technologies
Co.,Ltd.
CVE-2016-1783
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Mihai Parparita of Google.
CVE-2016-1785
Versions affected: WebKitGTK+ before 2.10.5.
Credit to an anonymous researcher.
CVE-2016-1786
Versions affected: WebKitGTK+ before 2.10.5.
Credit to ma.la of LINE Corporation.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
March 31, 2016
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2016-03-21-6 Safari 9.1
Safari 9.1 is now available and addresses the following:
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead to unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1762
Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue existed where the text of a dialog included
page-supplied text. This issue was addressed by no longer including
that text.
CVE-ID
CVE-2009-2197 : Alexios Fakos of n.runs AG
Safari Downloads
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted webpage may lead to a system
denial of service
Description: An insufficient input validation issue existed in the
handling of certain files. This was addressed through additional
checks during file expansion.
CVE-ID
CVE-2016-1771 : Russ Cox
Safari Top Sites
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: A cookie storage issue existed in the Top Sites page.
This issue was addressed through improved state management.
CVE-ID
CVE-2016-1772 : WoofWagly
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A website may be able to track sensitive user information
Description: An issue existed in the handling of attachment URLs.
This issue was addressed through improved URL handling.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-ID
CVE-2016-1778 : 0x1byte working with Trend Micro's Zero Day
Initiative (ZDI)
CVE-2016-1783 : Mihai Parparita of Google
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may be able to access restricted ports
on arbitrary servers
Description: A port redirection issue was addressed through
additional port validation.
WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a maliciously crafted website may reveal a user's
current location
Description: An issue existed in the parsing of geolocation
requests. This was addressed through improved validation of the
security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab
(http://www.tencent.com)
WebKit History
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-ID
CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of
无声信息技术PKAV Team (PKAV.net)
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: A malicious website may exfiltrate data cross-origin
Description: A caching issue existed with character encoding. This
was addressed through additional request checking.
CVE-ID
CVE-2016-1785 : an anonymous researcher
WebKit Page Loading
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: Redirect responses may have allowed a malicious website
to display an arbitrary URL and read cached contents of the
destination origin. This issue was addressed through improved URL
display logic.
CVE-ID
CVE-2016-1786 : ma.la of LINE Corporation
Installation note:
Safari 9.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJW8JQMAAoJEBcWfLTuOo7tUYsP/0cwzYXXuSvBOUhCzUd3z//b
ZW1j9v2rbLLJB7wRNFhXsdz25MV/5pwX67Bb+rO9X21F/hItY61nHbTSayd+ud2v
HTDnPRAWtlEd2Xd9EarGttIRAhUEQyDts3e2KpOcw2XG+zZF38DKrLprvLJrTU8u
r8n8KnHP5ipOhPCubihsLQdf8jbCDnwKm2Lt0w7QAYYNOtIAzMKFtfjnsDzfJMm2
pN+laUBUDEeyv3ozmnyqmF6qSG8s43Mb+a+XeNYWEfr3VrwL6+k2YhwgFzl6jq1Z
5nMU2ziMP8OtfuVh7ldmR/+5zjkJzFCc8bbumu4Ipyhv1KOKESIxb/JNy+jCuL+D
uD2g2DUhqntt74SKSzYETJTZt0EKXjhQmPoeDa4Q6++Nq9Aw/OxpLZwoi+vUzEfn
cn/JGPsvwpjJjfdVFsCbaYVoCLivNy1uIwuKWpqQDjToGIMQGQ07KPepM9h5PPQ9
k1PkpH8HRynOkV5gbrGYvLyMgqJIB8KPeIQaSKARtUbCmn2zS99czD5fRojShmv+
BIZI5TowBRU9Cg4uwe0uRaSz/WiSI8OV8AcKqf0+59xYv6OfLLMIMAKYGIW+ZAdu
LvtU5uvVpMekW8pAPz95BlgK/6ullpLGQA6hU6TLDj78KuvdGLBKTdlKf42kV48g
ZD4qUKE2vo66y07AMC93
=8yOc
-----END PGP SIGNATURE-----
| VAR-201603-0157 | CVE-2016-1749 | Apple OS X of IOUSBFamily Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the IOUSBInterfaceUserClient interface. The issue lies in the failure to ensure that a user-supplied index is within the bounds of the allocated buffer. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. IOUSBFamily is one of the basic USB device driver components. An elevation of privilege vulnerability exists in Apple OS X's IOUSBFamily
| VAR-201603-0155 | CVE-2016-1747 | Apple OS X of IOGraphics Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists within the IOGraphicsFamily interface. The issue lies failure to validate user-supplied function addresses prior to using them. An attacker can leverage this to escalate their privileges and execute code under the context of the kernel.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
Apple Mac OS X 10.11 through 10.11.3 are vulnerable. IOGraphics is one of the input and output graphics components