VARIoT IoT vulnerabilities database
| VAR-201512-0236 | CVE-2015-8045 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455. This vulnerability CVE-2015-8047 , CVE-2015-8060 , CVE-2015-8408 , CVE-2015-8416 , CVE-2015-8417 , CVE-2015-8418 , CVE-2015-8419 , CVE-2015-8443 , CVE-2015-8444 , CVE-2015-8451 ,and CVE-2015-8455 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state. Failed exploit attempts will likely result in denial-of-service conditions. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier versions based on Windows and Macintosh platforms and Adobe Flash Player Extended Support Release 18.0.0.261 and earlier versions, Adobe Flash based on Windows, Macintosh, Linux and ChromeOS platforms Player for Google Chrome 19.0.0.245 and earlier versions, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.245 and earlier versions based on Windows 10, Adobe Flash Player for Internet Explorer 10 and 11 19.0 based on Windows 8.0 and 8.1 platforms .0.245 and earlier versions, Adobe Flash Player for Linux 11.2.202.548 and earlier versions based on Linux platforms, AIR Desktop Runtime 19.0.0.241 and earlier versions based on Windows and Macintosh platforms, AIR SDK based on Windows, Macintosh, Android and iOS platforms 19.0.0.241 and earlier versions and AIR SDK & Compiler 19.0.0. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:2593-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2593.html
Issue date: 2015-12-09
CVE Names: CVE-2015-8045 CVE-2015-8047 CVE-2015-8048
CVE-2015-8049 CVE-2015-8050 CVE-2015-8055
CVE-2015-8056 CVE-2015-8057 CVE-2015-8058
CVE-2015-8059 CVE-2015-8060 CVE-2015-8061
CVE-2015-8062 CVE-2015-8063 CVE-2015-8064
CVE-2015-8065 CVE-2015-8066 CVE-2015-8067
CVE-2015-8068 CVE-2015-8069 CVE-2015-8070
CVE-2015-8071 CVE-2015-8401 CVE-2015-8402
CVE-2015-8403 CVE-2015-8404 CVE-2015-8405
CVE-2015-8406 CVE-2015-8407 CVE-2015-8408
CVE-2015-8409 CVE-2015-8410 CVE-2015-8411
CVE-2015-8412 CVE-2015-8413 CVE-2015-8414
CVE-2015-8415 CVE-2015-8416 CVE-2015-8417
CVE-2015-8418 CVE-2015-8419 CVE-2015-8420
CVE-2015-8421 CVE-2015-8422 CVE-2015-8423
CVE-2015-8424 CVE-2015-8425 CVE-2015-8426
CVE-2015-8427 CVE-2015-8428 CVE-2015-8429
CVE-2015-8430 CVE-2015-8431 CVE-2015-8432
CVE-2015-8433 CVE-2015-8434 CVE-2015-8435
CVE-2015-8436 CVE-2015-8437 CVE-2015-8438
CVE-2015-8439 CVE-2015-8440 CVE-2015-8441
CVE-2015-8442 CVE-2015-8443 CVE-2015-8444
CVE-2015-8445 CVE-2015-8446 CVE-2015-8447
CVE-2015-8448 CVE-2015-8449 CVE-2015-8450
CVE-2015-8451 CVE-2015-8452 CVE-2015-8453
CVE-2015-8454 CVE-2015-8455
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities, detailed in the Adobe Security Bulletin APSB15-32 listed
in the References section, could allow an attacker to create a specially
crafted SWF file that would cause flash-plugin to crash, execute arbitrary
code, or disclose sensitive information when the victim loaded a page
containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1289771 - flash-plugin: multiple code execution issues fixed in APSB15-32
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.554-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.554-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.554-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.554-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.554-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.554-1.el6_7.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.554-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.554-1.el6_7.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.554-1.el6_7.i686.rpm
x86_64:
flash-plugin-11.2.202.554-1.el6_7.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-8045
https://access.redhat.com/security/cve/CVE-2015-8047
https://access.redhat.com/security/cve/CVE-2015-8048
https://access.redhat.com/security/cve/CVE-2015-8049
https://access.redhat.com/security/cve/CVE-2015-8050
https://access.redhat.com/security/cve/CVE-2015-8055
https://access.redhat.com/security/cve/CVE-2015-8056
https://access.redhat.com/security/cve/CVE-2015-8057
https://access.redhat.com/security/cve/CVE-2015-8058
https://access.redhat.com/security/cve/CVE-2015-8059
https://access.redhat.com/security/cve/CVE-2015-8060
https://access.redhat.com/security/cve/CVE-2015-8061
https://access.redhat.com/security/cve/CVE-2015-8062
https://access.redhat.com/security/cve/CVE-2015-8063
https://access.redhat.com/security/cve/CVE-2015-8064
https://access.redhat.com/security/cve/CVE-2015-8065
https://access.redhat.com/security/cve/CVE-2015-8066
https://access.redhat.com/security/cve/CVE-2015-8067
https://access.redhat.com/security/cve/CVE-2015-8068
https://access.redhat.com/security/cve/CVE-2015-8069
https://access.redhat.com/security/cve/CVE-2015-8070
https://access.redhat.com/security/cve/CVE-2015-8071
https://access.redhat.com/security/cve/CVE-2015-8401
https://access.redhat.com/security/cve/CVE-2015-8402
https://access.redhat.com/security/cve/CVE-2015-8403
https://access.redhat.com/security/cve/CVE-2015-8404
https://access.redhat.com/security/cve/CVE-2015-8405
https://access.redhat.com/security/cve/CVE-2015-8406
https://access.redhat.com/security/cve/CVE-2015-8407
https://access.redhat.com/security/cve/CVE-2015-8408
https://access.redhat.com/security/cve/CVE-2015-8409
https://access.redhat.com/security/cve/CVE-2015-8410
https://access.redhat.com/security/cve/CVE-2015-8411
https://access.redhat.com/security/cve/CVE-2015-8412
https://access.redhat.com/security/cve/CVE-2015-8413
https://access.redhat.com/security/cve/CVE-2015-8414
https://access.redhat.com/security/cve/CVE-2015-8415
https://access.redhat.com/security/cve/CVE-2015-8416
https://access.redhat.com/security/cve/CVE-2015-8417
https://access.redhat.com/security/cve/CVE-2015-8418
https://access.redhat.com/security/cve/CVE-2015-8419
https://access.redhat.com/security/cve/CVE-2015-8420
https://access.redhat.com/security/cve/CVE-2015-8421
https://access.redhat.com/security/cve/CVE-2015-8422
https://access.redhat.com/security/cve/CVE-2015-8423
https://access.redhat.com/security/cve/CVE-2015-8424
https://access.redhat.com/security/cve/CVE-2015-8425
https://access.redhat.com/security/cve/CVE-2015-8426
https://access.redhat.com/security/cve/CVE-2015-8427
https://access.redhat.com/security/cve/CVE-2015-8428
https://access.redhat.com/security/cve/CVE-2015-8429
https://access.redhat.com/security/cve/CVE-2015-8430
https://access.redhat.com/security/cve/CVE-2015-8431
https://access.redhat.com/security/cve/CVE-2015-8432
https://access.redhat.com/security/cve/CVE-2015-8433
https://access.redhat.com/security/cve/CVE-2015-8434
https://access.redhat.com/security/cve/CVE-2015-8435
https://access.redhat.com/security/cve/CVE-2015-8436
https://access.redhat.com/security/cve/CVE-2015-8437
https://access.redhat.com/security/cve/CVE-2015-8438
https://access.redhat.com/security/cve/CVE-2015-8439
https://access.redhat.com/security/cve/CVE-2015-8440
https://access.redhat.com/security/cve/CVE-2015-8441
https://access.redhat.com/security/cve/CVE-2015-8442
https://access.redhat.com/security/cve/CVE-2015-8443
https://access.redhat.com/security/cve/CVE-2015-8444
https://access.redhat.com/security/cve/CVE-2015-8445
https://access.redhat.com/security/cve/CVE-2015-8446
https://access.redhat.com/security/cve/CVE-2015-8447
https://access.redhat.com/security/cve/CVE-2015-8448
https://access.redhat.com/security/cve/CVE-2015-8449
https://access.redhat.com/security/cve/CVE-2015-8450
https://access.redhat.com/security/cve/CVE-2015-8451
https://access.redhat.com/security/cve/CVE-2015-8452
https://access.redhat.com/security/cve/CVE-2015-8453
https://access.redhat.com/security/cve/CVE-2015-8454
https://access.redhat.com/security/cve/CVE-2015-8455
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFWaENJXlSAg2UNWIIRAtkVAJ9TAB/2ASL2cAlYuNBSDdOpZX3MSQCgmAp9
gPFtp7mQPYNi39FJVnh0tCk=
=TBaH
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.559"
References
==========
[ 1 ] CVE-2015-8045
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8045
[ 2 ] CVE-2015-8047
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8047
[ 3 ] CVE-2015-8048
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8048
[ 4 ] CVE-2015-8049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8049
[ 5 ] CVE-2015-8050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8050
[ 6 ] CVE-2015-8055
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8055
[ 7 ] CVE-2015-8056
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8056
[ 8 ] CVE-2015-8057
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8057
[ 9 ] CVE-2015-8058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8058
[ 10 ] CVE-2015-8059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8059
[ 11 ] CVE-2015-8060
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8060
[ 12 ] CVE-2015-8061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8061
[ 13 ] CVE-2015-8062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8062
[ 14 ] CVE-2015-8063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8063
[ 15 ] CVE-2015-8064
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8064
[ 16 ] CVE-2015-8065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8065
[ 17 ] CVE-2015-8066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8066
[ 18 ] CVE-2015-8067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8067
[ 19 ] CVE-2015-8068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8068
[ 20 ] CVE-2015-8069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8069
[ 21 ] CVE-2015-8070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8070
[ 22 ] CVE-2015-8071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8071
[ 23 ] CVE-2015-8401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8401
[ 24 ] CVE-2015-8402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8402
[ 25 ] CVE-2015-8403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8403
[ 26 ] CVE-2015-8404
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8404
[ 27 ] CVE-2015-8405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8405
[ 28 ] CVE-2015-8406
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8406
[ 29 ] CVE-2015-8407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8407
[ 30 ] CVE-2015-8408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8408
[ 31 ] CVE-2015-8409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8409
[ 32 ] CVE-2015-8410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8410
[ 33 ] CVE-2015-8411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8411
[ 34 ] CVE-2015-8412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8412
[ 35 ] CVE-2015-8413
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8413
[ 36 ] CVE-2015-8414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8414
[ 37 ] CVE-2015-8415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8415
[ 38 ] CVE-2015-8416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8416
[ 39 ] CVE-2015-8417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8417
[ 40 ] CVE-2015-8418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8418
[ 41 ] CVE-2015-8419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8419
[ 42 ] CVE-2015-8420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8420
[ 43 ] CVE-2015-8421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8421
[ 44 ] CVE-2015-8422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8422
[ 45 ] CVE-2015-8423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8423
[ 46 ] CVE-2015-8424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8424
[ 47 ] CVE-2015-8425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8425
[ 48 ] CVE-2015-8426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8426
[ 49 ] CVE-2015-8427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8427
[ 50 ] CVE-2015-8428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8428
[ 51 ] CVE-2015-8429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8429
[ 52 ] CVE-2015-8430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8430
[ 53 ] CVE-2015-8431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8431
[ 54 ] CVE-2015-8432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8432
[ 55 ] CVE-2015-8433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8433
[ 56 ] CVE-2015-8434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8434
[ 57 ] CVE-2015-8435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8435
[ 58 ] CVE-2015-8436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8436
[ 59 ] CVE-2015-8437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8437
[ 60 ] CVE-2015-8438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8438
[ 61 ] CVE-2015-8439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8439
[ 62 ] CVE-2015-8440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8440
[ 63 ] CVE-2015-8441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8441
[ 64 ] CVE-2015-8442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8442
[ 65 ] CVE-2015-8443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8443
[ 66 ] CVE-2015-8443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8443
[ 67 ] CVE-2015-8445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8445
[ 68 ] CVE-2015-8446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8446
[ 69 ] CVE-2015-8447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8447
[ 70 ] CVE-2015-8448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8448
[ 71 ] CVE-2015-8449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8449
[ 72 ] CVE-2015-8450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8450
[ 73 ] CVE-2015-8451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8451
[ 74 ] CVE-2015-8452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8452
[ 75 ] CVE-2015-8453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8453
[ 76 ] CVE-2015-8454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8454
[ 77 ] CVE-2015-8455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8455
[ 78 ] CVE-2015-8459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8459
[ 79 ] CVE-2015-8460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8460
[ 80 ] CVE-2015-8635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8635
[ 81 ] CVE-2015-8636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8636
[ 82 ] CVE-2015-8638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8638
[ 83 ] CVE-2015-8639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8639
[ 84 ] CVE-2015-8640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8640
[ 85 ] CVE-2015-8641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8641
[ 86 ] CVE-2015-8642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8642
[ 87 ] CVE-2015-8643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8643
[ 88 ] CVE-2015-8644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8644
[ 89 ] CVE-2015-8645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8645
[ 90 ] CVE-2015-8646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8646
[ 91 ] CVE-2015-8647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8647
[ 92 ] CVE-2015-8648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8648
[ 93 ] CVE-2015-8649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8649
[ 94 ] CVE-2015-8650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8650
[ 95 ] CVE-2015-8651
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8651
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201512-0183 | CVE-2015-7113 | Apple iOS and watchOS of LaunchServices Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is fixed in:
Apple iOS 9.2
Apple watchOS 2.1. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. LaunchServices is one of the components that uses a running application to open other applications or documents. A security vulnerability exists in the LaunchServices component of Apple iOS 9.1 and earlier and watchOS 2. and earlier
| VAR-201512-0182 | CVE-2015-7112 | plural Apple Product IOHIDFamily API Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The IOHIDFamily API is one of the kernel extensions (Abstract Interface for Human Interface Devices) API components. A security vulnerability exists in the IOHIDFamily API component of several Apple products
| VAR-201512-0170 | CVE-2015-7071 | Apple OS X of Vulnerability in file bookmark component bypassing sandbox protection mechanism |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. File Bookmark is one of the file bookmark components
| VAR-201512-0181 | CVE-2015-7111 | plural Apple Product IOHIDFamily API Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The IOHIDFamily API is one of the kernel extensions (Abstract Interface for Human Interface Devices) API components. A security vulnerability exists in the IOHIDFamily API component of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-4 watchOS 2.1
watchOS 2.1 is now available and addresses the following:
AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Compression
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
malformed media files. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7075
dyld
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A segment validation issue existed in dyld. This was
addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
FontParser
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of font files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero
Day Initiative
GasGauge
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6979 : PanguTeam
ImageIO
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
Kernel
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
LaunchServices
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
OpenGL
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Sandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-6997 : Apple
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRUAAoJEBcWfLTuOo7tDFcP/0eMRtPiazqLeAvYEhbHBBYX
K9T4vuY0ridD8lmoOPIEjcZnlx2VfZJIeUlgRoWBi1gm5Hi9UoR/17wCSJBUK7an
EwcR2zlwEwZK3Vb64ogyAr3CkV0646nMyTiBRoZT+vz/zTRxxh/7yxcGE0kc6h2m
1w4uiljcU/1DzMNbjWz7+TSOKRJLilumf2kzvRGS5WPRs/WN1xJ6bGA5aiY9+M0R
7QbgnTsLVU58jmo1iIJDGLUyQ/7iF+kALZa+IozKRXJjbrq31qkheGSMCquUgDQT
3MkNbMl+UwZQdWuUswjp/ZYZ1EJ3e1AFNKVwv4f79DpBDViquq9g13agnCExhvvK
ByrCwL41emEwQ0rVZdtmfneCrTsUfWGkM4BSAcSLJAmsJ/H9gP/J11x8MK4qkd+q
Xl4YKJtRE1ovkRlxpKQbJL14yXIXVXMCdXhwkU6HlyxX3qOw8Gop0/2AXuBIup7Q
4idJ+JJyLjv6mYL3CtgWh+D6HVpRSS2DeKjHP33F8qMNaD0zjjlx1qQ2MZ42gwI4
4g5gGHWaq9q4fCLdbIvfHdeeU54Xb8Q/rJ2CMuE3y0q7BzYzToJFt8xE5+kw1d+x
3Cfc2clhT7YJdg2i4JtakbAAGMybx2IqfO2Zjc2GIGPuZGUSxQKUFgtmfJDR0/4e
Zgl367oS5NsHOKYGx4cn
=gPGz
-----END PGP SIGNATURE-----
| VAR-201512-0166 | CVE-2015-7067 | Apple OS X of IOThunderboltFamily Service disruption in (DoS) Vulnerabilities |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple OS X is a set of special operating systems developed by Apple Inc. for Mac computers.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks
| VAR-201512-0169 | CVE-2015-7070 | Apple iOS of GPUTools Framework of Mobile Replayer Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code, spoof the source URI of a site presented to an unsuspecting user. Failed exploit attempts may cause a denial-of-service condition.
Versions prior to iOS 9.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. GPUTools is one of the graphics card overclocking testing tools.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
| VAR-201512-0168 | CVE-2015-7069 | Apple iOS of GPUTools Framework of Mobile Replayer Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code, spoof the source URI of a site presented to an unsuspecting user. Failed exploit attempts may cause a denial-of-service condition.
Versions prior to iOS 9.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. GPUTools is one of the graphics card overclocking testing tools.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
| VAR-201512-0162 | CVE-2015-7063 | Apple OS X of EFI Kernel loader vulnerabilities that can be gained |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. EFI is one of the firmware upgrade interface components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:
apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.29, the most serious of which may have led to remote code
execution. These were addressed by updating PHP to version 5.5.30.
CVE-ID
CVE-2015-7803
CVE-2015-7804
AppSandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Bluetooth
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Bluetooth HCI
interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7108 : Ian Beer of Google Project Zero
CFNetwork HTTPProtocol
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
Configuration Profiles
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local attacker may be able to install a configuration
profile without admin privileges
Description: An issue existed when installing configuration
profiles. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling. This issue was addressed through improved memory
handling.
This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7063 : Apple
File Bookmark
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A path validation issue existed in app scoped
bookmarks. This was addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7071 : Apple
Hypervisor
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A use after free issue existed in the handling of VM
objects. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-7078 : Ian Beer of Google Project Zero
iBooks
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A null pointer dereference issue was addressed through
improved input validation.
CVE-ID
CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and
JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Intel Graphics
Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of
TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An out of bounds memory access issue existed in the
Intel Graphics Driver. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7077 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
IOThunderboltFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference existed in
IOThunderboltFamily's handling of certain userclient types. This
issue was addressed through improved validation of
IOThunderboltFamily contexts.
CVE-ID
CVE-2015-7067 : Juwei Lin of TrendMicro
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
kext tools
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A validation issue existed during the loading of kernel
extensions. This issue was addressed through additional verification.
CVE-ID
CVE-2015-7052 : Apple
Keychain Access
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to masquerade as the
Keychain Server.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libexpat
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior
to 2.1.0. These were addressed by updating expat to versions 2.1.0.
CVE-ID
CVE-2012-0876 : Vincent Danen
CVE-2012-1147 : Kurt Seifried
CVE-2012-1148 : Kurt Seifried
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
OpenLDAP
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: An input validation issue existed in OpenLDAP. This
issue was addressed through improved input validation. These were addressed by updating LibreSSL to version
2.1.8.
CVE-ID
CVE-2015-5333
CVE-2015-5334
QuickLook
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Sandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
System Integrity Protection
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
execute arbitrary code with system privileges
Description: A privilege issue existed in handling union mounts.
This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7044 : MacDefender
Installation note:
Security Update 2015-008 is recommended for all users and improves the
security of OS X. After installing this update, the QuickTime 7 web
browser plug-in will no longer be enabled by default. Learn what to
do if you still need this legacy plug-in.
https://support.apple.com/en-us/HT205081
OS X El Capitan v10.11.2 includes the security content of
Safari 9.0.2: https://support.apple.com/en-us/HT205639
OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j
PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn
+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ
jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz
0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g
OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s
Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36
Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB
BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY
Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx
rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T
gvIdn3N1k8hWpmYDjxZd
=Yi/n
-----END PGP SIGNATURE-----
| VAR-201512-0164 | CVE-2015-7065 | plural Apple Product OpenGL Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Apple Mac OS X, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition.
Note: The issue described by CVE-2015-3807 has been removed. The issue is discussed in BID 76343 (Apple Mac OS X and iOS Multiple Security Vulnerabilities). Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. OpenGL is one of the cross-programming language, cross-platform programming interface components. A security vulnerability exists in the OpenGL component of several Apple products.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Apple TV will periodically check for software updates.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
| VAR-201512-0156 | CVE-2015-7057 | Apple Xcode of otools Vulnerability gained in |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. Apple Xcode is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-6 Xcode 7.2
Xcode 7.2 is now available and addresses the following:
Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versions prior
to 2.5.4. These were addressed by updating Git to version 2.5.4.
CVE-ID
CVE-2015-7082
IDE SCM
Available for: OS X Yosemite v10.10.5 or later
Impact: Intentionally untracked files may be uploaded to
repositories
Description: Xcode did not honor the .gitignore directive. This
issue was addressed by adding support to honor .gitignore file.
CVE-ID
CVE-2015-7056 : Stephen Lardieri
otools
Available for: OS X Yosemite v10.10.5 or later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of mach-o files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team
CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team
Installation note:
Xcode 7.2 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau
FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4
Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t
6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h
1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT
rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr
HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu
PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI
gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O
pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi
5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH
ObtqW74YB0YXaiw1ckGl
=FxUB
-----END PGP SIGNATURE-----
| VAR-201512-0155 | CVE-2015-7056 | Apple Xcode of IDE SCM Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. Apple Xcode is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. There is a security vulnerability in the IDE SCM of Apple Xcode 7.1.1 and earlier versions. The vulnerability stems from the fact that the program does not correctly identify the .gitignore file.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-6 Xcode 7.2
Xcode 7.2 is now available and addresses the following:
Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versions prior
to 2.5.4. These were addressed by updating Git to version 2.5.4.
CVE-ID
CVE-2015-7082
IDE SCM
Available for: OS X Yosemite v10.10.5 or later
Impact: Intentionally untracked files may be uploaded to
repositories
Description: Xcode did not honor the .gitignore directive. This
issue was addressed by adding support to honor .gitignore file.
CVE-ID
CVE-2015-7056 : Stephen Lardieri
otools
Available for: OS X Yosemite v10.10.5 or later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of mach-o files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team
CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team
Installation note:
Xcode 7.2 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau
FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4
Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t
6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h
1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT
rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr
HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu
PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI
gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O
pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi
5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH
ObtqW74YB0YXaiw1ckGl
=FxUB
-----END PGP SIGNATURE-----
| VAR-201512-0151 | CVE-2015-7052 | Apple OS X of kext Vulnerability gained privileges in tools |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. kext tools is one of the kernel extensions, running on the core base of the system. The vulnerability is caused by the program not properly handling kernel-extension loading. A local attacker could exploit this vulnerability to gain privileges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:
apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.29, the most serious of which may have led to remote code
execution. These were addressed by updating PHP to version 5.5.30.
CVE-ID
CVE-2015-7803
CVE-2015-7804
AppSandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Bluetooth
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Bluetooth HCI
interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7108 : Ian Beer of Google Project Zero
CFNetwork HTTPProtocol
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
Configuration Profiles
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local attacker may be able to install a configuration
profile without admin privileges
Description: An issue existed when installing configuration
profiles. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
Disk Images
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero
EFI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A path validation issue existed in the kernel loader.
This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7063 : Apple
File Bookmark
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A path validation issue existed in app scoped
bookmarks. This was addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7071 : Apple
Hypervisor
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A use after free issue existed in the handling of VM
objects. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-7078 : Ian Beer of Google Project Zero
iBooks
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A null pointer dereference issue was addressed through
improved input validation.
CVE-ID
CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and
JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Intel Graphics
Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of
TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An out of bounds memory access issue existed in the
Intel Graphics Driver. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7077 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
IOThunderboltFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference existed in
IOThunderboltFamily's handling of certain userclient types. This
issue was addressed through improved validation of
IOThunderboltFamily contexts.
CVE-ID
CVE-2015-7067 : Juwei Lin of TrendMicro
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
kext tools
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A validation issue existed during the loading of kernel
extensions. This issue was addressed through additional verification.
CVE-ID
CVE-2015-7052 : Apple
Keychain Access
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to masquerade as the
Keychain Server.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libexpat
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior
to 2.1.0. These were addressed by updating expat to versions 2.1.0.
CVE-ID
CVE-2012-0876 : Vincent Danen
CVE-2012-1147 : Kurt Seifried
CVE-2012-1148 : Kurt Seifried
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
OpenLDAP
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: An input validation issue existed in OpenLDAP. This
issue was addressed through improved input validation. These were addressed by updating LibreSSL to version
2.1.8.
CVE-ID
CVE-2015-5333
CVE-2015-5334
QuickLook
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Sandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
System Integrity Protection
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
execute arbitrary code with system privileges
Description: A privilege issue existed in handling union mounts.
This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7044 : MacDefender
Installation note:
Security Update 2015-008 is recommended for all users and improves the
security of OS X. After installing this update, the QuickTime 7 web
browser plug-in will no longer be enabled by default. Learn what to
do if you still need this legacy plug-in.
https://support.apple.com/en-us/HT205081
OS X El Capitan v10.11.2 includes the security content of
Safari 9.0.2: https://support.apple.com/en-us/HT205639
OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j
PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn
+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ
jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz
0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g
OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s
Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36
Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB
BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY
Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx
rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T
gvIdn3N1k8hWpmYDjxZd
=Yi/n
-----END PGP SIGNATURE-----
| VAR-201512-0161 | CVE-2015-7062 | Apple OS X and tvOS Vulnerabilities in which installation restrictions on configuration profiles can be bypassed |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Both Apple OS X and tvOS are products of Apple Inc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:
apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.29, the most serious of which may have led to remote code
execution. These were addressed by updating PHP to version 5.5.30.
CVE-ID
CVE-2015-7803
CVE-2015-7804
AppSandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Bluetooth
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Bluetooth HCI
interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7108 : Ian Beer of Google Project Zero
CFNetwork HTTPProtocol
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
Disk Images
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero
EFI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A path validation issue existed in the kernel loader.
This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7063 : Apple
File Bookmark
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A path validation issue existed in app scoped
bookmarks. This was addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7071 : Apple
Hypervisor
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A use after free issue existed in the handling of VM
objects. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-7078 : Ian Beer of Google Project Zero
iBooks
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A null pointer dereference issue was addressed through
improved input validation.
CVE-ID
CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and
JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Intel Graphics
Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of
TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An out of bounds memory access issue existed in the
Intel Graphics Driver. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7077 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
IOThunderboltFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference existed in
IOThunderboltFamily's handling of certain userclient types. This
issue was addressed through improved validation of
IOThunderboltFamily contexts.
CVE-ID
CVE-2015-7067 : Juwei Lin of TrendMicro
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
kext tools
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A validation issue existed during the loading of kernel
extensions. This issue was addressed through additional verification.
CVE-ID
CVE-2015-7052 : Apple
Keychain Access
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to masquerade as the
Keychain Server.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libexpat
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior
to 2.1.0. These were addressed by updating expat to versions 2.1.0.
CVE-ID
CVE-2012-0876 : Vincent Danen
CVE-2012-1147 : Kurt Seifried
CVE-2012-1148 : Kurt Seifried
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
OpenLDAP
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: An input validation issue existed in OpenLDAP. This
issue was addressed through improved input validation.
CVE-ID
CVE-2015-6908
OpenSSH
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in LibreSSL
Description: Multiple vulnerabilities existed in LibreSSL versions
prior to 2.1.8. These were addressed by updating LibreSSL to version
2.1.8.
CVE-ID
CVE-2015-5333
CVE-2015-5334
QuickLook
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Sandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
System Integrity Protection
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
execute arbitrary code with system privileges
Description: A privilege issue existed in handling union mounts.
This issue was addressed by improved authorization checks. After installing this update, the QuickTime 7 web
browser plug-in will no longer be enabled by default. Learn what to
do if you still need this legacy plug-in.
https://support.apple.com/en-us/HT205081
OS X El Capitan v10.11.2 includes the security content of
Safari 9.0.2: https://support.apple.com/en-us/HT205639
OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j
PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn
+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ
jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz
0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g
OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s
Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36
Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB
BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY
Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx
rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T
gvIdn3N1k8hWpmYDjxZd
=Yi/n
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.".
To check the current version of software, select
"Settings -> General -> About"
| VAR-201512-0148 | CVE-2015-7049 | Apple Xcode of otools Vulnerability gained in |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. Apple Xcode is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, bypass security restrictions and perform unauthorized actions. Failed exploit attempts may result in a denial-of-service condition. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-6 Xcode 7.2
Xcode 7.2 is now available and addresses the following:
Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versions prior
to 2.5.4. These were addressed by updating Git to version 2.5.4.
CVE-ID
CVE-2015-7082
IDE SCM
Available for: OS X Yosemite v10.10.5 or later
Impact: Intentionally untracked files may be uploaded to
repositories
Description: Xcode did not honor the .gitignore directive. This
issue was addressed by adding support to honor .gitignore file.
CVE-ID
CVE-2015-7056 : Stephen Lardieri
otools
Available for: OS X Yosemite v10.10.5 or later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of mach-o files. These issues were addressed through
improved memory handling.
CVE-ID
CVE-2015-7049 : Proteas of Qihoo 360 Nirvan Team
CVE-2015-7057 : Proteas of Qihoo 360 Nirvan Team
Installation note:
Xcode 7.2 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "7.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRaAAoJEBcWfLTuOo7td2kP/Ag61Qpz8uA8MgClf9SbFJau
FNMDPV7ZOLPPc+DA37rQIwQemSe8dkt4Jnc6TOcTQdR7+f+Mt0QgscDW9xlOlYT4
Ofg5h5XnrKQ02DBkptD4ms5RH8JAHDKCYj8WttlBnBVsJMb6H3s5Om6vfubXkb7t
6bdUMe7iCgRsGuRrBuzPfxjMzh2ilnWML1B6VJkRi6rMnWTW2a66BWvfqLL1Cv2h
1ybIaJi1wsw0lTxGIb+bNM8lg+EL4JLEV+DSJ6mFtDpF6dQBqndbxjopbO5l6LzT
rnWtFTQQ1/6SAM11n9bbDOQj8w8QW3v0CAyad4HN+5Ayk/qnuJZ8o1ycSGAIrQgr
HCzG8RELjK9ipgkdu5daXUc75SGVPuuwobQM6SNzrg5M6SVzIvVdSibTwfgnDvgu
PQO6mBZXLewSBoWqJAQnoDJXExSJ67IE5RzXwvg5KQcF+81Toj48HUxxd98PKrnI
gPbhf8QT9/asGupN4wh3JjN73/qm2BwpJsbPvVj42Ew1OnsBgldpEL1Ssl/2qX0O
pPi1pfF6PIFQUrbloWyYC+lIJuydb3FZUYKLR6HSn7v7RrZu5n8Uvj+5VX3TyVOi
5WzXvbHd9L3exphb8SnITTUdZX6LzkUgRrQRvGWTzT/AfIHQRAyliyk7BgYRqzHH
ObtqW74YB0YXaiw1ckGl
=FxUB
-----END PGP SIGNATURE-----
| VAR-201512-0149 | CVE-2015-7050 | Apple iOS and Safari Used in etc. WebKit Vulnerability in obtaining important browsing history information |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. Apple iOS and Safari Used in etc. WebKit is prone to an information-disclosure vulnerability.
Successful exploits may allow the attacker to gain access to sensitive information. Information obtained may lead to further attacks. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWa0HxAAoJEBcWfLTuOo7tL3sP/3IMYdGz6mTS98t6/aMJx8Ew
okyR8nBT2M3ALNVxTJeVxRbHc11f75x9DVJMV4Q291MRqeX3b7wHBcvoizmOM66c
bWNIqRdIYVub+WWwljBuzdsPIT0d9NlY8Htz9dbwtWmTPACYNKYr9ZUO1T9ntSer
WCEBRql2VlpOpr12FfpRc2I52BisIF1pVm24QmsVfgJM156lWxFAjC+i6ESOeBnd
waL4T5aw7+mZuoIbUSQvVsjEo2ay5wglAvPhYDlwpEMEY+w0U0E077qr/6LiLf9B
MtxIz6i/rtPD4Ak+rKLdAbAGah0nWvVPomo4KI+xS+kxlmxEQY2Q7dUzDpCmviho
ZMEgjoEFAouUa+mQC0w+CSxMyO5MS5ZDoZo14DHfkB978DDBjW88xAky4Row5gjX
97ZJ/+933eYqrcNLjc74CNoTDHw22YQ9bys05qJ2FovoTu0s+qsVWhx5tEehxJLr
RTvBfc/49JNTracvb/uK7ShbUc9u6qj9g5tHCgLqU6KwFj/vafF5d/lQph4gz6NQ
2xAxKCQjzS6Hqalj0xjmw51b2rxZXjXW2Q4itRa+BVbG8Eb8Frp5yzj5h/m/pS5/
5/yMR9vYDYXN8psVrSSPhFtpCz0jloeAWsSJk5nM+ReH4sUwRyS3dV7ONfyDxtvo
jIfn9cPnOmCwLLCZl2E9
=eKwE
-----END PGP SIGNATURE-----
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
Safari 9.0.2 may be obtained from the Mac App Store
| VAR-201512-0154 | CVE-2015-7055 | Apple iOS and tvOS of AppleMobileFileIntegrity Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Apple iOS and tvOS are prone to multiple arbitrary code-execution vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions.
This issue is fixed in:
Apple iOS 9.2
Apple tvOS 9.1. Both Apple OS X and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. AppleMobileFileIntegrity (AMFI) is one of the kernel modules used to check the integrity of mobile phone files.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Apple TV will periodically check for software updates.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
| VAR-201512-0167 | CVE-2015-7068 | plural Apple Product IOKit SCSI Vulnerable to arbitrary code execution in a privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X, watchOS, iOS, and tvOS are prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in the IOKit SCSI of several Apple products. The vulnerability is caused by the program not properly handling the userclient type.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Apple TV will periodically check for software updates.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-6997 : Apple
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About"
| VAR-201512-0143 | CVE-2015-7044 | Apple OS X System Integrity Protection Vulnerability in Arbitrary Code Execution in a Privileged Context |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. The vulnerability stems from the program's improper handling of union mounts. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:
apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.29, the most serious of which may have led to remote code
execution. These were addressed by updating PHP to version 5.5.30.
CVE-ID
CVE-2015-7803
CVE-2015-7804
AppSandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
Bluetooth
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Bluetooth HCI
interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7108 : Ian Beer of Google Project Zero
CFNetwork HTTPProtocol
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
Configuration Profiles
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local attacker may be able to install a configuration
profile without admin privileges
Description: An issue existed when installing configuration
profiles. This issue was addressed through improved authorization
checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
Disk Images
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero
EFI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A path validation issue existed in the kernel loader.
This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7063 : Apple
File Bookmark
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A path validation issue existed in app scoped
bookmarks. This was addressed through improved environment
sanitization. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-7078 : Ian Beer of Google Project Zero
iBooks
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A null pointer dereference issue was addressed through
improved input validation.
CVE-ID
CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and
JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in the Intel Graphics
Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of
TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An out of bounds memory access issue existed in the
Intel Graphics Driver. This issue was addressed through improved
memory handling.
CVE-ID
CVE-2015-7077 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
IOThunderboltFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference existed in
IOThunderboltFamily's handling of certain userclient types. This
issue was addressed through improved validation of
IOThunderboltFamily contexts.
CVE-ID
CVE-2015-7067 : Juwei Lin of TrendMicro
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
kext tools
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A validation issue existed during the loading of kernel
extensions. This issue was addressed through additional verification.
CVE-ID
CVE-2015-7052 : Apple
Keychain Access
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to masquerade as the
Keychain Server.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent. This issue was resolved by removing legacy
functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University
Bloomington, Xiaolong Bai of Indiana University Bloomington and
Tsinghua University, Tongxin Li of Peking University, Kai Chen of
Indiana University Bloomington and Institute of Information
Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-
Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libexpat
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior
to 2.1.0. These were addressed by updating expat to versions 2.1.0.
CVE-ID
CVE-2012-0876 : Vincent Danen
CVE-2012-1147 : Kurt Seifried
CVE-2012-1148 : Kurt Seifried
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
OpenLDAP
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: An input validation issue existed in OpenLDAP. This
issue was addressed through improved input validation. These were addressed by updating LibreSSL to version
2.1.8.
CVE-ID
CVE-2015-5333
CVE-2015-5334
QuickLook
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Sandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1
decoder. These issues were addressed through improved input
validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7044 : MacDefender
Installation note:
Security Update 2015-008 is recommended for all users and improves the
security of OS X. After installing this update, the QuickTime 7 web
browser plug-in will no longer be enabled by default. Learn what to
do if you still need this legacy plug-in.
https://support.apple.com/en-us/HT205081
OS X El Capitan v10.11.2 includes the security content of
Safari 9.0.2: https://support.apple.com/en-us/HT205639
OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j
PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn
+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ
jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz
0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g
OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s
Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36
Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB
BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY
Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx
rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T
gvIdn3N1k8hWpmYDjxZd
=Yi/n
-----END PGP SIGNATURE-----
| VAR-201512-0165 | CVE-2015-7066 | plural Apple Product OpenGL Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.
Attackers can exploit these issues to execute arbitrary code and bypass security restrictions. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to iOS 9.2, watchOS 2.1, OS X 10.11.2, and tvOS 9.1 are vulnerable. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. OpenGL is one of the cross-programming language, cross-platform programming interface components. A security vulnerability exists in the OpenGL component of several Apple products.
Description: An issue existed in how Keychain Access interacted with
Keychain Agent.
CVE-ID
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Installation note:
Apple TV will periodically check for software updates.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2015-12-08-1 iOS 9.2
iOS 9.2 is now available and addresses the following:
AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An access control issue was addressed by preventing
modification of access control structures.
CVE-ID
CVE-2015-7055 : Apple
AppSandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may maintain access to Contacts
after having access revoked
Description: An issue existed in the sandbox's handling of hard
links. This issue was addressed through improved hardening of the app
sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University
POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North
Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi
of TU Darmstadt
CFNetwork HTTPProtocol
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to bypass HSTS
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and
Muneaki Nishimura (nishimunea)
Compression
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An uninitialized memory access issue existed in zlib.
This issue was addressed through improved memory initialization and
additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in the
processing of malformed media files. These issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple segment validation issues existed in dyld.
These were addressed through improved environment sanitization.
CVE-ID
CVE-2015-7072 : Apple
CVE-2015-7079 : PanguTeam
GPUTools Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple path validation issues existed in Mobile
Replayer. These were addressed through improved environment
sanitization.
CVE-ID
CVE-2015-7069 : Luca Todesco (@qwertyoruiop)
CVE-2015-7070 : Luca Todesco (@qwertyoruiop)
iBooks
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: An XML external entity reference issue existed with
iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
ImageIO
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in ImageIO. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily API. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A null pointer dereference existed in the handling of a
certain userclient type. This issue was addressed through improved
validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed
through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An issue existed in the parsing of mach messages. This
issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
LaunchServices
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the processing of
malformed plists. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7113 : Olivier Goguel of Free Tools Association
libarchive
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: Multiple buffer overflows existed in the C standard
library. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-7038
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libxml2
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: A memory corruption issue existed in the parsing of XML
files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological
University
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A timing issue existed in loading of the trust cache.
This issue was resolved by validating the system environment before
loading the trust cache.
CVE-ID
CVE-2015-7051 : PanguTeam
OpenGL
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in OpenGL.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
Photos
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to use the backup system to access
restricted areas of the file system
Description: A path validation issue existed in Mobile Backup. This
was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7037 : PanguTeam
QuickLook
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7107
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: An issue may have allowed a website to display content
with a URL from a different website. This issue was addressed through
improved URL handling.
CVE-ID
CVE-2015-7093 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
Sandbox
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application with root privileges may be able to
bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in
xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL
handshakes. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may gain access to a user's Keychain
items
Description: An issue existed in the validation of access control
lists for keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-7058
Siri
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may be able
to use Siri to read notifications of content that is set not to be
displayed at the lock screen
Description: When a request was made to Siri, client side
restrictions were not being checked by the server. This issue was
addressed through improved restriction checking.
CVE-ID
CVE-2015-7080 : Or Safran (www.linkedin.com/profile/view?id=33912591)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7048 : Apple
CVE-2015-7095 : Apple
CVE-2015-7096 : Apple
CVE-2015-7097 : Apple
CVE-2015-7098 : Apple
CVE-2015-7099 : Apple
CVE-2015-7100 : Apple
CVE-2015-7101 : Apple
CVE-2015-7102 : Apple
CVE-2015-7103 : Apple
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: An insufficient input validation issue existed in
content blocking. This issue was addressed through improved content
extension parsing.
CVE-ID
CVE-2015-7050 : Luke Li and Jonathan Metzman
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "9.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzRMAAoJEBcWfLTuOo7tEKgQAJ9/T6vHx0rQLQBU32SytoMV
qnU9gXfhENP6nWOb0r8Lz8h+xpH3TfqyFUdqLDZtkfZVYtgt4YZ7J1trLPgKXrl1
0tZqAl+iDqMnroawUK+TsWyNZcsrOnSxy1so83CDZkeG1vmt4OIFZ6NHNzTQDnXx
+f13C5vHnsd2JryQ9pWGazpj4F1oi7J8B3I5F0AOzvq9kGOzwg35h1GYFYeU59J9
YHpLwDlCjD3rJojG0lIedC0HMqSHK++OxoAMQaLTzzI6qWfoZw9j1/kXlEQ8g/yK
jOp9SceJJ2iBti7p7ID5fyF3zTK10zggfsq3jXwJKWdt84JobhnERiTHGBdzEEWq
bip6UHKB36daTnAhA72GHn8hzc0c5JC9tQgWzwEpxEBEW/9iF99iY+q87rYxVt1J
FyyCJpgSWJsEE9dA09P6+CY4xBGYFf+uOJIBnctJm+ofg8IM/VNaDffLLQ0OCYAs
FgW258wuEn0ztV0sA4wX5rOiEa9rRHDFG6zn/zuyYmfR3fYa7xGVuBA5yp/EY0l1
zLWZrdgIBL21luETby773BFCwXMrg0+fchGLXS0TxSq6NVBtfqpRTFI/X24kjp79
X6gU4R4t3G5YoDXgKYLUcR3TT+I4x70dMu9oVK4tmaQmeA6n0pZwM3DVqywsPuYL
/ohF4zrwzeJ8a/8oKLfe
=Rjch
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-6997 : Apple
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/en-us/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About"