VARIoT IoT vulnerabilities database

The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. Apple iOS and Mac OS X are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. The former is an operating system developed for mobile devices. The latter is a dedicated operating system developed for Mac computers. Disk Images is one of the disk image format components. The vulnerability is caused by the program not correctly parsing disk images

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. FontParser is a font parsing component

Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.1, watchOS 2.0.1 and OS X 10.11.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple watchOS is a smart watch operating system. BOM (aka Bill of Materials) is one of the structured list components used to describe parts. A directory traversal vulnerability exists in the BOM components of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. CVE-ID CVE-2015-5916 Bom Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security configd Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A local user with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in CoreGraphics. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a document with a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 Grand Central Dispatch Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKhAAoJEBcWfLTuOo7tkBcP+QGVb0FmXmyDjPNF1b3Mx4Cv 2gPz3W6x1BQlss3/2+WX8YAMXgtGux0HQfYF/uQIjverf+HHlGDN2bd+P61odDEp hEU2h6N6bPbDp85MehTgZWt8/c6HR5XB2KFKNAXhE6YmrZ8neXBYLF+sF9T9NMx0 ar2/yWFlCVFTgDHzt4KGFJFjNDr8urHNp0nc4KjOE7YE83oK9vkAxmqOhpPNNzdj DIob8y1wO4NBoClzXr8DIlqoajFEWLXU++G6MVclhCoWun+vQpUo3XcOG7mJgoff nrb9ITbsEXtpKLeHYPdK7y7EMWOasVb2GPkK3TWEc37wf2eEk2cUSHRN6bjeIsJO WWVqGC8+Ya7eQgsztUlfUMK8OFNX9wz9CABB/wBNbYe1fzea+oZV7ijCR6IzOi6I 5xFEDCxSOnDMSn3uF/ENRk5LG7DC0PsL/Er/H2tSit9oacEGmoozyUdGlexG4o+a pySDBLiplfVjdfoPv8ABQSN6mtvD1MaLVVAoG14FEObEEY/tdl22Ou8NZQ6OgeLl I2uyMSPQDGMKXNxjIfgWTWK31TQakq3c78swlXy9fZrCWl/ti8y6CFUVqP8XOjN9 LgkJcChm77UXsiFCKqREMw/kgSDvctF94iMknUBc1+YDj+uDs+t9vvUzZ3syFC0V 4bPj6XOJcceSHv1+PlcF =gtL/ -----END PGP SIGNATURE-----

FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927. Attackers can exploit these issues to execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.1, watchOS 2.0.1 and OS X 10.11.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple watchOS is a smart watch operating system. FontParser is one of the font parsing components. A security vulnerability exists in the FontParser component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. CVE-ID CVE-2015-0235 CVE-2015-0273 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 ATS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team Audio Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-7003 : Mark Brand of Google Project Zero Audio Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd of Azimuth Security CFNetwork Available for: OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. These issues were addressed through improved bounds checking. These issues were addressed through improved bounds checking. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero EFI Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT/CC File Bookmark Available for: OS X El Capitan 10.11 Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team FontParser Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team Grand Central Dispatch Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: Multiple out of bounds read issues existed in the NVIDIA graphics driver. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7019 : Ian Beer of Google Project Zero CVE-2015-7020 : Moony Li of Trend Micro Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. These issues were addressed through improved metadata validation. These issues were addressed through improved metadata validation. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: OS X Yosemite v10.10.5 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in the validation of Mach tasks. This issue was addressed through improved Mach task validation. This issue was addressed through improved memory initialization. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer MCX Application Restrictions Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: A developer-signed executable may acquire restricted entitlements Description: An entitlement validation issue existed in Managed Configuration. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. This issue was addressed through improved provisioning profile validation. These issues were addressed by using patches affecting OS X from upstream. CVE-ID CVE-2012-6151 CVE-2014-3565 OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple OpenSSH Available for: OS X El Capitan 10.11 Impact: A local user may be able to conduct impersonation attacks Description: A privilege separation issue existed in PAM support. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH Sandbox Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed when handling NVRAM parameters. This issue was addressed through improved validation. CVE-ID CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical Institute, Apple Script Editor Available for: OS X El Capitan 10.11 Impact: An attacker may trick a user into running arbitrary AppleScript Description: In some circumstances, Script Editor did not ask for user confirmation before executing AppleScripts. This issue was addressed by prompting for user confirmation before executing AppleScripts. CVE-ID CVE-2015-7007 : Joe Vennix of Rapid7 Security Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team SecurityAgent Available for: OS X El Capitan 10.11 Impact: A malicious application can programmatically control keychain access prompts Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows. CVE-ID CVE-2015-5943 Installation note: OS X El Capitan v10.11.1 includes the security content of Safari 9.0.1: https://support.apple.com/kb/HT205377 OS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV Ee968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB az7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x ZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH Xja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE A7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER USJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4 CNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0 whlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE 7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz rEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN 4GbuRXld4PbxeDdel0Nk =snJ4 -----END PGP SIGNATURE----- . Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1"

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. Apple iOS , Safari and iTunes Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious web page. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iTunes is a suite of media player applications. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in several Apple products. The following products and versions are affected: Apple iOS versions prior to 9.1, Safari versions prior to 9.0.1, and iTunes versions prior to 12.3.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-5 iTunes 12.3.1 iTunes 12.3.1 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-5931 CVE-2015-7002 : Apple CVE-2015-7011 : Apple CVE-2015-7012 : Apple CVE-2015-7013 : Apple CVE-2015-7014 iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Installation note: iTunes 12.3.1 may be obtained from: http://www.apple.com/itunes/download/ You may also update to the latest version of iTunes via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuK0AAoJEBcWfLTuOo7tFqsP/i4hhZ9050OUg8jdzLx7ql9b pw0VB3uCssp4c7m6U/Dr90sgAAG1BRqNZF5jE0ItWfaeVxUtny9iHvj9MF5mhU4O 1hd/+f9iVeA2chOi63jVBYl/RTON/HLG0EukNAt57H7UNcnpGOJMwPxciDgHb5mi GEQEo3Q9bM2B9ReMcxCenVWBJ+e02l4iAqFBeV09BgAYvbaTvAQamjSeXkKyodI3 AkHmUuq6qWx9ka3EcMkEtm/agI2fKewlfI3WgpotkBx2lrZGUeFiuD21Nmq0diL8 O6tWt3FG4FsdrbPN7rm1NtPQq+fAnHn3EWCrpz32LB6Dh6NTqTLLesVDD5BCCK4p TanM1TlaRPVuBxg6oCLreNN8IHAx25vhCLEsAw9GMl5JRhmBL9IjTczt91zFAAjX fdW1bhq2O283MrRqZxvJW3eBti4IMr+cZtP9+OdlK+8zGx91LdvWNcuMS5Eg2W5T Auwf4ZfHmVCX5DDe2wgeUqe14eTpDomCI4S4utyh6jVtA0+b7V7FEBVlqc760ThO Gj7W4it3Ljosw6/VQodEPDiesbvhw+Cn7FcTHKxV7fgz+tLFSlEcox5BU0m/ardJ xWJ6c7qrT8TKkE4wYGHWljhWx7o6SkU/60BYZo5FNAYllYC1bp2rQTa7G79fjMvM eXiT4RZimmMNlbqwFKHQ =4LVn -----END PGP SIGNATURE-----

IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.1, watchOS 2.0.1 and OS X 10.11.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple watchOS is a smart watch operating system. A security vulnerability exists in the IOAcceleratorFamily of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. CVE-ID CVE-2015-5916 Bom Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security configd Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A local user with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in CoreGraphics. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a document with a maliciously crafted font may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 Grand Central Dispatch Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKhAAoJEBcWfLTuOo7tkBcP+QGVb0FmXmyDjPNF1b3Mx4Cv 2gPz3W6x1BQlss3/2+WX8YAMXgtGux0HQfYF/uQIjverf+HHlGDN2bd+P61odDEp hEU2h6N6bPbDp85MehTgZWt8/c6HR5XB2KFKNAXhE6YmrZ8neXBYLF+sF9T9NMx0 ar2/yWFlCVFTgDHzt4KGFJFjNDr8urHNp0nc4KjOE7YE83oK9vkAxmqOhpPNNzdj DIob8y1wO4NBoClzXr8DIlqoajFEWLXU++G6MVclhCoWun+vQpUo3XcOG7mJgoff nrb9ITbsEXtpKLeHYPdK7y7EMWOasVb2GPkK3TWEc37wf2eEk2cUSHRN6bjeIsJO WWVqGC8+Ya7eQgsztUlfUMK8OFNX9wz9CABB/wBNbYe1fzea+oZV7ijCR6IzOi6I 5xFEDCxSOnDMSn3uF/ENRk5LG7DC0PsL/Er/H2tSit9oacEGmoozyUdGlexG4o+a pySDBLiplfVjdfoPv8ABQSN6mtvD1MaLVVAoG14FEObEEY/tdl22Ou8NZQ6OgeLl I2uyMSPQDGMKXNxjIfgWTWK31TQakq3c78swlXy9fZrCWl/ti8y6CFUVqP8XOjN9 LgkJcChm77UXsiFCKqREMw/kgSDvctF94iMknUBc1+YDj+uDs+t9vvUzZ3syFC0V 4bPj6XOJcceSHv1+PlcF =gtL/ -----END PGP SIGNATURE-----

The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. File Bookmark is one of the file bookmark components

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlMan-in-the-middle attacks (man-in-the-middle attack) May spoof the endpoint by using access to revoked certificates. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial-of-service condition; this may aid in launching further attacks. Versions prior to iOS 9.1 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt Compression Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru CoreGraphics Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team CoreMedia Playback Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of malformed media files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7075 dyld Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A segment validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7072 : Apple FontParser Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative GasGauge Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam ImageIO Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple IOHIDFamily Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero IOKit SCSI Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool) Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero Kernel Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero LaunchServices Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7113 : Olivier Goguel of Free Tools Association libarchive Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift libc Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM) OpenGL Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks Sandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc. Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google Security Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJWZzRUAAoJEBcWfLTuOo7tDFcP/0eMRtPiazqLeAvYEhbHBBYX K9T4vuY0ridD8lmoOPIEjcZnlx2VfZJIeUlgRoWBi1gm5Hi9UoR/17wCSJBUK7an EwcR2zlwEwZK3Vb64ogyAr3CkV0646nMyTiBRoZT+vz/zTRxxh/7yxcGE0kc6h2m 1w4uiljcU/1DzMNbjWz7+TSOKRJLilumf2kzvRGS5WPRs/WN1xJ6bGA5aiY9+M0R 7QbgnTsLVU58jmo1iIJDGLUyQ/7iF+kALZa+IozKRXJjbrq31qkheGSMCquUgDQT 3MkNbMl+UwZQdWuUswjp/ZYZ1EJ3e1AFNKVwv4f79DpBDViquq9g13agnCExhvvK ByrCwL41emEwQ0rVZdtmfneCrTsUfWGkM4BSAcSLJAmsJ/H9gP/J11x8MK4qkd+q Xl4YKJtRE1ovkRlxpKQbJL14yXIXVXMCdXhwkU6HlyxX3qOw8Gop0/2AXuBIup7Q 4idJ+JJyLjv6mYL3CtgWh+D6HVpRSS2DeKjHP33F8qMNaD0zjjlx1qQ2MZ42gwI4 4g5gGHWaq9q4fCLdbIvfHdeeU54Xb8Q/rJ2CMuE3y0q7BzYzToJFt8xE5+kw1d+x 3Cfc2clhT7YJdg2i4JtakbAAGMybx2IqfO2Zjc2GIGPuZGUSxQKUFgtmfJDR0/4e Zgl367oS5NsHOKYGx4cn =gPGz -----END PGP SIGNATURE-----

Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. Apple Type Service (ATS) is one such font type service

libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, bypass security restrictions and perform unauthorized actions. This may aid in other attacks. libarchive is one of the multi-format archive and compression library components. A security vulnerability exists in the libarchive component of Apple OS X prior to 10.11.1 due to the program not properly validating the path of symbolic links

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. FontParser is a font parsing component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. FontParser is a font parsing component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. Apple iOS and Mac OS X are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. The former is a set of operating systems developed for mobile devices, and the latter is a set of dedicated operating systems developed for Mac computers. Kernel is one of the kernel components. The vulnerability stems from the fact that the program does not initialize the data structure. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion.". Supplementary information : CWE Vulnerability type by CWE-843:Access of Resource Using Incompatible Type ( Mixing of molds ) Has been identified. Apple iOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code and cause a denial-of-service condition; this may aid in launching further attacks. Versions prior to iOS 9.1 are vulnerable. Graphics Driver subsystem is one of the graphics driver entry components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. Supplementary information : CWE Vulnerability type by CWE-415: Double Free ( Double release ) Has been identified. http://cwe.mitre.org/data/definitions/415.htmlBy the attacker, AtomicBufferedFile It can be written to an arbitrary file through a crafted application that accesses the descriptor. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, overwrite arbitrary files and cause denial-of-service conditions. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017. Successful exploits may allow attackers to execute arbitrary code in the context of the affected system; Failed exploit attempts will cause denial-of-service conditions. in the United States. iTunes is a suite of multimedia music player applications. CoreText is one of the text engines that can control text formatting and text layout. A security vulnerability exists in the CoreText engine of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939. Attackers can exploit these issues to execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.1, watchOS 2.0.1 and OS X 10.11.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; OS X is a dedicated operating system developed for Mac computers; watchOS is a smart watch operating system. ImageIO is one of the static methods used to perform common image I/O operations. A security vulnerability exists in the ImageIO component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. These were addressed by updating PHP to versions 5.5.29 and 5.4.45. CVE-ID CVE-2015-0235 CVE-2015-0273 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 ATS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team Audio Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-7003 : Mark Brand of Google Project Zero Audio Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd of Azimuth Security CFNetwork Available for: OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team CoreText Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero EFI Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: An attacker can exercise unused EFI functions Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions. CVE-ID CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT/CC File Bookmark Available for: OS X El Capitan 10.11 Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks. CVE-ID CVE-2015-6987 : Luca Todesco (@qwertyoruiop) FontParser Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team FontParser Available for: OS X El Capitan 10.11 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team Grand Central Dispatch Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: Multiple out of bounds read issues existed in the NVIDIA graphics driver. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7019 : Ian Beer of Google Project Zero CVE-2015-7020 : Moony Li of Trend Micro Graphics Drivers Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. These issues were addressed through improved metadata validation. These issues were addressed through improved metadata validation. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: OS X Yosemite v10.10.5 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in the validation of Mach tasks. This issue was addressed through improved Mach task validation. This issue was addressed through improved memory initialization. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-ID CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer MCX Application Restrictions Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11 Impact: A developer-signed executable may acquire restricted entitlements Description: An entitlement validation issue existed in Managed Configuration. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. This issue was addressed through improved provisioning profile validation. These issues were addressed by using patches affecting OS X from upstream. CVE-ID CVE-2012-6151 CVE-2014-3565 OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple OpenSSH Available for: OS X El Capitan 10.11 Impact: A local user may be able to conduct impersonation attacks Description: A privilege separation issue existed in PAM support. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH Sandbox Available for: OS X El Capitan 10.11 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An input validation issue existed when handling NVRAM parameters. This issue was addressed through improved validation. CVE-ID CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical Institute, Apple Script Editor Available for: OS X El Capitan 10.11 Impact: An attacker may trick a user into running arbitrary AppleScript Description: In some circumstances, Script Editor did not ask for user confirmation before executing AppleScripts. This issue was addressed by prompting for user confirmation before executing AppleScripts. CVE-ID CVE-2015-7007 : Joe Vennix of Rapid7 Security Available for: OS X El Capitan 10.11 Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team SecurityAgent Available for: OS X El Capitan 10.11 Impact: A malicious application can programmatically control keychain access prompts Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows. CVE-ID CVE-2015-5943 Installation note: OS X El Capitan v10.11.1 includes the security content of Safari 9.0.1: https://support.apple.com/kb/HT205377 OS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV Ee968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB az7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x ZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH Xja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE A7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER USJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4 CNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0 whlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE 7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz rEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN 4GbuRXld4PbxeDdel0Nk =snJ4 -----END PGP SIGNATURE----- . Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1"

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. Apple iOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple iOS 9.0.2 and earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. Apple iOS Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in WebKit used in Apple iOS 9.0.2 and earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6979 : PanguTeam Grand Central Dispatch Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----

Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls. Apple Mac OS X, watchOS and iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with kernel privileges. Failed exploit attempts may result in a denial-of-service condition. Versions prior to iOS 9.1, watchOS 2.0.1 and OS X 10.11.1 are vulnerable. in the United States. Apple iOS is an operating system developed for mobile devices; Apple OS X is a dedicated operating system developed for Mac computers; Apple watchOS is a smart watch operating system. Grand Central Dispatch (GCD) is one of the multi-threaded optimization components. A security vulnerability exists in the GCD component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: The transaction log functionality was enabled in certain configurations. This update additionally addresses the issue for Apple Watches manufactured with watchOS 2. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking. CVE-ID CVE-2015-5940 : Apple Bom Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-7006 : Mark Dowd at Azimuth Security CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC configd Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to elevate privileges Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients. CVE-ID CVE-2015-7015 : PanguTeam CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5925 : Apple CVE-2015-5926 : Apple CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team Disk Images Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6995 : Ian Beer of Google Project Zero FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-5927 : Apple CVE-2015-5942 CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team GasGauge Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6989 : Apple Graphics Driver Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation. CVE-ID CVE-2015-5935 : Apple CVE-2015-5936 : Apple CVE-2015-5937 : Apple CVE-2015-5939 : Apple IOAcceleratorFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6996 : Ian Beer of Google Project Zero IOHIDFamily Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-6974 : Luca Todesco (@qwertyoruiop) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-ID CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-6988 : The Brainy Code Scanner (m00nbsd) Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local application may be able to cause a denial of service Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation. CVE-ID CVE-2015-6994 : Mark Mentovai of Google Inc. Notification Center Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Phone and Messages notifications may appear on the lock screen even when disabled Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management. CVE-ID CVE-2015-7000 : William Redwood of Hampton School OpenGL Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5924 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to overwrite arbitrary files Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors. CVE-ID CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to make a revoked certificate appear valid Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time. CVE-ID CVE-2015-6999 : Apple Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-6997 : Apple Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to leak sensitive user information Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries. CVE-ID CVE-2015-7022 : Andreas Kurtz of NESO Security Labs WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5928 : Apple CVE-2015-5929 : Apple CVE-2015-5930 : Apple CVE-2015-6981 CVE-2015-6982 CVE-2015-7002 : Apple CVE-2015-7005 : Apple CVE-2015-7012 : Apple CVE-2015-7014 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "9.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWJuKaAAoJEBcWfLTuOo7tstUP/2wSpPm4N88k8i6mqMZLIp4q 8sat980JOOzTfG+ZNNyBGliULqhDAAamIo5wnonrEguy6Slr24fHz9CY969t5b9+ juzZu8QSrS5GGrK4WJL1klyJCPK65EPW+gqK97lntFcjeUPVOHCHCwuGUfOj4+AH fc7EjlWm7ED3QuKiY7hLD1DQq/y9WWNMNKGDxwkaVYAUQ7vccDNPppH4G+bdP4oz KRR58XlJZ2RGuuN6NR/TKVlbm8HM1i0pXpRo7yO4ZDd4p/QrGdY7UUndng6WZpQn txC00efGPSQA5WxHXwbDQeAI+rqYA0Bi0yJEuWdD9hfSgC0lZ8/G2qz8FrjfdEgJ FnugvjHMZ4vz461oo8+ee0Yfy62hgfilHL73KpPJcYoQQCeuNhiLpP61gUInhgqY uSRxO+EVtLk5hPIxRFcQbQmeJn2qS+04jXD8r05D9piUuyNmRf6FoLFs068SrRcQ LP2sppSl6aW46hAuXIaMwxsbz5vO0GatB5Y4MWDVsxUu5UNHuBPzkX5w2zjeVsZ5 lydJPTQvcfOihWBjJyVXhQWg+thT2h0tybKFfz9fnBqpOY+QjQr5TtQOs5bghp06 bp/CcN4S1GKkwkZ7zx69ZyIP48HTDcD5gxJKqFwdDmy1u939lXP0h3y9uQkBj5Pa 6gEixmcvOvkvoTisU8Gf =E3lA -----END PGP SIGNATURE-----