VARIoT IoT vulnerabilities database
| VAR-201412-0578 | CVE-2014-4469 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0575 | CVE-2014-4465 | Apple Safari Used in etc. WebKit Vulnerabilities that bypass the same origin policy |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. Apple Safari Used in etc.
An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
WebKit in Apple iOS before 8 makes it easier for remote attackers to
track users during private browsing via a crafted web site that
reads HTML5 application-cache data that had been stored during
normal browsing.
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2,
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
Use-after-free vulnerability in WebKit, as used in Apple OS X before
10.10.1, allows remote attackers to execute arbitrary code via
crafted page objects in an HTML document.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes
before 12.3, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted web site, a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes
before 12.3, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted web site, a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-
middle attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via vectors
related to iTunes Store browsing, a different vulnerability than
other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes
before 12.3, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted web site, a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-
middle attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via vectors
related to iTunes Store browsing, a different vulnerability than
other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes
before 12.3, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted web site, a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site, a different vulnerability than other WebKit CVEs listed in
APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes
before 12.3, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted web site, a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes
before 12.3, allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash)
via a crafted web site, a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
WebKit in Apple iOS before 9 does not properly restrict the
availability of Performance API times, which allows remote attackers
to obtain sensitive information about the browser history, mouse
movement, or network traffic via crafted JavaScript code.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and
iTunes before 12.3.1, allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted web site, a different vulnerability than other
WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3,
and APPLE-SA-2015-10-21-5.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and
iTunes before 12.3.1, allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted web site, a different vulnerability than other
WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3,
and APPLE-SA-2015-10-21-5.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and
iTunes before 12.3.1, allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted web site, a different vulnerability than other
WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3,
and APPLE-SA-2015-10-21-5.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
WebKit, as used in Apple Safari before 9.0.1 and iTunes before
12.3.1, allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than other WebKit CVEs
listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and
iTunes before 12.3.1, allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted web site, a different vulnerability than other
WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3,
and APPLE-SA-2015-10-21-5.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and
iTunes before 12.3.1, allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted web site, a different vulnerability than other
WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3,
and APPLE-SA-2015-10-21-5.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
WebKit, as used in Apple Safari before 9.0.1 and iTunes before
12.3.1, allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than other WebKit CVEs
listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and
iTunes before 12.3.1, allows remote attackers to execute arbitrary
code or cause a denial of service (memory corruption and application
crash) via a crafted web site, a different vulnerability than other
WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3,
and APPLE-SA-2015-10-21-5.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7095,
CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098,
CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web
site.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending a maliciously
formatted message to networkd, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0579 | CVE-2014-4470 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0577 | CVE-2014-4468 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0576 | CVE-2014-4466 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. The following versions are affected: Apple Safari prior to 6.2.1, 7.x prior to 7.1.1, and 8.x prior to 8.0.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0574 | CVE-2014-4475 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to Safari 8.0.1, 7.1.1, and 6.2.1 are vulnerable. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0573 | CVE-2014-4474 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
Versions prior to Safari 8.0.1, 7.1.1, and 6.2.1 are vulnerable. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------
Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Advisory URL : http://webkitgtk.org/security/WSA-2015-0002.html
CVE identifiers : CVE-2013-6663, CVE-2014-1748, CVE-2014-3192,
CVE-2014-4409, CVE-2014-4410, CVE-2014-4411,
CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,
CVE-2014-4452, CVE-2014-4459, CVE-2014-4465,
CVE-2014-4466, CVE-2014-4468, CVE-2014-4469,
CVE-2014-4470, CVE-2014-4471, CVE-2014-4472,
CVE-2014-4473, CVE-2014-4474, CVE-2014-4475,
CVE-2014-4476, CVE-2014-4477, CVE-2014-4479,
CVE-2015-1068, CVE-2015-1069, CVE-2015-1070,
CVE-2015-1071, CVE-2015-1072, CVE-2015-1073,
CVE-2015-1074, CVE-2015-1075, CVE-2015-1076,
CVE-2015-1077, CVE-2015-1080, CVE-2015-1081,
CVE-2015-1082, CVE-2015-1083, CVE-2015-1084,
CVE-2015-1119, CVE-2015-1120, CVE-2015-1121,
CVE-2015-1122, CVE-2015-1124, CVE-2015-1126,
CVE-2015-1127, CVE-2015-1152, CVE-2015-1153,
CVE-2015-1154, CVE-2015-1155, CVE-2015-1156,
CVE-2015-2330, CVE-2015-3658, CVE-2015-3659,
CVE-2015-3660, CVE-2015-3727, CVE-2015-3730,
CVE-2015-3731, CVE-2015-3732, CVE-2015-3733,
CVE-2015-3734, CVE-2015-3735, CVE-2015-3736,
CVE-2015-3737, CVE-2015-3738, CVE-2015-3739,
CVE-2015-3740, CVE-2015-3741, CVE-2015-3742,
CVE-2015-3743, CVE-2015-3744, CVE-2015-3745,
CVE-2015-3746, CVE-2015-3747, CVE-2015-3748,
CVE-2015-3749, CVE-2015-3750, CVE-2015-3751,
CVE-2015-3752, CVE-2015-3753, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5788, CVE-2015-5789,
CVE-2015-5790, CVE-2015-5791, CVE-2015-5792,
CVE-2015-5793, CVE-2015-5794, CVE-2015-5795,
CVE-2015-5797, CVE-2015-5798, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802,
CVE-2015-5803, CVE-2015-5804, CVE-2015-5805,
CVE-2015-5806, CVE-2015-5807, CVE-2015-5809,
CVE-2015-5810, CVE-2015-5811, CVE-2015-5812,
CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5816, CVE-2015-5817, CVE-2015-5818,
CVE-2015-5819, CVE-2015-5822, CVE-2015-5823,
CVE-2015-5825, CVE-2015-5826, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5928, CVE-2015-5929,
CVE-2015-5930, CVE-2015-5931, CVE-2015-7002,
CVE-2015-7012, CVE-2015-7013, CVE-2015-7014,
CVE-2015-7048, CVE-2015-7095, CVE-2015-7097,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7102,
CVE-2015-7103, CVE-2015-7104.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2013-6663
Versions affected: WebKitGTK+ before 2.4.0.
Credit to Atte Kettunen of OUSPG.
Use-after-free vulnerability in the SVGImage::setContainerSize
function in core/svg/graphics/SVGImage.cpp in the SVG implementation
in Blink, as used in Google Chrome before 33.0.1750.146, allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors related to the resizing of a
view.
CVE-2014-1748
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Jordan Milne.
The ScrollView::paint function in platform/scroll/ScrollView.cpp in
Blink, as used in Google Chrome before 35.0.1916.114, allows remote
attackers to spoof the UI by extending scrollbar painting into the
parent frame.
CVE-2014-3192
Versions affected: WebKitGTK+ before 2.6.3.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in
Blink, as used in Google Chrome before 38.0.2125.101, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
CVE-2014-4409
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Yosuke Hasegawa (NetAgent Co., Led.).
CVE-2014-4410
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Eric Seidel of Google.
CVE-2014-4411
Versions affected: WebKitGTK+ before 2.6.0.
Credit to Google Chrome Security Team.
CVE-2014-4412
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4413
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4414
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2014-4452
Versions affected: WebKitGTK+ before 2.6.0.
Credit to unknown.
CVE-2014-4459
Versions affected: WebKitGTK+ before 2.6.2.
Credit to unknown.
CVE-2014-4465
Versions affected: WebKitGTK+ before 2.6.2.
Credit to Rennie deGraaf of iSEC Partners.
CVE-2014-4466
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4468
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4469
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2014-4470
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4471
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4472
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4473
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4474
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4475
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2014-4476
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2014-4477
Versions affected: WebKitGTK+ before 2.6.4.
Credit to lokihardt@ASRT working with HP’s Zero Day Initiative.
CVE-2014-4479
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1068
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1069
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1070
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1071
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1072
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1073
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1074
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1075
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Google Chrome Security Team.
CVE-2015-1076
Versions affected: WebKitGTK+ before 2.8.0.
Credit to unknown.
CVE-2015-1077
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1080
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-1081
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1082
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1083
Versions affected: WebKitGTK+ before 2.6.4.
CVE-2015-1084
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-1119
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Renata Hodovan of University of Szeged / Samsung
Electronics.
CVE-2015-1120
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1121
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1122
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1124
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1126
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Jouko Pynnonen of Klikki Oy.
CVE-2015-1127
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Tyler C (2.6.5).
The private-browsing implementation in WebKit in Apple Safari before
6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing
history into an index, which might allow local users to obtain
sensitive information by reading index entries.
CVE-2015-1152
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-1153
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1154
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-1155
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Joe Vennix of Rapid7 Inc. working with HP's Zero Day
Initiative.
CVE-2015-1156
Versions affected: WebKitGTK+ before 2.8.0.
Credit to Zachary Durber of Moodle.
CVE-2015-2330
Versions affected: WebKitGTK+ before 2.6.6.
Credit to Ross Lagerwall.
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6
allows remote attackers to view a secure HTTP request, including,
for example, secure cookies.
CVE-2015-3658
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Brad Hill of Facebook.
CVE-2015-3659
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3660
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3727
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Peter Rutenbar working with HP's Zero Day Initiative.
CVE-2015-3730
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3731
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3732
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3733
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3734
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3735
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3736
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3737
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3738
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3739
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3740
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3741
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3742
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3743
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3744
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3745
Versions affected: WebKitGTK+ before 2.8.1.
CVE-2015-3746
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-3747
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-3748
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3749
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-3750
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x
before 8.0.8, as used in iOS before 8.4.1 and other products, does
not enforce the HTTP Strict Transport Security (HSTS) protection
mechanism for Content Security Policy (CSP) report requests, which
allows man-in-the-middle attackers to obtain sensitive information
by sniffing the network or spoof a report by modifying the client-
server data stream.
CVE-2015-3751
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3752
Versions affected: WebKitGTK+ before 2.8.4.
Credit to Muneaki Nishimura (nishimunea).
CVE-2015-3753
Versions affected: WebKitGTK+ before 2.8.3.
Credit to Antonio Sanso and Damien Antipa of Adobe.
CVE-2015-3754
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Dongsung Kim (@kid1ng).
CVE-2015-3755
Versions affected: WebKitGTK+ before 2.10.0.
Credit to xisigr of Tencent's Xuanwu Lab.
CVE-2015-5788
Versions affected: WebKitGTK+ before 2.8.0.
The WebKit Canvas implementation in Apple iOS before 9 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
image information via vectors involving a CANVAS element.
CVE-2015-5789
Versions affected: WebKitGTK+ before 2.6.1.
CVE-2015-5790
Versions affected: WebKitGTK+ before 2.6.2.
CVE-2015-5791
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5792
Versions affected: WebKitGTK+ before 2.4.0.
CVE-2015-5793
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5794
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5795
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5797
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5798
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5799
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5800
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5801
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5802
Versions affected: WebKitGTK+ before 2.6.0.
CVE-2015-5803
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5804
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5805
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-5806
Versions affected: WebKitGTK+ before 2.8.3.
CVE-2015-5807
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5809
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5810
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5811
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5812
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5813
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5814
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5815
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5816
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5817
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5818
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5819
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5822
Versions affected: WebKitGTK+ before 2.8.1.
Credit to Mark S. Miller of Google.
CVE-2015-5823
Versions affected: WebKitGTK+ before 2.8.0.
CVE-2015-5825
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Yossi Oren et al. of Columbia University's Network
Security Lab.
CVE-2015-5826
Versions affected: WebKitGTK+ before 2.6.5.
Credit to filedescriptior, Chris Evans.
CVE-2015-5827
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Gildas.
WebKit in Apple iOS before 9 allows remote attackers to bypass the
Same Origin Policy and obtain an object reference via vectors
involving a (1) custom event, (2) message event, or (3) pop state
event.
CVE-2015-5828
Versions affected: WebKitGTK+ before 2.10.0.
Credit to Lorenzo Fontana.
CVE-2015-5928
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-5929
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5930
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-5931
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7002
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7012
Versions affected: WebKitGTK+ before 2.8.4.
CVE-2015-7013
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7014
Versions affected: WebKitGTK+ before 2.10.0.
Credit to unknown.
CVE-2015-7048
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7095
Versions affected: WebKitGTK+ before 2.10.2.
CVE-2015-7097
Versions affected: WebKitGTK+ before 2.10.3.
CVE-2015-7099
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7100
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7102
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7103
Versions affected: WebKitGTK+ before 2.10.0.
CVE-2015-7104
Versions affected: WebKitGTK+ before 2.10.0.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
December 28, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-2 iOS 8.1.3
iOS 8.1.3 is now available and addresses the following:
AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesystem
Description: A vulnerability existed in the symbolic linking
mechanism of afc. This issue was addressed by adding additional path
checks.
CVE-ID
CVE-2014-4480 : TaiG Jailbreak Team
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
dyld
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to execute unsigned code
Description: A state management issue existed in the handling of
Mach-O executable files with overlapping segments. This issue was
addressed through improved validation of segment sizes.
CVE-ID
CVE-2014-4455 : TaiG Jailbreak Team
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
FontParser
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of resource lists. This issue was
addressed by removing unneeded code.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed through improved size validation.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation.
CVE-ID
CVE-2014-4489 : @beist
iTunes Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A website may be able to bypass sandbox restrictions using
the iTunes Store
Description: An issue existed in the handling of URLs redirected
from Safari to the iTunes Store that could allow a malicious website
to bypass Safari's sandbox restrictions. The issue was addressed with
improved filtering of URLs opened by the iTunes Store.
CVE-ID
CVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An issue existed in the kernel shared memory subsystem
that allowed an attacker to write to memory that was intended to be
read-only. This issue was addressed with stricter checking of shared
memory permissions.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Maliciously crafted or compromised iOS applications may be
able to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
libnetcore
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
MobileInstallation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious enterprise-signed application may be able to
take control of the local container for applications already on a
device
Description: A vulnerability existed in the application installation
process. This was addressed by preventing enterprise applications
from overriding existing applications in specific scenarios.
CVE-ID
CVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Enterprise-signed applications may be launched without
prompting for trust
Description: An issue existed in determining when to prompt for
trust when first opening an enterprise-signed application. This issue
was addressed through improved code signature validation.
CVE-ID
CVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A UI spoofing issue existed in the handling of
scrollbar boundaries. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4467 : Jordan Milne
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed through enhanced blocking of
external CSS references in SVGs.
CVE-ID
CVE-2014-4465 : Rennie deGraaf of iSEC Partners
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F
pCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb
8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z
mrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn
Bi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8
tTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR
IASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh
wEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P
y8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB
w7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR
IEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY
CfDJ+b9mxdd8GswiT3OO
=j9pr
-----END PGP SIGNATURE-----
| VAR-201412-0409 | CVE-2014-9184 | ZTE ZXDSL 831CII Vulnerabilities that bypass authentication |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. ZXDSL831 is an ADSL modem produced by ZTE Corporation. It is a modem with routing function, which can be called a cat routing machine. The ZTE ZXDSL 831CII has a request to bypass the verification vulnerability, allowing an attacker to exploit this vulnerability to launch an attack on the modem. ZTE ZXDSL is prone to multiple authentication-bypass vulnerabilities. This may aid in further attacks. There is a security vulnerability in ZTE ZXDSL 831CII
| VAR-201412-0683 | No CVE | Buffer Overflow Vulnerability in Multiple IPUX Network Cameras 'UltraSVCamX.ocx' |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
IPUX is a provider of network monitoring solutions. Multiple IPUX network cameras (IPUX ICL5132 and ICL5452) have buffer overflows in their implementation. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected system. IPUX IP Camera is a webcam device. IPUX IP Camera UltraSVCam ActiveX space 'UltraSVCamX.ocx' has a buffer overflow vulnerability that can cause memory corruption when a large number of bytes are passed to multiple functions in UltraSVCamLib, causing an application to crash or execute arbitrary code. Multiple IPUX IP Camera products are prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions.
IPUX ICL5132 and ICL5452 are vulnerable. The device is H.264 Wired/Wireless IP Camera with 1.3 Mega-pixel sensor.With high performance H.264 video compression, the file size of video stream isextremely reduced, as to optimize the network bandwidth efficiency. It has fullPan/Tilt function and 3X digital zoom feature for a larger space monitoring. Thebuilt-in USB port provides a convenient and portable storage option for local storageof event and schedule recording, especially network disconnected.The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack bufferoverflow vulnerability when parsing large amount of bytes to several functions inUltraSVCamLib, resulting in memory corruption overwriting several registers includingthe SEH. An attacker can gain access to the system of the affected node and executearbitrary code.<br/><br/>--------------------------------------------------------------------------------<br/><br/><code>(3ef0.3e0c): Access violation - code c0000005 (first chance)<br/>First chance exceptions are reported before any exception handling.<br/>This exception may be expected and handled.<br/>*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\Downloaded Program Files\UltraSVCamX.ocx - <br/>eax=41414149 ebx=00000001 ecx=00003e0c edx=02163f74 esi=41414141 edi=02163f74<br/>eip=77e8466c esp=003eef8c ebp=003eefc0 iopl=0 nv up ei pl zr na pe nc<br/>cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246<br/>ntdll!RtlDeleteCriticalSection+0x77:<br/>77e8466c 833800 cmp dword ptr [eax],0 ds:002b:41414149=????????<br/></code><br/> --------------------------------------------------------------------------------<br/><br/>Tested on: Microsoft Windows 7 Professional SP1 (EN)
| VAR-201412-0591 | CVE-2014-7254 | ARROWS Me F-11D vulnerability where arbitrary areas may be accessed |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in ARROWS Me F-11D allows physically proximate attackers to read or modify flash memory via unknown vectors. ARROWS Me F-11D contains a vulnerability where arbitrary areas on the device may be accessed. FUKAUMI Naoki of SOUM Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker with local access may obtain or alter contents in the flash memory of the device. ARROWS Me F-11D is a mobile phone launched by Fujitsu. ARROWS Me F-11D has a local information disclosure vulnerability that can be exploited by local attackers to obtain sensitive information or to initiate further attacks. ARROWS Me F-11D is prone to a local information-disclosure vulnerability
| VAR-201412-0585 | CVE-2014-7243 | LG Electronics mobile access routers lack access restrictions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not restrict access to the web administration interface, which allows remote attackers to obtain sensitive information via unspecified vectors. LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the device may bypass authentication and obtain information stored on the device. lG provides users with everything from TVs and audio and video to refrigerators, washing machines and air conditioners, vacuum cleaners, to mobile phones and computer accessories. LG Routers have security bypass vulnerabilities that allow an attacker to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Multiple LG Routers are prone to a security-bypass vulnerability.
The following products are vulnerable:
LG L-09C
LG L-03E
LG L-04D
| VAR-201412-0590 | CVE-2014-7253 | OS command injection vulnerability in multiple FUJITSU Android devices |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. Multiple FUJITSU Android devices contain an OS command injection vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker with local access may obtain root privileges and execute arbitrary OS commands. Fujitsu is the world's leading provider of ICT integrated services for industry solutions for the global market
| VAR-201412-0589 | CVE-2014-7252 | Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation.". The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multiple vulnerabilities where userland data is not properly validated prior to use. Exploitation of these vulnerabilities may lead to arbitrary code execution or kernel memory content disclosure. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When the device is accessed through the Android Debug Bridge (adb), contents of the kernel memory may be obtained or arbitrary code may be executed to obtain root privileges.
Local attackers can exploit these vulnerabilities to execute arbitrary code and gain sensitive information in the context of the user running the vulnerable application
| VAR-201412-0520 | CVE-2014-5429 | Elipse SCADA and Elipse Power of DNP Master Driver Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. Multiple Elipse products are prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected process, denying service to legitimate users. Elipse Software SCADA etc. are the products of Brazil Elipse Software Company. Elipse Software SCADA is a set of software for deploying, implementing and integrating HMI and SCADA applications; Elipse Software E3 is a set of HMI/SCADA platforms that provide support for distributed applications, mission-critical applications and control centers; Elipse Software Power is A power management suite. DNP Master Driver is a DNP (communication protocol) master driver for it
| VAR-201412-0206 | CVE-2014-1595 | Apple OS X Multiple running on Mozilla Vulnerabilities in which important information is obtained in products |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information. Supplementary information : CWE Vulnerability type by CWE-199: Information Management Errors ( Information management issues ) Has been identified. http://cwe.mitre.org/data/definitions/199.htmlBy local users /tmp By reading the file, important information may be obtained. Mozilla Firefox/Thunderbird are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to gain access to sensitive information. Information obtained may lead to further attacks.
These issues are fixed in:
Firefox 34
Firefox ESR 31.3
Thunderbird 31.3. Thunderbird is a set of e-mail client software independent from the Mozilla Application Suite. A security vulnerability exists in several Mozilla products due to the program ignoring the CoreGraphics disable-logging operation required by jemalloc-based applications. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:
AFP Server
Available for: OS X Mavericks v10.9.5
Impact: A remote attacker may be able to determine all the network
addresses of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
bash
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description: Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Bluetooth
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero
Bluetooth
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments
CommerceKit Framework
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: An attacker with access to a system may be able to recover
Apple ID credentials
Description: An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard
CoreGraphics
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
.dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple
Foundation
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative
IOKit
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
IOUSBFamily
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A privileged application may be able to read arbitrary data
from kernel memory
Description: A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description: Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike
Kernel
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: OS X Mavericks v10.9.5
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security
libnetcore
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious, sandboxed app can compromise the networkd
daemon
Description: Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero
LoginWindow
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A Mac may not lock immediately upon wake
Description: An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple
SceneKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team
SceneKit
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant
sysmond
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple
Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243
OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iQIcBAEBAgAGBQJUx8ufAAoJEBcWfLTuOo7tWecQAIFvaOlK0Ar2vbUaH0TIpO9F
N9SbkWmdNHDNUvc3LJOaeVfAFlXPbgHYqXGIC0kZiRL5Kyhy/K2hH29iNoIDqfET
D1jPWOaAFhzvohViYl12ne/A7bBs5v+3G6gqmGCDCqGyn5VFdUMmS0/ZJSCUkPQG
LqTvj5D4ulYl8I5uA9Ur9jD2j/TkSCOWiSTO5diMlt1WcKb1fn5pl9b0YNweI8UX
FcZPrIlVNeaSywuitdxZEcWOhsJYbS6Xw13crS/HNJGEO+5N7keCnCJiN9HW4Pt6
8iNAgkSWX6S8nP6mq3tiKJmvh6Qj88tvSLgotc79+C8djvkwkxr3611sSLRUStI/
qmwDeJS+rvNgFiLbcJjDDH1EC3qBqMb5mIsMtnXKDDMS8mNeJHaQFngK2YacFLuW
gzAMZIcEhLpWq46rYHBsPsB1iG1shyxxz1zL+JKNAi1aTtfFrP3aItQBUG5T345V
0oJol8oxzen9KLNYJMvE9CTJlrRr204DoQkmhY2dUP2W1EQoEGw2qzy/zBIq0yFA
0FNVcSXE+T4yCyHRGakK/sccw6lyCP0xS/lgaPlkyHsFT3oalu9yyqNtDCJl/Cns
sAa5dw0tlb8/zWQ3fsJna2yrw5xSboA5KWegtrjtjodrz8O1MjRrTPgx8AnLjKzq
nggZl3Sa+QhfaHSUqSJI
=uAqk
-----END PGP SIGNATURE-----
| VAR-201412-0664 | No CVE | D-Link DAP-1360 Cross-Site Request Forgery Vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
The D-Link DAP-1360 is a wireless router. D-Link DAP-1360 is a wireless access point product (AP) of D-Link.
D-Link DAP-1360 has a cross-site scripting vulnerability and a cross-site request forgery vulnerability. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication, performing unauthorized operations, and obtaining or modifying sensitive information. Other attacks may also be possible
| VAR-201412-0663 | No CVE | Multiple vulnerabilities in Prolink PRN2001 Router |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Prolink PRN2001 Router is a router device. The Prolink PRN2001 Router has multiple security vulnerabilities, allowing attackers to create administrator privileges, upgrade device firmware, upload and download configuration files, enhance privileges, and obtain sensitive information. Fida International Prolink PRN2001 is a wireless router product from Singapore Fida International.
There is a security vulnerability in Fida International Prolink PRN2001 Router. An attacker could use this vulnerability to execute arbitrary HTML or JavaScript code in the context of the affected site, steal cookie-based authentication or control the way the site is presented to the user, crash the application, bypass security restrictions, and gain access to sensitive information . Vulnerabilities exist in the PRN2001 Router using version 1.2 firmware, other versions may also be affected. Other attacks are also possible
| VAR-202001-1342 | CVE-2014-3809 | Alcatel-Lucent 1830 Photonic Service Switch Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the myurl parameter to menu/pop.html. Alcatel-Lucent 1830 Photonic Service Switch is a photonic service switch that supports next-generation WDM multi-service transmission from access to the core. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks
| VAR-201412-0290 | CVE-2014-8003 | Cisco Integrated Management Controller 'map-nfs' Command Local Privilege Escalation Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998. Successful exploits will result in the complete compromise of the affected device.
This issue being tracked by Cisco Bug ID CSCup05998. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. A security vulnerability exists in Cisco UCS 2.2(2c)A and earlier versions of Cisco IMC
| VAR-201412-0592 | CVE-2014-7255 | SEIL Series routers vulnerable to denial-of-service (DoS) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 through 4.62, SEIL/X2 2.50 through 4.62, SEIL/B1 2.50 through 4.62, and SEIL/x86 Fuji 1.70 through 3.22 allow remote attackers to cause a denial of service (CPU and traffic consumption) via a large number of NTP requests within a short time, which causes unnecessary NTP responses to be sent. contain a denial-of-service (DoS) vulnerability due to an issue in processing NTP requests. Note that this vulnerability is different from JVN#04895240.By receiving a large volume of NTP request in a short time, the device might continue sending response packets. As a result, the device's resource may be consumed or the device may be exploited in a DDoS attack. SEIL is a series of router devices. SEIL Series Routers are prone to a remote denial-of-service vulnerability.
The following products are vulnerable:
SEIL/X1 versions 2.50 through 4.62
SEIL/X2 versions 2.50 through 4.62
SEIL/B1 versions 2.50 through 4.62
SEIL/x86 Fuji versions 1.70 through 3.22. SEIL routers