VARIoT IoT vulnerabilities database
| VAR-201409-0531 | CVE-2014-6252 | SAP NetWeaver 'disp+work.exe' Buffer Overflow Vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. SAP NetWeaver is the technical foundation of SAP's integrated technology platform and all SAP applications since SAP Business Suite. A buffer overflow vulnerability exists in SAP NetWeaver 'disp+work.exe'. Failed exploit attempts may result in a denial-of-service condition
| VAR-201801-0087 | CVE-2014-5394 | plural Huawei Campus Information disclosure vulnerability in switch products |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal. plural Huawei Campus A switch product contains an information disclosure vulnerability.Information may be obtained. Huawei Campus Series Switches is China's Huawei series of Campus switches. Huawei Campus Series Switches has a user enumeration vulnerability that allows an attacker to exploit a vulnerability to obtain a valid username and initiate further attacks.
An attacker may leverage this issue to harvest valid usernames, which may aid in further attacks. A remote attacker can use this vulnerability to log in to the server through SSH to guess whether a user name exists on the switch device based on the information returned by the server
| VAR-201408-0354 | CVE-2014-5382 | Schrack Technik microControl Of firmware Web Interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. Technik Microcontrol Firmware is prone to a cross-site scripting vulnerability. Schrack Technik microControl is a distributed power supply system (low power consumption system) of Schrack Technik Company in Austria
| VAR-201408-0031 | CVE-2013-6306 | IBM Power 7 In the system Service Processor Privileged vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.
Local attackers can exploit this issue to gain elevated privileges on affected computers. The following versions are affected: IBM Power 7 Systems Version 740 prior to Version 740.70 01Ax740_121, Version 760 prior to Version 760.40 Ax760_078, Version 770 prior to Version 770.30 01Ax770_062
| VAR-201408-0155 | CVE-2014-3331 | Cisco ASR 5000 Series of software Packet Data Network Gateway of Service disruption in the Session Manager component (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted TCP packet, aka Bug ID CSCuo21914. The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to Long Term Evolution (LTE). Cisco ASR 5000 Series Software is prone to a denial-of-service vulnerability.
This issue is being tracked by Cisco Bug ID CSCuo21914. Packet Data Network Gateway (aka PGW) is one of the packet data gateways
| VAR-201408-0163 | CVE-2014-3340 | Cisco WebEx MeetMeNow Server of PHP Directory traversal vulnerability in scripts |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in an unspecified PHP script in the server in Cisco WebEx MeetMeNow allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCuo16166. Cisco Webex is Cisco's web conferencing product. Allows a local attacker to exploit the vulnerability to view arbitrary file content on the affected system.
This issue is tracked by Cisco BugID CSCuo16166
| VAR-201408-0330 | CVE-2014-2216 | FortiNet FortiGate and FortiWiFi appliances contain multiple vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted request. Fortinet FortiGate and FortiWiFi appliances are susceptible to man-in-the-middle attacks (CWE-300) and a heap-based overflow vulnerability (CWE-122). In addition, JVNVU#96848844 Then CWE-300 and CWE-122 Published as. Fortinet FortiOS is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam. FortiManager protocol service versions prior to FortiOS 4.3.16 and FortiOS versions prior to 5.0.8 on FortiGate units have a security vulnerability
| VAR-201408-0164 | CVE-2014-3341 | Cisco Nexus 5000 and 6000 Run on device Cisco NX-OS of SNMP In module VLAN Enumerated vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616. Vendors have confirmed this vulnerability Bug ID CSCup85616 It is released as.By a third party, through a series of requests, VLAN May be enumerated. Cisco NX-OS is a data center-class operating system that embodies modular design, resiliency, and maintainability. Cisco NX-OS is able to divide OS and hardware resources into virtual environments that emulate virtual devices. Each VDC has its own software processes, dedicated hardware resources (interfaces), and a separate management environment. A security vulnerability exists in the SNMP module of Cisco NX-OS Software. An unauthenticated remote attacker can exploit this vulnerability to obtain sensitive information.
This issue is being tracked by Cisco bug ID CSCup85616. Cisco NX-OS on Nexus 5000 and 6000 devices is a set of operating systems run by Cisco in the Nexus 5000 and 6000 series devices
| VAR-201408-0235 | CVE-2014-5246 | Tenda A5S Router Cookie Authentication Bypass Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. Tenda is a network equipment provider in Shenzhen. Tenda A5s router is prone to an authentication-bypass vulnerability.
Tenda A5s running firmware 3.02.05_CN is vulnerable; other versions may also be affected
| VAR-201408-0361 | CVE-2014-5333 | Adobe Flash Player and Adobe AIR Vulnerable to cross-site request forgery attacks |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. Adobe Flash Player and Adobe AIR are prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks
| VAR-201408-0173 | CVE-2014-5074 | Siemens SIMATIC S7-1500 CPU Service disruption in device firmware (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets. Siemens SIMATIC is an automation software in a single engineering environment. A denial of service vulnerability exists in Siemens SIMATIC S7-1500 that can be exploited by remote attackers to initiate a denial of service attack. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability.
Versions prior to SIMATIC S7-1500 1.6 are vulnerable. A security vulnerability exists in Siemens SIMATIC S7-1500 CPU devices with firmware versions earlier than 1.6
| VAR-201408-0086 | CVE-2014-3522 | Apache Subversion of Serf RA Vulnerability impersonating server in layer |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Supplementary information : CWE Vulnerability type by CWE-297: Improper Validation of Certificate with Host Mismatch ( Improper validation of certificates due to host mismatch ) Has been identified. http://cwe.mitre.org/data/definitions/297.htmlA man-in-the-middle attack can impersonate a server through a crafted certificate. Apache Subversion is prone to an information disclosure vulnerability. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks. The system is compatible with the Concurrent Versions System (CVS). The vulnerability stems from the fact that the program does not correctly handle the Common Name ( CN) or a wildcard for the subjectAltName field. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:085
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : subversion
Date : March 28, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated subversion packages fix security vulnerabilities:
The mod_dav_svn module in Apache Subversion before 1.8.8, when
SVNListParentPath is enabled, allows remote attackers to cause a
denial of service (crash) via an OPTIONS request (CVE-2014-0032).
Ben Reser discovered that Subversion did not correctly validate SSL
certificates containing wildcards.
Bert Huijben discovered that Subversion did not properly handle
cached credentials. A malicious server could possibly use this issue
to obtain credentials cached for a different server (CVE-2014-3528).
A NULL pointer dereference flaw was found in the way mod_dav_svn
handled REPORT requests. A remote, unauthenticated attacker could
use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580).
A NULL pointer dereference flaw was found in the way mod_dav_svn
handled URIs for virtual transaction names. A remote, unauthenticated
attacker could send a request for a virtual transaction name that
does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://advisories.mageia.org/MGASA-2014-0105.html
http://advisories.mageia.org/MGASA-2014-0339.html
http://advisories.mageia.org/MGASA-2014-0545.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
3c1e67f77228815883b105a8e62a10e0 mbs2/x86_64/apache-mod_dav_svn-1.8.11-1.mbs2.x86_64.rpm
35c5f1efb679c09bc48d917b94954713 mbs2/x86_64/lib64svn0-1.8.11-1.mbs2.x86_64.rpm
56722eb7ac7b08654d795a5981ebd210 mbs2/x86_64/lib64svnjavahl1-1.8.11-1.mbs2.x86_64.rpm
e1479d1c61864767d56a147bb4ee9b7f mbs2/x86_64/perl-SVN-1.8.11-1.mbs2.x86_64.rpm
7c4d79f31b0559c22cc84f39a06f9da0 mbs2/x86_64/perl-svn-devel-1.8.11-1.mbs2.x86_64.rpm
14720ab01668a9d04b566d5102c09f68 mbs2/x86_64/python-svn-1.8.11-1.mbs2.x86_64.rpm
07db3a7142457efc1e0547fd40bbf03f mbs2/x86_64/python-svn-devel-1.8.11-1.mbs2.x86_64.rpm
8d0511abbed2c57f505183bf00c4ab0d mbs2/x86_64/ruby-svn-1.8.11-1.mbs2.x86_64.rpm
8d062f6dd429b87f2b1d432c92e9a84a mbs2/x86_64/ruby-svn-devel-1.8.11-1.mbs2.x86_64.rpm
31e14a18991a2383065a069d53d3cd4e mbs2/x86_64/subversion-1.8.11-1.mbs2.x86_64.rpm
1ce1c374c428409e8a6380d64b8706f8 mbs2/x86_64/subversion-devel-1.8.11-1.mbs2.x86_64.rpm
052411de41e785decc0bc130e2756eff mbs2/x86_64/subversion-doc-1.8.11-1.mbs2.x86_64.rpm
98c1473e3721e4c9a6996db448c6ff36 mbs2/x86_64/subversion-server-1.8.11-1.mbs2.x86_64.rpm
6ad3881116530af4d889bb6c142d70dc mbs2/x86_64/subversion-tools-1.8.11-1.mbs2.x86_64.rpm
3fb0c871a5771c8fe4c6475b5ac0406c mbs2/x86_64/svn-javahl-1.8.11-1.mbs2.x86_64.rpm
45e0624a89e4c79d4739cd4eb22d9a29 mbs2/SRPMS/subversion-1.8.11-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFl6JmqjQ0CJFipgRAgkVAJ4xKUzteqhyYcBC4AuYoZ7Lv3oQZQCfROhl
NaJSaZq4W6qIMwD8fhQF5Ls=
=R/mF
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-2316-1
August 14, 2014
subversion vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description:
- subversion: Advanced version control system
Details:
Lieven Govaerts discovered that the Subversion mod_dav_svn module
incorrectly handled certain request methods when SVNListParentPath was
enabled. This issue only affected Ubuntu
12.04 LTS. (CVE-2014-3528)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libsvn1 1.8.8-1ubuntu3.1
subversion 1.8.8-1ubuntu3.1
Ubuntu 12.04 LTS:
libapache2-svn 1.6.17dfsg-3ubuntu3.4
libsvn1 1.6.17dfsg-3ubuntu3.4
subversion 1.6.17dfsg-3ubuntu3.4
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2316-1
CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
Package Information:
https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.1
https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.4
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201610-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Subversion, Serf: Multiple Vulnerabilities
Date: October 11, 2016
Bugs: #500482, #518716, #519202, #545348, #556076, #567810,
#581448, #586046
ID: 201610-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Subversion and Serf, the
worst of which could lead to execution of arbitrary code.
Background
==========
Subversion is a version control system intended to eventually replace
CVS. Like CVS, it has an optional client-server architecture (where the
server can be an Apache server running mod_svn, or an ssh program as in
CVS's :ext: method). In addition to supporting the features found in
CVS, Subversion also provides support for moving and copying files and
directories.
The serf library is a high performance C-based HTTP client library
built upon the Apache Portable Runtime (APR) library.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4
*> 1.8.16
2 net-libs/serf < 1.3.7 >= 1.3.7
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Subversion and Serf.
Please review the CVE identifiers referenced below for details
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, conduct a man-in-the-middle attack, obtain
sensitive information, or cause a Denial of Service Condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Subversion users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
==========
[ 1 ] CVE-2014-0032
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032
[ 2 ] CVE-2014-3504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504
[ 3 ] CVE-2014-3522
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522
[ 4 ] CVE-2014-3528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528
[ 5 ] CVE-2015-0202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202
[ 6 ] CVE-2015-0248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248
[ 7 ] CVE-2015-0251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251
[ 8 ] CVE-2015-3184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184
[ 9 ] CVE-2015-3187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187
[ 10 ] CVE-2015-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259
[ 11 ] CVE-2016-2167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167
[ 12 ] CVE-2016-2168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
CVE-ID
CVE-2014-3522
CVE-2014-3528
CVE-2014-3580
CVE-2014-8108
Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .git folder
Description: The checks involved in disallowed paths did not account
for case insensitivity or unicode characters. This issue was
addressed by adding additional checks.
CVE-ID
CVE-2014-9390 : Matt Mackall of Mercurial and Augie Fackler of
Mercurial
Xcode 6.2 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "6.2"
| VAR-201410-1182 | CVE-2014-8331 | Huawei HiLink Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions. The Huawei HiLink E3236 and E3276 are HSPA+ 21Mbps USB modems. Both Huawei HiLink E3236 and E3276 are USB modem products of the Chinese Huawei (Huawei). Cross-site request forgery vulnerabilities exist in Huawei HiLink E3236 and E3276 versions
| VAR-201408-0302 | CVE-2014-1390 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari versions 6.1.5 and prior and 7.x prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6
Safari 6.1.6 and Safari 7.0.6 are now available and address the
following:
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1386 : an anonymous researcher
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-1390 : Apple
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.6
and Safari 6.1.6 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.6 is available via the Apple
Software Update application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJT67f/AAoJEBcWfLTuOo7th1QP/RNK3hYzgvKM4nUGi0f/dKFv
CnMSh8ysRUBca184nmsVC+GNhSiYUsoY17yzOjNTqTahIumb//B77UDduVKmZ7Sh
xY/jwCS8hW26Rwq12Hl3xxILLr8wdfv92lg4A6Q6kBOHaMrYkL73KPYb05K6Savb
+sRnUQ2lGnsOYYOABQ9LBGDY2g5IKzFjG0z/cd5RqyPsynFDXX4a2fLIdP5CnhUB
uffe6n6qkx4VN5px1a8W0EBfkZYXRDGP5G9Uafu85PKpCRQwIhMapw78Dn1Bm5pZ
j1T3353JqoRq3C9HeSA9QIxTQiohxKx96s+kwZ4NcjOEBZ4eKqUmrrOSGG1SY2kT
aB2xwg02QkyJ2JF/EHWB4hYKn3G6ibVMhdcGQn35yBWdLTHTjt2ey9GFyAks2+Qw
pD9laSh1OyV9bye9xyDuxEM3czMTmLifxRSS6yovwCWBOGc4MgqVEU4T0nOAIXpC
wPI+cWSSOJbodeSuPtSsPOTX7bvvCLTs+m+TVbw5kiyLxFykU2Rq2bxGzc50mye3
/iZydodYPyxyAjFCwD+iwz51vk+GQsrv9t8OEanZRtU9rs/Q65j44W7aLARiw+Zu
UzqUTn2wEOS4P0iMIoRfG7kiOnp4IbsMWEEq0BzJe12Be5byljblVvN2x289w0If
BOXU+79WS0At0joNkHnb
=cfmv
-----END PGP SIGNATURE-----
| VAR-201408-0301 | CVE-2014-1389 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari 6.1.5 and earlier, and 8.x versions prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-1 iOS 8
iOS 8 is now available and addresses the following:
802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID
of the user
Description: An issue existed in the access control logic for
accounts. A sandboxed application could get information about the
currently-active iCloud account, including the name of the account.
This issue was addressed by restricting access to certain account
types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of
events, which resulted in the screen not locking. This issue was
addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access
sensitive user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the
address book
Description: The address book was encrypted with a key protected
only by the hardware UID. This issue was addressed by encrypting the
address book with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A race condition existed in App Installation. An
attacker with the capability of writing to /tmp may have been able to
install an unverified app. This issue was addressed by staging files
for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A path traversal issue existed in App Installation. A
local attacker could have retargeted code signature validation to a
bundle different from the one being installed and cause installation
of an unverified app. This issue was addressed by detecting and
preventing path traversal when determining which code signature to
verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause an iOS device to think that it is up to date even when it is
not
Description: A validation issue existed in the handling of update
check responses. Spoofed dates from Last-Modified response headers
set to future dates were used for If-Modified-Since checks in
subsequent update requests. This issue was addressed by validation of
the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading
iOS
Description: Bluetooth was enabled automatically after upgrading
iOS. This was addressed by only turning on Bluetooth for major or
minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime
audio call without prompting
Description: Mail did not consult the user before launching
facetime-audio:// URLs. This issue was addressed with the addition of
a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did
not have sufficient access control. This issue was addressed through
additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
iMessage
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is
deleted
Description: A race condition existed in how attachments were
deleted. This issue was addressed by conducting additional checks on
whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of
IOAcceleratorFamily API arguments. This issue was addressed through
improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed by improved error
handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers,
which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily
kernel extension. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the
home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a
device to proceed to the home screen even if it should still be in an
activation locked state. This was addressed by changing the
information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the
server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had
advertised the LOGINDISABLED IMAP capability. This issue is mostly a
concern when connecting to servers that are configured to accept non-
encrypted connections and that advertise LOGINDISABLED. This issue
was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may
potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading
iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via
autofill
Description: Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame. This
issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the third-
party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
Settings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even
when this feature is disabled
Description: An issue existed in the previewing of text message
notifications at the lock screen. As a result, the contents of
received messages would be shown at the lock screen even when
previews were disabled in Settings. The issue was addressed through
improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),
Italy
syslog
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: syslogd followed symbolic links while changing
permissions on files. This issue was addressed through improved
handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech
Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used
to determine local weather. This issue was addressed by changing
APIs.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC
address was being used to scan for WiFi networks. This issue was
addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities.
For details, please consult http://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted
computers. Instructions can be found at
http://support.apple.com/kb/HT5868
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e
W2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7
rHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9
tNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ
tZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm
TMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV
s32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl
iesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy
HO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD
g2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg
h5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY
ZZCDpw0BRMEXUyXqTns7
=hlmW
-----END PGP SIGNATURE-----
| VAR-201408-0066 | CVE-2014-1386 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari 6.1.5 and earlier, and 11.x versions prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6
Safari 6.1.6 and Safari 7.0.6 are now available and address the
following:
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1386 : an anonymous researcher
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-1390 : Apple
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.6
and Safari 6.1.6 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.6 is available via the Apple
Software Update application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJT67f/AAoJEBcWfLTuOo7th1QP/RNK3hYzgvKM4nUGi0f/dKFv
CnMSh8ysRUBca184nmsVC+GNhSiYUsoY17yzOjNTqTahIumb//B77UDduVKmZ7Sh
xY/jwCS8hW26Rwq12Hl3xxILLr8wdfv92lg4A6Q6kBOHaMrYkL73KPYb05K6Savb
+sRnUQ2lGnsOYYOABQ9LBGDY2g5IKzFjG0z/cd5RqyPsynFDXX4a2fLIdP5CnhUB
uffe6n6qkx4VN5px1a8W0EBfkZYXRDGP5G9Uafu85PKpCRQwIhMapw78Dn1Bm5pZ
j1T3353JqoRq3C9HeSA9QIxTQiohxKx96s+kwZ4NcjOEBZ4eKqUmrrOSGG1SY2kT
aB2xwg02QkyJ2JF/EHWB4hYKn3G6ibVMhdcGQn35yBWdLTHTjt2ey9GFyAks2+Qw
pD9laSh1OyV9bye9xyDuxEM3czMTmLifxRSS6yovwCWBOGc4MgqVEU4T0nOAIXpC
wPI+cWSSOJbodeSuPtSsPOTX7bvvCLTs+m+TVbw5kiyLxFykU2Rq2bxGzc50mye3
/iZydodYPyxyAjFCwD+iwz51vk+GQsrv9t8OEanZRtU9rs/Q65j44W7aLARiw+Zu
UzqUTn2wEOS4P0iMIoRfG7kiOnp4IbsMWEEq0BzJe12Be5byljblVvN2x289w0If
BOXU+79WS0At0joNkHnb
=cfmv
-----END PGP SIGNATURE-----
| VAR-201408-0068 | CVE-2014-1388 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari 6.1.5 and earlier, and 9.x prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-1 iOS 8
iOS 8 is now available and addresses the following:
802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID
of the user
Description: An issue existed in the access control logic for
accounts. A sandboxed application could get information about the
currently-active iCloud account, including the name of the account.
This issue was addressed by restricting access to certain account
types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of
events, which resulted in the screen not locking. This issue was
addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access
sensitive user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the
address book
Description: The address book was encrypted with a key protected
only by the hardware UID. This issue was addressed by encrypting the
address book with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A race condition existed in App Installation. An
attacker with the capability of writing to /tmp may have been able to
install an unverified app. This issue was addressed by staging files
for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A path traversal issue existed in App Installation. A
local attacker could have retargeted code signature validation to a
bundle different from the one being installed and cause installation
of an unverified app. This issue was addressed by detecting and
preventing path traversal when determining which code signature to
verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause an iOS device to think that it is up to date even when it is
not
Description: A validation issue existed in the handling of update
check responses. Spoofed dates from Last-Modified response headers
set to future dates were used for If-Modified-Since checks in
subsequent update requests. This issue was addressed by validation of
the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading
iOS
Description: Bluetooth was enabled automatically after upgrading
iOS. This was addressed by only turning on Bluetooth for major or
minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime
audio call without prompting
Description: Mail did not consult the user before launching
facetime-audio:// URLs. This issue was addressed with the addition of
a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did
not have sufficient access control. This issue was addressed through
additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
iMessage
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is
deleted
Description: A race condition existed in how attachments were
deleted. This issue was addressed by conducting additional checks on
whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of
IOAcceleratorFamily API arguments. This issue was addressed through
improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed by improved error
handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers,
which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily
kernel extension. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the
home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a
device to proceed to the home screen even if it should still be in an
activation locked state. This was addressed by changing the
information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the
server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had
advertised the LOGINDISABLED IMAP capability. This issue is mostly a
concern when connecting to servers that are configured to accept non-
encrypted connections and that advertise LOGINDISABLED. This issue
was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may
potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading
iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via
autofill
Description: Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame. This
issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the third-
party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
Settings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even
when this feature is disabled
Description: An issue existed in the previewing of text message
notifications at the lock screen. As a result, the contents of
received messages would be shown at the lock screen even when
previews were disabled in Settings. The issue was addressed through
improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),
Italy
syslog
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: syslogd followed symbolic links while changing
permissions on files. This issue was addressed through improved
handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech
Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used
to determine local weather. This issue was addressed by changing
APIs.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC
address was being used to scan for WiFi networks. This issue was
addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities.
For details, please consult http://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted
computers. Instructions can be found at
http://support.apple.com/kb/HT5868
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e
W2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7
rHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9
tNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ
tZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm
TMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV
s32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl
iesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy
HO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD
g2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg
h5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY
ZZCDpw0BRMEXUyXqTns7
=hlmW
-----END PGP SIGNATURE-----
| VAR-201408-0065 | CVE-2014-1385 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari 6.1.5 and earlier, and 12.x versions prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-1 iOS 8
iOS 8 is now available and addresses the following:
802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID
of the user
Description: An issue existed in the access control logic for
accounts. A sandboxed application could get information about the
currently-active iCloud account, including the name of the account.
This issue was addressed by restricting access to certain account
types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of
events, which resulted in the screen not locking. This issue was
addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access
sensitive user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the
address book
Description: The address book was encrypted with a key protected
only by the hardware UID. This issue was addressed by encrypting the
address book with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A race condition existed in App Installation. An
attacker with the capability of writing to /tmp may have been able to
install an unverified app. This issue was addressed by staging files
for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A path traversal issue existed in App Installation. A
local attacker could have retargeted code signature validation to a
bundle different from the one being installed and cause installation
of an unverified app. This issue was addressed by detecting and
preventing path traversal when determining which code signature to
verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause an iOS device to think that it is up to date even when it is
not
Description: A validation issue existed in the handling of update
check responses. Spoofed dates from Last-Modified response headers
set to future dates were used for If-Modified-Since checks in
subsequent update requests. This issue was addressed by validation of
the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading
iOS
Description: Bluetooth was enabled automatically after upgrading
iOS. This was addressed by only turning on Bluetooth for major or
minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime
audio call without prompting
Description: Mail did not consult the user before launching
facetime-audio:// URLs. This issue was addressed with the addition of
a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did
not have sufficient access control. This issue was addressed through
additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
iMessage
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is
deleted
Description: A race condition existed in how attachments were
deleted. This issue was addressed by conducting additional checks on
whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of
IOAcceleratorFamily API arguments. This issue was addressed through
improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed by improved error
handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers,
which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily
kernel extension. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the
home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a
device to proceed to the home screen even if it should still be in an
activation locked state. This was addressed by changing the
information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the
server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had
advertised the LOGINDISABLED IMAP capability. This issue is mostly a
concern when connecting to servers that are configured to accept non-
encrypted connections and that advertise LOGINDISABLED. This issue
was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may
potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading
iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via
autofill
Description: Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame. This
issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the third-
party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
Settings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even
when this feature is disabled
Description: An issue existed in the previewing of text message
notifications at the lock screen. As a result, the contents of
received messages would be shown at the lock screen even when
previews were disabled in Settings. The issue was addressed through
improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),
Italy
syslog
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: syslogd followed symbolic links while changing
permissions on files. This issue was addressed through improved
handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech
Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used
to determine local weather. This issue was addressed by changing
APIs.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC
address was being used to scan for WiFi networks. This issue was
addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities.
For details, please consult http://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted
computers. Instructions can be found at
http://support.apple.com/kb/HT5868
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e
W2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7
rHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9
tNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ
tZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm
TMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV
s32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl
iesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy
HO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD
g2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg
h5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY
ZZCDpw0BRMEXUyXqTns7
=hlmW
-----END PGP SIGNATURE-----
| VAR-201408-0064 | CVE-2014-1384 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari versions 6.1.5 and prior and 7.x prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-1 iOS 8
iOS 8 is now available and addresses the following:
802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID
of the user
Description: An issue existed in the access control logic for
accounts. A sandboxed application could get information about the
currently-active iCloud account, including the name of the account.
This issue was addressed by restricting access to certain account
types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of
events, which resulted in the screen not locking. This issue was
addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access
sensitive user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the
address book
Description: The address book was encrypted with a key protected
only by the hardware UID. This issue was addressed by encrypting the
address book with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A race condition existed in App Installation. An
attacker with the capability of writing to /tmp may have been able to
install an unverified app. This issue was addressed by staging files
for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A path traversal issue existed in App Installation. A
local attacker could have retargeted code signature validation to a
bundle different from the one being installed and cause installation
of an unverified app. This issue was addressed by detecting and
preventing path traversal when determining which code signature to
verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause an iOS device to think that it is up to date even when it is
not
Description: A validation issue existed in the handling of update
check responses. Spoofed dates from Last-Modified response headers
set to future dates were used for If-Modified-Since checks in
subsequent update requests. This issue was addressed by validation of
the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading
iOS
Description: Bluetooth was enabled automatically after upgrading
iOS. This was addressed by only turning on Bluetooth for major or
minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime
audio call without prompting
Description: Mail did not consult the user before launching
facetime-audio:// URLs. This issue was addressed with the addition of
a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did
not have sufficient access control. This issue was addressed through
additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
iMessage
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is
deleted
Description: A race condition existed in how attachments were
deleted. This issue was addressed by conducting additional checks on
whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of
IOAcceleratorFamily API arguments. This issue was addressed through
improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed by improved error
handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers,
which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily
kernel extension. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the
home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a
device to proceed to the home screen even if it should still be in an
activation locked state. This was addressed by changing the
information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the
server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had
advertised the LOGINDISABLED IMAP capability. This issue is mostly a
concern when connecting to servers that are configured to accept non-
encrypted connections and that advertise LOGINDISABLED. This issue
was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may
potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading
iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via
autofill
Description: Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame. This
issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the third-
party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
Settings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even
when this feature is disabled
Description: An issue existed in the previewing of text message
notifications at the lock screen. As a result, the contents of
received messages would be shown at the lock screen even when
previews were disabled in Settings. The issue was addressed through
improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),
Italy
syslog
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: syslogd followed symbolic links while changing
permissions on files. This issue was addressed through improved
handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech
Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used
to determine local weather. This issue was addressed by changing
APIs.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC
address was being used to scan for WiFi networks. This issue was
addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities.
For details, please consult http://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted
computers. Instructions can be found at
http://support.apple.com/kb/HT5868
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e
W2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7
rHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9
tNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ
tZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm
TMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV
s32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl
iesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy
HO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD
g2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg
h5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY
ZZCDpw0BRMEXUyXqTns7
=hlmW
-----END PGP SIGNATURE-----
| VAR-201408-0067 | CVE-2014-1387 | Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker may exploit these issues by enticing victims into viewing a malicious webpage.
Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari versions 6.1.5 and earlier and 10.x versions prior to 7.0.6.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.4.9 >= 2.4.9
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.4.9:3"
All WebKitGTK+ 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-libs/webkit-gtk-2.4.9-r200:2"
References
==========
[ 1 ] CVE-2014-1344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344
[ 2 ] CVE-2014-1384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384
[ 3 ] CVE-2014-1385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385
[ 4 ] CVE-2014-1386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386
[ 5 ] CVE-2014-1387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387
[ 6 ] CVE-2014-1388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388
[ 7 ] CVE-2014-1389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389
[ 8 ] CVE-2014-1390
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201601-02
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-1 iOS 8
iOS 8 is now available and addresses the following:
802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID
of the user
Description: An issue existed in the access control logic for
accounts. A sandboxed application could get information about the
currently-active iCloud account, including the name of the account.
This issue was addressed by restricting access to certain account
types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of
events, which resulted in the screen not locking. This issue was
addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access
sensitive user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the
address book
Description: The address book was encrypted with a key protected
only by the hardware UID. This issue was addressed by encrypting the
address book with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A race condition existed in App Installation. An
attacker with the capability of writing to /tmp may have been able to
install an unverified app. This issue was addressed by staging files
for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A path traversal issue existed in App Installation. A
local attacker could have retargeted code signature validation to a
bundle different from the one being installed and cause installation
of an unverified app. This issue was addressed by detecting and
preventing path traversal when determining which code signature to
verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause an iOS device to think that it is up to date even when it is
not
Description: A validation issue existed in the handling of update
check responses. Spoofed dates from Last-Modified response headers
set to future dates were used for If-Modified-Since checks in
subsequent update requests. This issue was addressed by validation of
the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading
iOS
Description: Bluetooth was enabled automatically after upgrading
iOS. This was addressed by only turning on Bluetooth for major or
minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime
audio call without prompting
Description: Mail did not consult the user before launching
facetime-audio:// URLs. This issue was addressed with the addition of
a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did
not have sufficient access control. This issue was addressed through
additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
iMessage
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is
deleted
Description: A race condition existed in how attachments were
deleted. This issue was addressed by conducting additional checks on
whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of
IOAcceleratorFamily API arguments. This issue was addressed through
improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed by improved error
handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers,
which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily
kernel extension. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the
home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a
device to proceed to the home screen even if it should still be in an
activation locked state. This was addressed by changing the
information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the
server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had
advertised the LOGINDISABLED IMAP capability. This issue is mostly a
concern when connecting to servers that are configured to accept non-
encrypted connections and that advertise LOGINDISABLED. This issue
was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may
potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading
iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via
autofill
Description: Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame. This
issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the third-
party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
Settings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even
when this feature is disabled
Description: An issue existed in the previewing of text message
notifications at the lock screen. As a result, the contents of
received messages would be shown at the lock screen even when
previews were disabled in Settings. The issue was addressed through
improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),
Italy
syslog
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: syslogd followed symbolic links while changing
permissions on files. This issue was addressed through improved
handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech
Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used
to determine local weather. This issue was addressed by changing
APIs.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC
address was being used to scan for WiFi networks. This issue was
addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities.
For details, please consult http://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted
computers. Instructions can be found at
http://support.apple.com/kb/HT5868
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e
W2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7
rHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9
tNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ
tZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm
TMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV
s32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl
iesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy
HO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD
g2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg
h5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY
ZZCDpw0BRMEXUyXqTns7
=hlmW
-----END PGP SIGNATURE-----