VARIoT IoT vulnerabilities database

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect copyfile, Dock,Graphics Driver , iBooks Commerce, Intel Graphics Driver, Intel Compute, IOAcceleratorFamily, IOGraphicsFamily, Security - Keychain, and Thunderbolt. Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, and perform other attacks. Failed attacks may cause denial-of-service conditions. These issues affect OS X prior to 10.9.4. iBooks is a set of e-book reading software dedicated to Apple devices. A local attacker could exploit this vulnerability to obtain sensitive information by reading log files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE-----

CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data. Apple iOS is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. CoreGraphics (aka Quartz) is a framework for representing window servers. The vulnerability is caused by an infinite stack allocation problem when the program handles XBM files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE----- . CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors. Apple iOS is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE----- . CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. Apple iOS is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. A security vulnerability exists in Apple's iOS 7.1.1 and earlier versions of Lock Screen. The vulnerability stems from the program not properly enforcing the limit on the number of failed password attempts. Attackers can exploit this vulnerability to implement brute force password guessing attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4. Apple iOS , Apple Safari and Apple TV Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in Apple WebKit. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store

Settings in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended iCloud password requirement, and turn off the Find My iPhone service, by leveraging incorrect state management. Apple iOS is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. A security vulnerability exists in the Settings of Apple iOS 7.1.1 and earlier versions. An attacker with direct access to the device could exploit this vulnerability to bypass the established passcode requirement and disable the Find My iPhone service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously. Apple iOS is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. An attacker with direct access to the device could exploit this vulnerability to view all contacts. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an invalid URL. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. Apple iOS is prone to multiple vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks. These issues affect iOS Prior to 7.1.2. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE-----

Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. CVE-ID CVE-2014-1378 IOReporting Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user could cause an unexpected system restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE----- . CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2014-003. The update addresses new vulnerabilities that affect Kernel, IOReporting, launchd, Security - Secure Transport components. Attackers can exploit these issues to disclose sensitive information, execute arbitrary code in the context of the system privileges or cause denial-of-service conditions. Apple Mac OS X 10.9 to 10.9.3 are vulnerable. in the United States. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 OS X Mavericks 10.9.4 and Security Update 2014-003 are now available and address the following: Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005. copyfile Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Opening a maliciously crafted zip file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of AppleDouble files in zip archives. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1370 : Chaitanya (SegFault) working with iDefense VCP curl Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A remote attacker may be able to gain access to another user's session Description: cURL re-used NTLM connections when more than one authentication method was enabled, which allowed an attacker to gain access to another user's session. CVE-ID CVE-2014-0015 Dock Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A sandboxed application may be able to circumvent sandbox restrictions Description: An unvalidated array index issue existed in the Dock's handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2014-1371 : an anonymous researcher working with HP's Zero Day Initiative Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read kernel memory, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of a system call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1372 : Ian Beer of Google Project Zero iBooks Commerce Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker with access to a system may be able to recover Apple ID credentials Description: An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials. CVE-ID CVE-2014-1317 : Steve Dunham Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenGL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1373 : Ian Beer of Google Project Zero Intel Graphics Driver Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by removing the pointer from the object. CVE-ID CVE-2014-1375 Intel Compute Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of an OpenCL API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An array indexing issue existed in IOAcceleratorFamily. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1377 : Ian Beer of Google Project Zero IOGraphicsFamily Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in an IOKit object could be retrieved from userland. This issue was addressed by using a unique ID instead of a pointer. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero Graphics Drivers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple null dereference issues existed in kernel graphics drivers. A maliciously crafted 32-bit executable may have been able to obtain elevated privileges. CVE-ID CVE-2014-1379 : Ian Beer of Google Project Zero Security - Keychain Available for: OS X Mavericks 10.9 to 10.9.3 Impact: An attacker may be able to type into windows under the screen lock Description: Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management. CVE-ID CVE-2014-1380 : Ben Langfeld of Mojo Lingo LLC Security - Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.3 Impact: Two bytes of memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existing in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Thunderbolt Available for: OS X Mavericks 10.9 to 10.9.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the handling of IOThunderBoltController API calls. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1381 : Catherine aka winocm Note: OS X Mavericks 10.9.4 includes the security content of Safari 7.0.5: http://support.apple.com/kb/HT6293 OS X Mavericks v10.9.4 and Security Update 2014-003 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaMSAAoJEBcWfLTuOo7tUdIP/0x0EEGzOcen6JGSpYJ4OEkN 6yGYrYW+HxxSGoPEjQdywVHUAu3axXHLhwOaPqMRy6vfWD+ncgV1CEjBuKotyDPX a569ZB6kaDKjrJe8ulp6brteKGEJ5PsK415GKpylzTVhP1DYG3WLRK7PCo0VrSNM Kx3qwxp2OexiNOOGDM8o5CQvB12Q7CZD7ozZojy5BND9/+ZwWD/2caILFRye7yvb nak6PaciX9Riz0ztTxszlGJR1mDVG4Mo/qmgBI01E5WfOWTd/ykbJ/bOtwZDUBHr Q/Z4yfPRUdrTHHZQNpo4aIYnyEekKE77RWdav38O6dXCNYAfxKGUOrYDTrAajpDR uqAPSkyI5u1gz6zqyrXomDlxpjKXIDBYck3If1cPjFyHOxgA1JgyRaW6RxNV+HXo T/dhKkolC6BkCkNWPjYEXH8btOdqHAVY0t0yE/RD5phoknDIEmVDTFg1uAaY9jFR 1srSoAOur3zbTNzgh6FpAzJb2BgmUqERyF3rOwLDAgStYNkXwIEqGiq3+Ko9JBx4 FiT+Uds2WEIzDK5DQhYtwDZaLfjDtBztIps+SfJmLayCgvYyYrQze7LF0iVp4aka ePNXZkIXA7Llnm3GWPpdFi2msqDfJgZxf0BogBOo6mCXYO7r575NdoJ2AavDeTgr +/tiYIHJ5pUCKf+C8xJC =HkFr -----END PGP SIGNATURE----- . CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community Apple TV Available for: Apple TV 2nd generation and later Impact: An iTunes Store transaction may be completed with insufficient authorization Description: A signed-in user was able to complete an iTunes Store transaction without providing a valid password when prompted. CVE-ID CVE-2014-1383 Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About"

Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity. The Thomson TWG87OUIR router is a router device. An attacker may leverage this issue to perform certain unauthorized actions. This may lead to further attacks

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a program to crash, resulting in denial-of-service conditions. Versions prior to Kerberos 1.12.2 are vulnerable. CVE-2014-4343 An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. CVE-2014-4344 An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor. For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-7. ========================================================================== Ubuntu Security Notice USN-2310-1 August 11, 2014 krb5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Kerberos. This issue only affected Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu4.2 krb5-kdc 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2 krb5-otp 1.12+dfsg-2ubuntu4.2 krb5-pkinit 1.12+dfsg-2ubuntu4.2 krb5-user 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2 libgssrpc4 1.12+dfsg-2ubuntu4.2 libk5crypto3 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2 libkdb5-7 1.12+dfsg-2ubuntu4.2 libkrad0 1.12+dfsg-2ubuntu4.2 libkrb5-3 1.12+dfsg-2ubuntu4.2 libkrb5support0 1.12+dfsg-2ubuntu4.2 Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5 krb5-user 1.10+dfsg~beta1-2ubuntu0.5 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.13 krb5-kdc 1.8.1+dfsg-2ubuntu0.13 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13 krb5-pkinit 1.8.1+dfsg-2ubuntu0.13 krb5-user 1.8.1+dfsg-2ubuntu0.13 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13 libgssrpc4 1.8.1+dfsg-2ubuntu0.13 libk5crypto3 1.8.1+dfsg-2ubuntu0.13 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13 libkdb5-4 1.8.1+dfsg-2ubuntu0.13 libkrb5-3 1.8.1+dfsg-2ubuntu0.13 libkrb5support0 1.8.1+dfsg-2ubuntu0.13 In general, a standard system update will make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.13 >= 1.13 Description =========== Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13" References ========== [ 1 ] CVE-2014-4341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341 [ 2 ] CVE-2014-4343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343 [ 3 ] CVE-2014-4345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345 [ 4 ] CVE-2014-5351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-53.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. After installing the updated packages, the krb5kdc daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security, bug fix and enhancement update Advisory ID: RHSA-2015:0439-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html Issue date: 2015-03-05 CVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352. The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including: * Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. * When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995) This update also fixes multiple bugs, for example: * The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102) In addition, this update adds various enhancements. Among others: * Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919) 4. Solution: All krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1084068 - ipv6 address handling in krb5.conf 1102837 - Please backport improved GSSAPI mech configuration 1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1109919 - Backport https support into libkrb5 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1118347 - ksu non-functional, gets invalid argument copying cred cache 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121789 - CVE-2014-4343: use-after-free crash in SPNEGO 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update 1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name 1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001) 1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001) 1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001) 1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001) 1184629 - kinit loops on principals on unknown error 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: krb5-1.12.2-14.el7.src.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: krb5-1.12.2-14.el7.src.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: krb5-1.12.2-14.el7.src.rpm ppc64: krb5-debuginfo-1.12.2-14.el7.ppc.rpm krb5-debuginfo-1.12.2-14.el7.ppc64.rpm krb5-devel-1.12.2-14.el7.ppc.rpm krb5-devel-1.12.2-14.el7.ppc64.rpm krb5-libs-1.12.2-14.el7.ppc.rpm krb5-libs-1.12.2-14.el7.ppc64.rpm krb5-pkinit-1.12.2-14.el7.ppc64.rpm krb5-server-1.12.2-14.el7.ppc64.rpm krb5-server-ldap-1.12.2-14.el7.ppc64.rpm krb5-workstation-1.12.2-14.el7.ppc64.rpm s390x: krb5-debuginfo-1.12.2-14.el7.s390.rpm krb5-debuginfo-1.12.2-14.el7.s390x.rpm krb5-devel-1.12.2-14.el7.s390.rpm krb5-devel-1.12.2-14.el7.s390x.rpm krb5-libs-1.12.2-14.el7.s390.rpm krb5-libs-1.12.2-14.el7.s390x.rpm krb5-pkinit-1.12.2-14.el7.s390x.rpm krb5-server-1.12.2-14.el7.s390x.rpm krb5-server-ldap-1.12.2-14.el7.s390x.rpm krb5-workstation-1.12.2-14.el7.s390x.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: krb5-1.12.2-14.el7.src.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4341 https://access.redhat.com/security/cve/CVE-2014-4342 https://access.redhat.com/security/cve/CVE-2014-4343 https://access.redhat.com/security/cve/CVE-2014-4344 https://access.redhat.com/security/cve/CVE-2014-4345 https://access.redhat.com/security/cve/CVE-2014-5352 https://access.redhat.com/security/cve/CVE-2014-5353 https://access.redhat.com/security/cve/CVE-2014-9421 https://access.redhat.com/security/cve/CVE-2014-9422 https://access.redhat.com/security/cve/CVE-2014-9423 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi gZD8EL2lSaLXnIQxca8zLTg= =aK0y -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes

Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. Cisco IOS There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Allowing authenticated remote attackers to cause device overloading. This issue is being tracked by Cisco Bug ID CSCui79745

Enterasys is one of the famous network vendors. The Enterasys DFE-Gold Series has an unauthorized access vulnerability due to the device failing to access Telnet and SNMP from the address that restricts VRRP non-owners. Allow remote attackers to gain unauthorized access to the service.

Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. The D-Link DSL-2760U-E1 is a standard wireless network router. The D-Link DSL-2760U-E1 router 'dhcpinfo.html' has an HTML injection vulnerability due to failure to filter user-supplied input. An attacker could execute HTML and script code in the context of an affected site, steal a cookie-based authentication certificate or control how the site is presented to the user. D-link DSL-2760U-E1 is a router product of D-Link company

ZyXEL P660RT2 EE is an ADSL router product from ZyXEL. There are security bypass and cross-site scripting vulnerabilities in ZyXEL P660RT2 EE. Attackers can use these vulnerabilities to bypass security restrictions, gain access to affected devices, or execute arbitrary HTML and script code in the context of the affected site to steal cookie-based authentication. Vulnerabilities in ZyXEL P660RT2 EE 3.40 (AXN.1) version, other versions may also be affected. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Note: This issue was previously titled 'ZyXEL P660RT2 EE Brute Force Authentication Bypass and Cross Site Scripting Vulnerabilities'. The title and short summary have been changed to better reflect the underlying component affected

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. Symantec Encryption Desktop is prone to an insecure file-permissions vulnerability. An attacker can exploit this issue to gain unauthorized access to or create arbitrary files with elevated privileges. PGP Desktop can create, distribute and store encryption keys. Encryption Desktop Professional encrypts stored data as well as entire hard drives or hard drive partitions. The vulnerability is caused by the program using world write permission for temporary files

The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. ISAM for Web is a set of products used in user authentication, authorization, and Web single sign-on solutions. It provides user access management and Web application protection functions