Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201405-0237 CVE-2014-1343 Apple Safari Used in etc. WebKit Vulnerabilities in arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store
VAR-201405-0236 CVE-2014-1342 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store
VAR-201405-0235 CVE-2014-1341 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store
VAR-201405-0229 CVE-2014-1334 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0231 CVE-2014-1336 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0222 CVE-2014-1324 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Safari 6.1.4 and Safari 7.0.4 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1324 : Google Chrome Security Team CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1344 : Ian Beer of Google Project Zero CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.4 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTe6ELAAoJEBcWfLTuOo7tonoP/igNIR7SZEkRvtHHjHIqR2U5 a28aYgzjkALSYDppREpWPMIovnYKZAONabRMJ0r/3LFyl4juBSOsVyBCbUBg8Fpp GFCsc7x0jva8g1DtPtk/B299GXPBi8fOhEwUIilgTo0+y7ExrgA9wUjCdlWHwPQs Edbra42Q+52KU+NxWjyeJiPkBIy57p5P0XVnnS3tIxRLHxRed9O8GoNUHcwLhihd dV5NOBEUvW5Gy2yEhJLZIa64aPOPG3Rz7EA/0zCRiiusLyIGVdyTaOnL4AlHrgh8 BiiAgx3xFUqYiBqCnxAO3gy3CRWhmKukesDKIPmaV27E0cFQ+FkI990oCh8ZSCZg hi4q5j34mp44Uhr0O068hQyPaA70GAiUVgT/pB7fVS9Z9U0EOPhIvn1IybROP/44 ces9VWOzx9pjzR7OxRmk05mRijnlIQHNzSJp3/DpREDX1DvJxD2vfk8cYFPdweNR VPFs3acbgOMCpjPLGM3S5HdY/a2UWxolvwR13AnCQ0mFkiD6FsO3z2sgtHdnMkNi XNW7RMf/7+JesXcNiXYde5iDqE15OPTSWuiYNUHCz9WvSlJmOOSDAZ7F3YBWr+FR tMEB/TGWZiQmacNiGkY1F4YgF5SqeAHGYeJ2amSycO90+vTU+FLWPCiTWesmu1tG n/lA21kfHgTURqYVT+xA =kSr/ -----END PGP SIGNATURE-----
VAR-201405-0224 CVE-2014-1327 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2875 : miaubiz CVE-2013-2927 : cloudfuzzer CVE-2014-1323 : banty CVE-2014-1325 : Apple CVE-2014-1326 : Apple CVE-2014-1327 : Google Chrome Security Team, Apple CVE-2014-1329 : Google Chrome Security Team CVE-2014-1330 : Google Chrome Security Team CVE-2014-1331 : cloudfuzzer CVE-2014-1333 : Google Chrome Security Team CVE-2014-1334 : Apple CVE-2014-1335 : Google Chrome Security Team CVE-2014-1336 : Apple CVE-2014-1337 : Apple CVE-2014-1338 : Google Chrome Security Team CVE-2014-1339 : Atte Kettunen of OUSPG CVE-2014-1341 : Google Chrome Security Team CVE-2014-1342 : Apple CVE-2014-1343 : Google Chrome Security Team CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1731 : an anonymous member of the Blink development community WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store
VAR-201405-0234 CVE-2014-1339 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0233 CVE-2014-1338 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0232 CVE-2014-1337 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0227 CVE-2014-1331 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0230 CVE-2014-1335 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0228 CVE-2014-1333 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0225 CVE-2014-1329 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0226 CVE-2014-1330 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0223 CVE-2014-1326 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0221 CVE-2014-1323 Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1. Apple Safari Used in etc. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker may exploit these issues by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-3 iOS 7.1.2 iOS 7.1.2 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1354 : Dima Kovalenko of codedigging.com Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An application could cause the device to unexpectedly restart Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments. CVE-ID CVE-2014-1355 : cunzhang from Adlab of Venustech launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1356 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1357 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1358 : Ian Beer of Google Project Zero launchd Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1359 : Ian Beer of Google Project Zero Lockdown Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker possessing an iOS device could potentially bypass Activation Lock Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers. CVE-ID CVE-2014-1360 Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit. CVE-ID CVE-2014-1352 : mblsec Lock Screen Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode. CVE-ID CVE-2014-1353 Mail Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Mail attachments can be extracted from an iPhone 4 Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments. CVE-ID CVE-2014-1348 : Andreas Kurtz of NESO Security Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling. CVE-ID CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan Settings Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state. CVE-ID CVE-2014-1350 Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection. CVE-ID CVE-2014-1361 : Thijs Alkemade of The Adium Project Siri Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later Impact: A person with physical access to the phone may be able to view all contacts Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode. CVE-ID CVE-2014-1351 : Sherif Hashim WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding. CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2 RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH DpRuZyHlmSF53n37vSR/ =JmVc -----END PGP SIGNATURE----- . CVE-ID CVE-2014-1346 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.4 and Safari 6.1.4 may be obtained from Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015
VAR-201405-0613 No CVE Multiple vulnerabilities in the D-Link DIR-605L router CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
The D-Link DIR-605L is a router device. D-Link DIR-605L has security bypass and information disclosure vulnerabilities: 1. The login password exists in the \"Current Network Setting\" page, causing sensitive information to leak. 2, the router can be controlled by a special URL, no need to verify. D-Link DIR-605L router is prone to a security-bypass vulnerability and an information-disclosure vulnerability. This may aid in further attacks. D-Link DIR-605L 1.14 is vulnerable
VAR-201405-0408 CVE-2014-2938 Hanvon facial recognition (Face ID) devices do not authenticate commands CVSS V2: 8.3
CVSS V3: -
Severity: HIGH
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. Hanvon facial recognition (Face ID) devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information. Hanvon Face recognition device provided by Face ID Firmware lack of certification for critical functions (CWE-306) Exists. CWE-306: Missing Authentication for Critical Function https://cwe.mitre.org/data/definitions/306.htmlThird parties may alter user information and access control information. Multiple Hanvon Face ID Products are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Hanvon FaceID is a face recognition system developed by Hanvon Corporation of China. The system can be used in enterprise attendance, access control and building construction, etc. There is a security vulnerability in Hanvon FaceID 1.007.109 and earlier versions, the vulnerability stems from the fact that the program does not require authentication
VAR-201405-0535 CVE-2014-3789 Cogent Real-Time Systems DataHub 'GetPermissions.asp' Remote code execution vulnerability

Related entries in the VARIoT exploits database: VAR-E-201405-0066		 CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPermissions.asp component of the web server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the EvalExpresssion method, which is available remotely through the AJAX facility. Using this method, it is possible to execute arbitrary Gamma code. Cogent DataHub is software for SCADA and automation. Versions prior to Cogent DataHub 7.3.5 are vulnerable