VARIoT IoT vulnerabilities database

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. Apple Safari Used in etc. WebKit is prone to an unspecified security-bypass vulnerability. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Safari 6.1.3 and Safari 7.0.3 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. This issue was addressed through additional validation of IPC messages. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTOwlLAAoJEPefwLHPlZEwmPYP/AoGVbrVVEQfbWZ/OMER6jCR bDN4ykWdExJFRKr972tsirke9mLrDX1Flqg3jYpqrna6lWsZxk1wA/IXy4TRG97O mpA75r7853lCJ482h5XImTdv6wWqMfTTNR1YzsK+TCLZA3sDlByQ4yshwGWhOf1Q nY+hPpaC05PEmPeNKMWw6PA9IgA9e84uy0b/3+c2acOUZ9aAYEXmydPySY+5uYLa ecXjvee83LVTu8Pq2/C9yCJ1kI1EMix6Q3CTb2Cv/Dtgu1q7rZMG7qKieFpMKO2J xM7RYm1qPNlZ4hf+ZPX+D4+k6g2sZMqYdocdG1qXubk8m314CinHajdsZH9jXDHO 01gnYeMRp2IUBJlClQ7mPyIveJqJV9XpzvMTciuTVEuhzWhMaazzly8dp+8NCu4Q QShPJKqAq16ACJqqOarwo8xaSumZ3UcKhVrD0Gxo1/dhzO1Hy52yo7WrWLaOVH89 bXPeVMfYIF0V9xysbixNmBIEro0mYDuor/XlXBFicZAjmyGEVE04K4UjenMeDoYO /1A2zaVyM9MD50y+X/rFErtz2cj7uNcZ1XSNqPdGameoti5WvvoRbKs/D/H7E8bX p8JDoVJoy46fOBfwNv6eaQYTGYzgtdoEtmTKL3zDauQC1bxI1Jwtma07S97D2SyJ urMcI/V2h8JnGD4sS/7L =kHuK -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2871 : miaubiz CVE-2014-1298 : Google Chrome Security Team CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative CVE-2014-1302 : Google Chrome Security Team, Apple CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative CVE-2014-1304 : Apple CVE-2014-1305 : Apple CVE-2014-1307 : Google Chrome Security Team CVE-2014-1308 : Google Chrome Security Team CVE-2014-1309 : cloudfuzzer CVE-2014-1310 : Google Chrome Security Team CVE-2014-1311 : Google Chrome Security Team CVE-2014-1312 : Google Chrome Security Team CVE-2014-1313 : Google Chrome Security Team CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2871 : miaubiz CVE-2014-1298 : Google Chrome Security Team CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative CVE-2014-1302 : Google Chrome Security Team, Apple CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative CVE-2014-1304 : Apple CVE-2014-1305 : Apple CVE-2014-1307 : Google Chrome Security Team CVE-2014-1308 : Google Chrome Security Team CVE-2014-1309 : cloudfuzzer CVE-2014-1310 : Google Chrome Security Team CVE-2014-1311 : Google Chrome Security Team CVE-2014-1312 : Google Chrome Security Team CVE-2014-1313 : Google Chrome Security Team CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. CVE-ID CVE-2014-1297 : Ian Beer of Google Project Zero For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3 and Safari 6.1.3 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.3 is available via the Apple Software Update application. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8. CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298, CVE-2014-1299, CVE-2014-1300, CVE-2014-1303, CVE-2014-1304, CVE-2014-1305, CVE-2014-1307, CVE-2014-1308, CVE-2014-1309, CVE-2014-1311, CVE-2014-1313, CVE-2014-1713, CVE-2014-1297, CVE-2013-2875, CVE-2013-2927, CVE-2014-1323, CVE-2014-1326, CVE-2014-1329, CVE-2014-1330, CVE-2014-1331, CVE-2014-1333, CVE-2014-1334, CVE-2014-1335, CVE-2014-1336, CVE-2014-1337, CVE-2014-1338, CVE-2014-1339, CVE-2014-1341, CVE-2014-1342, CVE-2014-1343, CVE-2014-1731, CVE-2014-1346, CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390. Several vulnerabilities were discovered on the 2.4 stable series of WebKitGTK+. CVE-2013-2871 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to miaubiz. CVE-2014-1292 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1298 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1299 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung Electronics. CVE-2014-1300 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero working with HP's Zero Day Initiative. CVE-2014-1303 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to KeenTeam working with HP's Zero Day Initiative. CVE-2014-1304 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1305 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. CVE-2014-1307 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1308 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1309 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to cloudfuzzer. CVE-2014-1311 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1313 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Google Chrome Security Team. CVE-2014-1713 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to VUPEN working with HP's Zero Day Initiative. CVE-2014-1297 Versions affected: WebKitGTK+ 2.4.X before 2.4.1. Credit to Ian Beer of Google Project Zero. CVE-2013-2875 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to miaubiz. core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVE-2013-2927 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1323 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to banty. CVE-2014-1326 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1329 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1330 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1331 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to cloudfuzzer. CVE-2014-1333 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1334 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1335 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1336 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1337 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1338 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1339 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Atte Kettunen of OUSPG. CVE-2014-1341 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1342 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. CVE-2014-1343 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Google Chrome Security Team. CVE-2014-1731 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to an anonymous member of the Blink development community. core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. CVE-2014-1346 Versions affected: WebKitGTK+ 2.4.X before 2.4.2. Credit to Erling Ellingsen of Facebook. CVE-2014-1344 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Ian Beer of Google Project Zero. CVE-2014-1384 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1385 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1387 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. Credit to Google Chrome Security Team. CVE-2014-1388 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1389 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. CVE-2014-1390 Versions affected: WebKitGTK+ 2.4.X before 2.4.8. For the 2.4 series, these problems have been fixed in release 2.4.8. Further information about WebKitGTK+ Security Advisories can be found at: http://webkitgtk.org/security.html The WebKitGTK+ team, January 26, 2015 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-2 iOS 7.1.1 iOS 7.1.1 is now available and addresses the following: CFNetwork HTTPProtocol Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris IOKit Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative Security - Secure Transport Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F 9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG 7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK Av6eIuVxA8q9Lm6TCh+h =ilSw -----END PGP SIGNATURE-----

Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the "guest" user. The issue lies in the ability the retrieve all project credentials. By abusing this flaw an attacker can disclose credentials and leverage this situation to achieve remote code execution. Ecava IntegraXor is a human interface product that uses HTML and SVG. Ecava IntegraXor has an unspecified error that allows an attacker to exploit a vulnerability to obtain sensitive account information. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Ecava IntegraXor is prone to an information-disclosure vulnerability. Versions prior to IntegraXor 4.1.4393 are vulnerable

The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. ZyXEL Communications Corp. Provided by P660 The web management screen of the series shows service disruption (DoS) Vulnerabilities exist.The product may be restarted by a remote third party. Zyxel P660 Series Routers are ADSL router devices. Zyxel P660 series routers are prone to a remote denial-of-service vulnerability

Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCui33028. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. This issue is tracked by Cisco BugId CSCuj61002. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. Cisco Security Manager of Web The framework includes CRLF An injection vulnerability exists. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is being tracked by Cisco Bug ID CSCun82349

The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets. RuggedCom Inc. is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. The WEB server listening to port 80 in the RuggedCom Rugged Operating System system fails to properly handle the user-submitted specially crafted messages, allowing the attacker to submit a specially made request to crash the WEB interface. This vulnerability does not affect the HTTPS service and switching functions. RuggedCom Rugged Operating System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application resulting in denial-of-service conditions. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany. The following versions are affected: ROS versions prior to 3.11, 3.11 versions prior to ROS 3.11.5 for RS950G products, ROS version 3.12, ROS version 4.0 for RS950G products

The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890. Cisco IOS The packet driver has a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCug41049 and CSCue61890

Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCun50687. Cisco Prime Security Manager (PRSM) is a multi-device management platform for ASA-CX developed by Cisco. The platform can add multiple ASA CX devices to PRSM's device inventory and apply security policies to their devices