VARIoT IoT vulnerabilities database
| VAR-201311-0367 | CVE-2013-6821 | SAP NetWeaver Exportability Check Service Directory Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. SAP NetWeaver is the technical foundation of SAP's integrated technology platform and all SAP applications since SAP Business Suite. SAP NetWeaver is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. This may aid in further attacks
| VAR-201302-0168 | CVE-2013-1100 | Cisco Catalyst Runs on the switch Cisco IOS Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
The HTTP server in Cisco IOS on Catalyst switches does not properly handle TCP socket events, which allows remote attackers to cause a denial of service (device crash) via crafted packets on TCP port (1) 80 or (2) 443, aka Bug ID CSCuc53853. Cisco IOS Catalyst Switches is a switch device developed by Cisco, and Cisco IOS is the operating system of the device. Cisco IOS is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCuc53853. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco IOS Catalyst Switches HTTP Server Feature Denial of Service
Vulnerability
SECUNIA ADVISORY ID:
SA52026
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52026/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52026
RELEASE DATE:
2013-02-06
DISCUSS ADVISORY:
http://secunia.com/advisories/52026/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52026/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52026
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Successful exploitation requires the HTTP server feature to be
enabled.
SOLUTION:
Apply updates if available (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco (CSCuc53853):
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuc53853
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0083 | CVE-2012-6029 | Cisco NAC Appliance upper Web Cross-site scripting vulnerability in authentication function |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109. Cisco NAC Appliance upper Web There is a cross-site scripting vulnerability in the authentication function. The problem is Bug ID CSCud15109 It is a problem.Any request via a crafted request by a third party Web Script or HTML May be inserted. Cisco Network Admission Control is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is tracked by Cisco BugID CSCud15109. The Cisco Network Admission Control (NAC) system, consisting of Cisco NAC Manager and servers, is the policy component of the Cisco TrustSec solution. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco Network Admission Control Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA52016
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52016/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52016
RELEASE DATE:
2013-01-30
DISCUSS ADVISORY:
http://secunia.com/advisories/52016/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52016/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52016
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco Network Admission Control
(NAC), which can be exploited by malicious people to conduct
cross-site scripting attacks.
Certain unspecified input is not properly sanitised in the web
authentication function before being returned to the user.
SOLUTION:
Apply updates. Please see the vendor's advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0476 | No CVE | D-Link DCS Cameras Authentication Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
D-Link DCS is a camera device product. D-Link DCS web cameras allow unauthenticated attackers to remotely obtain configuration information for the device. An attacker can submit a configuration file by submitting the following URL: http://<device IP address>/frame/GetConfig.
Attackers may exploit this issue to execute arbitrary commands, gain unauthorized access, or bypass intended security restrictions. Other attacks may also be possible.
The following versions are vulnerable:
DCS-930L version 1.04
DCS-932L version 1.02
http://drupal.org/node/207891
| VAR-201910-1336 | CVE-2013-1391 | Multiple products web Authentication vulnerabilities in interfaces |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configuration. Multiple products web There are authentication vulnerabilities in the interface.Information may be obtained. Hunt CCTV is a manufacturer that provides surveillance cameras and closed-circuit television. Multiple Hunt CCTV devices have security vulnerabilities that allow an attacker to submit a simple GET request without any authentication to get the entire backup configuration file. Multiple Hunt CCTV devices are prone to a remote information-disclosure vulnerability.
Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks
| VAR-201301-0479 | No CVE | Hitachi Cosminexus Product Validation Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Hitachi Cosminexus is an application server software. Hitachi Cosminexus product operation management functions incorrectly restrict access to certain functions, allowing attackers to use vulnerabilities to bypass security restrictions and delete and replace applications used by other users. Hitachi Cosminexus Products are prone to an authentication-bypass vulnerability.
Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access.
The following Hitachi Cosminexus products are vulnerable:
Cosminexus
Cosminexus Component Container
uCosminexus Application Server
uCosminexus Developer
uCosminexus Service Architect
uCosminexus Service Platform. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Hitachi Cosminexus Operational Management Function Security Bypass
Security Issue
SECUNIA ADVISORY ID:
SA51950
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51950/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51950
RELEASE DATE:
2013-01-28
DISCUSS ADVISORY:
http://secunia.com/advisories/51950/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51950/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51950
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in some Hitachi Cosminexus
products, which can be exploited by malicious users to bypass certain
security restrictions.
The security issue is caused due to the application not properly
restricting access to some certain functionality, which can be
exploited to e.g. manipulate an operational management portal.
Please see the vendor's advisory for a list of affected products.
SOLUTION:
Update to a fixed version. Please contact the vendor for more
information.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HS13-002:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-002/index.html
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS13-002/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201311-0369 | CVE-2013-6823 | SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. SAP NetWeaver is prone to a security-bypass vulnerability and an information-disclosure vulnerability.
Successful exploits may allow an attacker to obtain sensitive information or bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
| VAR-201311-0368 | CVE-2013-6822 | SAP NetWeaver GRMGApp Security Bypass and Information Disclosure Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. SAP NetWeaver of GRMGApp Contains vulnerabilities that are unspecified.
Successful exploits may allow an attacker to obtain sensitive information or bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
| VAR-201301-0243 | CVE-2013-0230 |
MiniUPnP MiniUPnPd of HTTP Service Stack-based Buffer Overflow Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201301-0049, VAR-E-201201-0033, VAR-E-201301-0050, VAR-E-201301-0051 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. MiniUPnP is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit these issues to execute arbitrary code in the context of the device that uses the affected library. Failed exploit attempts will likely crash the application.
MiniUPnP 1.0 is vulnerable; other versions may also be affected
| VAR-201301-0350 | CVE-2013-1112 | Cisco Carrier Routing System Service disruption in ( Packet loss ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136.
An attacker can exploit this issue to cause a partial drop of legitimate traffic passing through the device, resulting in a denial-of-service condition for legitimate users.
This issue is being tracked by Cisco Bug ID CSCud79136. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco IOS XR Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA51989
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51989/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51989
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/51989/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51989/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51989
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Cisco IOS XR, which can be
exploited by malicious people to cause a DoS (Denial of Service).
SOLUTION:
Apply updates. Please see the vendor's advisory for more information.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=27991
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1112
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201302-0169 | CVE-2013-1107 | Cisco Webex Social Vulnerable to reading files |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235.
A successful exploit of this issue allows an attacker to gain access to certain local files. Information obtained may aid in further attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM). ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Cisco WebEx Social Information Disclosure and Cross-Site Scripting
Vulnerabilities
SECUNIA ADVISORY ID:
SA51996
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51996/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51996
RELEASE DATE:
2013-01-28
DISCUSS ADVISORY:
http://secunia.com/advisories/51996/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51996/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51996
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in Cisco WebEx Social, which
can be exploited by malicious users to disclose potentially sensitive
information and by malicious people to conduct cross-site scripting
attacks.
2) Certain input passed via Rich Site Summary (RSS) service links is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
SOLUTION:
No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6397
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1107
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201301-0404 | CVE-2013-0958 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0405 | CVE-2013-0959 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0402 | CVE-2013-0955 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0401 | CVE-2013-0954 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0403 | CVE-2013-0956 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0400 | CVE-2013-0953 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0399 | CVE-2013-0952 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0398 | CVE-2013-0951 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning
| VAR-201301-0395 | CVE-2013-0948 | Apple iOS and Apple Safari Used in WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
Note: This issue was previously covered in BID 57572 (Apple iPhone/iPad/iPod touch Prior to iOS 6.1 Multiple Vulnerabilities), but has been given its own record to better document it. Apple iOS for the iPhone, the iPod touch, and the iPad is prone to multiple security vulnerabilities. Other attacks are also possible.
This BID is being retired. Apple iOS is an operating system developed by Apple (Apple) for mobile devices.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
For OS X Lion systems Safari 6.0.3 is available via
the Apple Software Update application.
For OS X Mountain Lion systems Safari 6.0.3 is included with
OS X v10.8.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA52002
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/52002/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
RELEASE DATE:
2013-01-29
DISCUSS ADVISORY:
http://secunia.com/advisories/52002/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/52002/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52002
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two security issues and multiple vulnerabilities have been reported
in Apple iOS, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
and compromise a user's device.
1) An error when handling a validation failure of a AppleID
certificate within the IdentityService can be exploited to
potentially bypass the certificate-based AppleID authentication via
an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
5) Multiple vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
18) Certain input pasted from a different origin is not properly
sanitised in WebKit before being used.
19) Certain unspecified input related to frame handling is not
properly sanitised before being returned to the user.
For more information see vulnerability #1 in:
SA50759
NOTE: Additionally a weakness exists within the handling of 802.11i
information elements within Broadcom's BCM4325 and BCM4329 firmware,
which can be exploited to disable WiFi.
PROVIDED AND/OR DISCOVERED BY:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison,
BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome
Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome
Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
ORIGINAL ADVISORY:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning