VARIoT IoT vulnerabilities database
| VAR-201209-0172 | CVE-2012-3704 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7
| VAR-201209-0170 | CVE-2012-3702 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7
| VAR-201209-0171 | CVE-2012-3703 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 8.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7
| VAR-201209-0169 | CVE-2012-3699 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7
| VAR-201209-0168 | CVE-2012-3692 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7
| VAR-201209-0167 | CVE-2012-3688 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7
| VAR-201209-0176 | CVE-2012-3701 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
| VAR-201209-0255 | CVE-2012-3606 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0166 | CVE-2012-3687 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
| VAR-201209-0165 | CVE-2012-3617 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ============================================================================
Ubuntu Security Notice USN-1617-1
October 25, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3105 : miaubiz
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3598 : Apple Product Security
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3617 : Apple Product Security
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
For OS X Lion systems Safari 6.0.1 is available via the Apple
Software Update application.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWho/AAoJEPefwLHPlZEwG9kP/A2FKYpkYoEnaHSaCeI8W/Gt
F+EjtnJ85SnVz76a81dt7O+F65pYMjMYEEHthgw62JAbZHrw93gf1dWpp+0IfXJZ
w/dOV6yNxYmDOh0zir1I2tCIplkD2MvUrubcW+UCwDbVxnGKsTNBWzovHpvos2Uk
lRn6Bl1wM5vOthJO14Z6iS0XX4GkefA3XzoVqY6dU0c9mxrTQhtMWvL+Pb1UpqX3
CZLcMmFGRuCE/+aM+d1x749PEteNDbrnw/aYfMyMSUNgb43EaUxCzTiUU+NvzsFL
Ah33i29Li38nl+rLVgTRRU9EQVm1ZcujoftpgFw9prTd999f47eCSU5/QeDjY+Zw
GLJRDfe/PP/GFKzAchefqS5x2PFUI9hZRGJEFviOEygfEPfYVCe/r/iMvBTtwfkn
GVw1WIXcraqxXGzUNhCCZy3rcA8sSbJlCaIIr3VbtPS7PMHwjSaT+DBgD0hWtnk2
uATTye1UKG8m+FfwXn7ha3/W0kmdEGn1dBgpG2d35yXkGj7zgUgi4MX9HTVGTqEd
Nvlzpffv5LCCdDqhRgqe4uT7fKmb46owoNNHM4eAH4A4EwHzA3lXQt5twhO9b2gL
gWZ+bfwxfUaVlyBDPM1cUZ4e13HRiFPiRI9PJ2S5DrLoiMzpXIbBRH+5fs9uVvV+
zhJ+1dokzSpzRKJOq68N
=xYhU
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
SOLUTION:
Update to version 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0163 | CVE-2012-3624 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3105 : miaubiz
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3598 : Apple Product Security
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3617 : Apple Product Security
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
For OS X Lion systems Safari 6.0.1 is available via the Apple
Software Update application.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWho/AAoJEPefwLHPlZEwG9kP/A2FKYpkYoEnaHSaCeI8W/Gt
F+EjtnJ85SnVz76a81dt7O+F65pYMjMYEEHthgw62JAbZHrw93gf1dWpp+0IfXJZ
w/dOV6yNxYmDOh0zir1I2tCIplkD2MvUrubcW+UCwDbVxnGKsTNBWzovHpvos2Uk
lRn6Bl1wM5vOthJO14Z6iS0XX4GkefA3XzoVqY6dU0c9mxrTQhtMWvL+Pb1UpqX3
CZLcMmFGRuCE/+aM+d1x749PEteNDbrnw/aYfMyMSUNgb43EaUxCzTiUU+NvzsFL
Ah33i29Li38nl+rLVgTRRU9EQVm1ZcujoftpgFw9prTd999f47eCSU5/QeDjY+Zw
GLJRDfe/PP/GFKzAchefqS5x2PFUI9hZRGJEFviOEygfEPfYVCe/r/iMvBTtwfkn
GVw1WIXcraqxXGzUNhCCZy3rcA8sSbJlCaIIr3VbtPS7PMHwjSaT+DBgD0hWtnk2
uATTye1UKG8m+FfwXn7ha3/W0kmdEGn1dBgpG2d35yXkGj7zgUgi4MX9HTVGTqEd
Nvlzpffv5LCCdDqhRgqe4uT7fKmb46owoNNHM4eAH4A4EwHzA3lXQt5twhO9b2gL
gWZ+bfwxfUaVlyBDPM1cUZ4e13HRiFPiRI9PJ2S5DrLoiMzpXIbBRH+5fs9uVvV+
zhJ+1dokzSpzRKJOq68N
=xYhU
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
SOLUTION:
Update to version 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0162 | CVE-2012-3623 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3105 : miaubiz
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3598 : Apple Product Security
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3617 : Apple Product Security
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
For OS X Lion systems Safari 6.0.1 is available via the Apple
Software Update application.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWho/AAoJEPefwLHPlZEwG9kP/A2FKYpkYoEnaHSaCeI8W/Gt
F+EjtnJ85SnVz76a81dt7O+F65pYMjMYEEHthgw62JAbZHrw93gf1dWpp+0IfXJZ
w/dOV6yNxYmDOh0zir1I2tCIplkD2MvUrubcW+UCwDbVxnGKsTNBWzovHpvos2Uk
lRn6Bl1wM5vOthJO14Z6iS0XX4GkefA3XzoVqY6dU0c9mxrTQhtMWvL+Pb1UpqX3
CZLcMmFGRuCE/+aM+d1x749PEteNDbrnw/aYfMyMSUNgb43EaUxCzTiUU+NvzsFL
Ah33i29Li38nl+rLVgTRRU9EQVm1ZcujoftpgFw9prTd999f47eCSU5/QeDjY+Zw
GLJRDfe/PP/GFKzAchefqS5x2PFUI9hZRGJEFviOEygfEPfYVCe/r/iMvBTtwfkn
GVw1WIXcraqxXGzUNhCCZy3rcA8sSbJlCaIIr3VbtPS7PMHwjSaT+DBgD0hWtnk2
uATTye1UKG8m+FfwXn7ha3/W0kmdEGn1dBgpG2d35yXkGj7zgUgi4MX9HTVGTqEd
Nvlzpffv5LCCdDqhRgqe4uT7fKmb46owoNNHM4eAH4A4EwHzA3lXQt5twhO9b2gL
gWZ+bfwxfUaVlyBDPM1cUZ4e13HRiFPiRI9PJ2S5DrLoiMzpXIbBRH+5fs9uVvV+
zhJ+1dokzSpzRKJOq68N
=xYhU
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
SOLUTION:
Update to version 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0161 | CVE-2012-3622 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files. This issue was
addressed by properly detecting the existence of the Quarantine
attribute.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover. This issue was
addressed by limiting Autofill to the fields contained in the
popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP. This issue was
addressed by improved handling of HTTPS URLs.
CVE-ID
CVE-2012-3715 : Aaron Rhoads of East Watch Services LLC, Pepi
Zawodsky
WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3105 : miaubiz
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3598 : Apple Product Security
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3616 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3617 : Apple Product Security
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3657 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3675 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3702 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
For OS X Lion systems Safari 6.0.1 is available via the Apple
Software Update application.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWho/AAoJEPefwLHPlZEwG9kP/A2FKYpkYoEnaHSaCeI8W/Gt
F+EjtnJ85SnVz76a81dt7O+F65pYMjMYEEHthgw62JAbZHrw93gf1dWpp+0IfXJZ
w/dOV6yNxYmDOh0zir1I2tCIplkD2MvUrubcW+UCwDbVxnGKsTNBWzovHpvos2Uk
lRn6Bl1wM5vOthJO14Z6iS0XX4GkefA3XzoVqY6dU0c9mxrTQhtMWvL+Pb1UpqX3
CZLcMmFGRuCE/+aM+d1x749PEteNDbrnw/aYfMyMSUNgb43EaUxCzTiUU+NvzsFL
Ah33i29Li38nl+rLVgTRRU9EQVm1ZcujoftpgFw9prTd999f47eCSU5/QeDjY+Zw
GLJRDfe/PP/GFKzAchefqS5x2PFUI9hZRGJEFviOEygfEPfYVCe/r/iMvBTtwfkn
GVw1WIXcraqxXGzUNhCCZy3rcA8sSbJlCaIIr3VbtPS7PMHwjSaT+DBgD0hWtnk2
uATTye1UKG8m+FfwXn7ha3/W0kmdEGn1dBgpG2d35yXkGj7zgUgi4MX9HTVGTqEd
Nvlzpffv5LCCdDqhRgqe4uT7fKmb46owoNNHM4eAH4A4EwHzA3lXQt5twhO9b2gL
gWZ+bfwxfUaVlyBDPM1cUZ4e13HRiFPiRI9PJ2S5DrLoiMzpXIbBRH+5fs9uVvV+
zhJ+1dokzSpzRKJOq68N
=xYhU
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
SOLUTION:
Update to version 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0164 | CVE-2012-3621 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0160 | CVE-2012-3632 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-3 Safari 6.0.1
Safari 6.0.1 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Opening a maliciously crafted downloaded HTML document may
lead to the disclosure of local file content
Description: In OS X Mountain Lion HTML files were removed from the
unsafe type list. Quarantined HTML documents are opened in a safe
mode that prevents accessing other local or remote resources. A logic
error in Safari's handling of the Quarantine attribute caused the
safe mode not to be triggered on Quarantined files.
CVE-ID
CVE-2012-3713 : Aaron Sigel of vtty.com, Masahiro Yamada
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Using Autofill on a maliciously crafted website may lead to
the disclosure of contact information
Description: A rare condition existed in the handling of Form
Autofill. Using Form Autofill on a maliciously crafted website may
have led to disclosure of information from the Address Book "Me" card
that was not included in the Autofill popover.
CVE-ID
CVE-2012-3714 : Jonathan Hogervorst of Buzzera
Safari
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8 and v10.8.1
Impact: After editing a HTTPS URL in the address bar, a request may
be unexpectedly sent over HTTP
Description: A logic issue existed in the handling of HTTPS URLs in
the address bar. If a portion of the address was edited by pasting
text, the request may be unexpectedly sent over HTTP.
For OS X Mountain Lion systems, Safari 6.0.1 is included with
OS X v10.8.2. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
iOS 6.1 Software Update is now available and addresses the following:
Identity Services
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Authentication relying on certificate-based Apple ID
authentication may be bypassed
Description: An error handling issue existed in Identity Services.
If the user's AppleID certificate failed to validate, the user's
AppleID was assumed to be the empty string. If multiple systems
belonging to different users enter this state, applications relying
on this identity determination may erroneously extend trust. This
issue was addressed by ensuring that NULL is returned instead of an
empty string.
CVE-ID
CVE-2013-0963
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of the
EUC-JP encoding, which could lead to a cross-site scripting attack on
EUC-JP encoded websites. This issue was addressed by updating the
EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user-mode process may be able to access the first page of
kernel memory
Description: The iOS kernel has checks to validate that the user-
mode pointer and length passed to the copyin and copyout functions
would not result in a user-mode process being able to directly access
kernel memory. The checks were not being used if the length was
smaller than one page. This issue was addressed through additional
validation of the arguments to copyin and copyout.
CVE-ID
CVE-2013-0964 : Mark Dowd of Azimuth Security
Security
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly
issued by TURKTRUST. This may allow a man-in-the-middle attacker to
redirect connections and intercept user credentials or other
sensitive information. This issue was addressed by not allowing the
incorrect SSL certificates.
StoreKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: JavaScript may be enabled in Mobile Safari without user
interaction
Description: If a user disabled JavaScript in Safari Preferences,
visiting a site which displayed a Smart App Banner would re-enable
JavaScript without warning the user. This issue was addressed by not
enabling JavaScript when visiting a site with a Smart App Banner.
CVE-ID
CVE-2013-0974 : Andrew Plotkin of Zarfhome Software Consulting, Ben
Madison of BitCloud, Marek Durcek
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2012-2824 : miaubiz
CVE-2012-2857 : Arthur Gerkis
CVE-2012-3606 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3607 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3632 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3687 : kuzzcc
CVE-2012-3701 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0951 : Apple
CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2013-0955 : Apple
CVE-2013-0956 : Apple Product Security
CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2013-0968 : Aaron Nelson
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Copying and pasting content on a malicious website may lead
to a cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
content pasted from a different origin. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0962 : Mario Heiderich of Cure53
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
frame elements. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-2889 : Sergey Glazunov
WiFi
Available for: iPhone 3GS, iPhone 4, iPod touch (4th generation),
iPad 2
Impact: A remote attacker on the same WiFi network may be able to
temporarily disable WiFi
Description: An out of bounds read issue exists in Broadcom's
BCM4325 and BCM4329 firmware's handling of 802.11i information
elements. This issue was addressed through additional validation of
802.11i information elements.
CVE-ID
CVE-2012-2619 : Andres Blanco and Matias Eissler of Core Security
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "6.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJRBffvAAoJEPefwLHPlZEwzYgP/0qhsTft9TUGuphoY9tth5WB
D0+8pAKs+1HU+nMOaEKPbK+zdMxblhRNPQyhMuTAQaY5Z/iGn1EXVCTlQBO8esRW
epxNZuhFoaW4wzK9kvw5d/HZ9tfq059ozlFOp1TI2D6J5RwNgxDfigt2PUKCTV4X
u/BONQHIfINYMofgf5897LHYYFSU2+NJj5ouM5dY4Y/kfJkwAnG5AWCAGlEt3QOo
MZdaVv3/itPj4te838FYCVAepel3xBWX0Hhuu87+waHslRrIfQl+EvNk3YZXxWiF
O5Hw9Ng/H8n0sbeA39w0U8tw+q/wPhVexdULgRjBH65+6g7Cu5u+rMuYuRjl8fO/
glLhKZNSrQDa5ZNOraOrF62AFVByHaSxv4cZwo262/6uH93FIBtklMt947GMVQLC
1FT0CIGNJb1/0156bvsABfRScBtK9ZdIUjXhOHMinhQJX3qiBqyKc4/juYPmC9VC
KXk2/K8b0sGWQRc5RuQsSpzkZF9WcrwmgGOBIghp2DLmbAAj0uh2Ttf1GdrOaajR
XpZ2TTJ5qE+IHNU0/etroTYnzjKVjQ0pODrPZj7ALLXULTraXJRJy7fqraUzsHbi
AZiRca+3x/S9nqV0NpTNPZgTwxenox10t0w5vhcBK+SPGga1oVRbtOjGtVIkgoG4
KI3sdgb6PtpZWuIJ6iZA
=J2jv
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Apple iTunes Multiple WebKit Vulnerabilities
SECUNIA ADVISORY ID:
SA50618
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50618/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
RELEASE DATE:
2012-09-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50618/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50618/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50618
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iTunes, which
can be exploited by malicious people to compromise a user's system.
For more information
SA47231
SA47694
SA47938
SA48016
SA48265
SA48274
SA48512
SA48618
SA48732
SA48992
SA49194
SA49277
SA49724
SA49906
SA50058
The vulnerabilities are reported in versions prior to 10.7.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Reported by the vendor.
ORIGINAL ADVISORY:
APPLE-SA-2012-09-12-1:
http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201210-0342 | CVE-2012-4415 | Guacamole of libguac Vulnerable to stack-based buffer overflow |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. libguac is prone to a remote buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions
| VAR-201209-0222 | CVE-2012-3028 | Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. (DoS) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible.
Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable.
The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to perform certain unspecified
actions when a logged-in administrative user visits a specially
crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50568
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50568/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE:
2012-09-11
DISCUSS ADVISORY:
http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC,
which can be exploited by malicious people to conduct cross-site
scripting attacks, conduct SQL injection attacks, and disclose
certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is
not properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
2) Certain input passed to the WebNavigator component is not properly
verified before being used to read files. This can be exploited to
read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator
component is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary
SQL code.
4) An error within the ActiveX control can be exploited to disclose
the username and password of an authenticated user.
SOLUTION:
Apply Update 3.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,
Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive
Technologies.
ORIGINAL ADVISORY:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0223 | CVE-2012-3030 | Siemens SIMATIC WinCC Arbitrary File Read Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC WinCC WebNavigator component incorrectly handles input, allowing an attacker to read system files using a directory traversal sequence. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks.
The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to perform certain unspecified
actions when a logged-in administrative user visits a specially
crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50568
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50568/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE:
2012-09-11
DISCUSS ADVISORY:
http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC,
which can be exploited by malicious people to conduct cross-site
scripting attacks, conduct SQL injection attacks, and disclose
certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is
not properly sanitised before being returned to the user.
3) Certain input passed via SOAP messages to the WebNavigator
component is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary
SQL code.
4) An error within the ActiveX control can be exploited to disclose
the username and password of an authenticated user.
SOLUTION:
Apply Update 3.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,
Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive
Technologies.
ORIGINAL ADVISORY:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0224 | CVE-2012-3031 | Siemens SIMATIC WinCC Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. Siemens SIMATIC PCS7 And used in other products Siemens WinCC of WebNavigator Contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. (1) GET Parameters (2) POST Parameters (3) Referer HTTP header. A cross-site request forgery vulnerability exists in Siemens SIMATIC WinCC that allows an attacker to build a malicious web page, trick the user into parsing, and perform malicious actions in the target user context. Siemens SIMATIC is an automation software in a single engineering environment. Part of the input passed to the WebNavigator component lacks filtering before returning to the user, and can be exploited for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks.
The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to perform certain unspecified
actions when a logged-in administrative user visits a specially
crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50568
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50568/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE:
2012-09-11
DISCUSS ADVISORY:
http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC,
which can be exploited by malicious people to conduct cross-site
scripting attacks, conduct SQL injection attacks, and disclose
certain sensitive information.
2) Certain input passed to the WebNavigator component is not properly
verified before being used to read files. This can be exploited to
read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator
component is not properly sanitised before being used in SQL queries.
This can be exploited to manipulate SQL queries by injecting arbitrary
SQL code.
4) An error within the ActiveX control can be exploited to disclose
the username and password of an authenticated user.
SOLUTION:
Apply Update 3.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,
Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive
Technologies.
ORIGINAL ADVISORY:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0225 | CVE-2012-3032 | Siemens WinCC of WebNavigator In SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks.
The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to perform certain unspecified
actions when a logged-in administrative user visits a specially
crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50568
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50568/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE:
2012-09-11
DISCUSS ADVISORY:
http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC,
which can be exploited by malicious people to conduct cross-site
scripting attacks, conduct SQL injection attacks, and disclose
certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is
not properly sanitised before being returned to the user.
2) Certain input passed to the WebNavigator component is not properly
verified before being used to read files. This can be exploited to
read arbitrary files via directory traversal sequences.
This can be exploited to manipulate SQL queries by injecting arbitrary
SQL code.
4) An error within the ActiveX control can be exploited to disclose
the username and password of an authenticated user.
SOLUTION:
Apply Update 3.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,
Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive
Technologies.
ORIGINAL ADVISORY:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------