SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Local Users Bypass Security Restrictions
SecurityTracker Alert ID:  1027552
SecurityTracker URL:  http://securitytracker.com/id/1027552
CVE Reference:   CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-4599, CVE-2012-3724, CVE-2012-3725, CVE-2012-3726, CVE-2012-3727, CVE-2012-3728, CVE-2012-3729, CVE-2012-3730, CVE-2012-3731, CVE-2012-3732, CVE-2012-3733, CVE-2012-3734, CVE-2012-3735, CVE-2012-3736, CVE-2012-3737, CVE-2012-3738, CVE-2012-3739, CVE-2012-3740, CVE-2012-3741, CVE-2012-3742, CVE-2012-3743, CVE-2012-3744, CVE-2012-3745, CVE-2012-3746, CVE-2012-3747   (Links to External Site)
Date:  Sep 20 2012
Impact:   Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.0
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can obtain potentially sensitive information. A local user can execute arbitrary code. A local user can bypass security restrictions.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in libxml and execute arbitrary code on the target system [CVE-2011-1944, CVE-2011-2821, CVE-2011-2834]. The code will run with the privileges of the target user. Chris Evans of Google Chrome Security Team and Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences, reported these vulnerabilities.

A remote user can create specially crafted International Components for Unicode (ICU) data that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code [CVE-2011-4599].

A remote user can create specially crafted URL that, when loaded by the target user, will trigger a flaw in CFNetwork and execute arbitrary code on the target system [CVE-2012-3724]. Erling Ellingsen of Facebook reported this vulnerability.

A remote Wi-Fi network can exploit a flaw in DHCP to determine networks that a device has previously accessed when the target device connects to the Wi-Fi network [CVE-2012-3725]. Mark Wuergler of Immunity, Inc. reported this vulnerability.

A remote user can create specially crafted JPEG image that, when loaded by the target user, will trigger a double free memory error and execute arbitrary code [CVE-2012-3726]. Phil of PKJE Consulting reported this vulnerability.

A remote user can create specially crafted IPSec racoon configuration file that, when loaded by the target user, will trigger a double free memory error and execute arbitrary code [CVE-2012-3727]. iOS Jailbreak Dream Team reported this vulnerability.

A local user trigger an invalid pointer dereference in the kernel and execute arbitrary code with system privileges [CVE-2012-3728]. iOS Jailbreak Dream Team reported this vulnerability.

A local user can trigger an uninitialized memory access issue existed in the Berkeley Packet Filter interpreter to determine kernel memory layout [CVE-2012-3729]. Dan Rosenberg reported this vulnerability.

The mail application may display the wrong attachment [CVE-2012-3730]. Angelo Prado of the salesforce.com Product Security Team reported this vulnerability.

The mail system does not properly set the Data Protection class for email attachments [CVE-2012-3731]. A user can read email attachments without having the user's passcode. Stephen Prairie of Travelers Insurance and Erich Stuntebeck of AirWatch reported this vulnerability.

A remote user can spoof the 'From' address on an S/MIME message [CVE-2012-3732]. An anonymous researcher reported this vulnerability.

When a user has multiple email addresses associated with iMessage and replies to a message, the replay may be sent from different email address [CVE-2012-3733]. Rodney S. Foley of Gnomesoft, LLC reported this vulnerability.

The Office Viewer may write unencrypted data to a temporary file [CVE-2012-3734]. Salvatore Cataudella of Open Systems Technologies reported this vulnerability.

A physically local user can briefly view the previously used third-party app on a locked device [CVE-2012-3735]. Chris Lawrence DBB reported this vulnerability.

A physically local user can exploit a flaw in the termination of FaceTime calls bypass the screen lock [CVE-2012-3736]. Ian Vitek of 2Secure AB reported this vulnerability.

A physically local user can view photos on a locked device [CVE-2012-3737]. Ade Barkah of BlueWax Inc. reported this vulnerability.

A physically local user can perform FaceTime calls on a locked device [CVE-2012-3738]. Ade Barkah of BlueWax Inc. reported this vulnerability.

A physically local user can exploit a flaw in the camera to bypass the screen lock [CVE-2012-3739]. Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ) reported this vulnerability.

A physically local user can exploit a flaw in the screen lock state management to bypass the screen lock [CVE-2012-3740]. Ian Vitek of 2Secure AB reported this vulnerability.

A physically local user can make a purchase without entering the Apple ID credentials [CVE-2012-3741]. Kevin Makens of Redwood High School reported this vulnerability.

A remote web site can spoof the lock icon [CVE-2012-3742]. Boku Kihara of Lepidum reported this vulnerability.

A sandboxed app can read files in the '/var/log' directory [CVE-2012-3743].

A remote user can spoof the return address of an SMS message [CVE-2012-3744]. pod2g reported this vulnerability.

A remote user can send a specially crafted SMS message to trigger an off-by-one buffer overflow and disrupt cellular connectivity [CVE-2012-3745]. pod2g reported this vulnerability.

A local user (or app) with access to the filesystem may be able to read files that were being displayed in a UIWebView [CVE-2012-3746]. Ben Smith of Box reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code [CVE-2012-3747]. David Bloom of Cue reported this vulnerability.

Impact:   A remote user can create a file or HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can bypass security restrictions.

A remote user can obtain potentially sensitive information.

A local user can execute arbitrary code with system privileges.

Solution:   The vendor has issued a fix (6.0).

The vendor's advisory is available at:

http://support.apple.com/kb/HT5503

Vendor URL:  support.apple.com/kb/HT5503 (Links to External Site)
Cause:   Access control error, Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC