SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen
SecurityTracker Alert ID:  1031864
SecurityTracker URL:  http://securitytracker.com/id/1031864
CVE Reference:   CVE-2015-1061, CVE-2015-1062, CVE-2015-1063, CVE-2015-1064, CVE-2015-1065   (Links to External Site)
Date:  Mar 10 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.2
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can execute arbitrary code on the target system. An application can obtain elevated privileges on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted SMS messages to trigger a null pointer dereference in the CoreTelephony component and cause the target device to restart [CVE-2015-1063]. Roman Digerberg, Sweden, reported this vulnerability.

A remote user in with the ability to conduct a man-in-the-middle attack can trigger a buffer overflow in the processing of data during iCloud Keychain recover and execute arbitrary code on the target system [CVE-2015-1065]. Andrey Belenko of NowSecure reported this vulnerability.

An application can trigger a type confusion error in IOSurface in the handling of serialized objects to execute arbitrary code with system privileges [CVE-2015-1061]. Ian Beer of Google Project Zero reported this vulnerability.

An application can exploit a disk mounting logic flaw to create folders in trusted locations on the target system [CVE-2015-1062]. TaiG Jailbreak Team reported this vulnerability.

A physically local user can view the home screen of the target device in some cases even if the device is not activated [CVE-2015-1064].


Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

An application can obtain elevated privileges on the target system.

A physically local user can view the home screen.

Solution:   The vendor has issued a fix (8.2).

The vendor's advisory is available at:

https://support.apple.com/kb/HT204423

Vendor URL:  support.apple.com/kb/HT204423 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 10 2015 (Apple Issues Fix for Apple TV) Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen
Apple has issued a fix for Apple TV.
Mar 10 2015 (Apple Issues Fix for OS X) Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen
Apple has issued a fix for Apple OS X.
Mar 19 2015 (Apple Issues Fix for Apple OS X) Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen
Apple has issued a fix for Apple OS X 10.10.2.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC