Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen
|
SecurityTracker Alert ID: 1031864 |
SecurityTracker URL: http://securitytracker.com/id/1031864
|
CVE Reference:
CVE-2015-1061, CVE-2015-1062, CVE-2015-1063, CVE-2015-1064, CVE-2015-1065
(Links to External Site)
|
Date: Mar 10 2015
|
Impact:
Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 8.2
|
Description:
Multiple vulnerabilities were reported in Apple iOS. A remote user can execute arbitrary code on the target system. An application can obtain elevated privileges on the target system. A remote user can cause denial of service conditions on the target system.
A remote user can send specially crafted SMS messages to trigger a null pointer dereference in the CoreTelephony component and cause the target device to restart [CVE-2015-1063]. Roman Digerberg, Sweden, reported this vulnerability.
A remote user in with the ability to conduct a man-in-the-middle attack can trigger a buffer overflow in the processing of data during iCloud Keychain recover and execute arbitrary code on the target system [CVE-2015-1065]. Andrey Belenko of NowSecure reported this vulnerability.
An application can trigger a type confusion error in IOSurface in the handling of serialized objects to execute arbitrary code with system privileges [CVE-2015-1061]. Ian Beer of Google Project Zero reported this vulnerability.
An application can exploit a disk mounting logic flaw to create folders in trusted locations on the target system [CVE-2015-1062]. TaiG Jailbreak Team reported this vulnerability.
A physically local user can view the home screen of the target device in some cases even if the device is not activated [CVE-2015-1064].
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
An application can obtain elevated privileges on the target system.
A physically local user can view the home screen.
|
Solution:
The vendor has issued a fix (8.2).
The vendor's advisory is available at:
https://support.apple.com/kb/HT204423
|
Vendor URL: support.apple.com/kb/HT204423 (Links to External Site)
|
Cause:
Access control error, Boundary error, Input validation error
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|