SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
(Apple Issues Fix for Apple OS X) Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen
SecurityTracker Alert ID:  1031955
SecurityTracker URL:  http://securitytracker.com/id/1031955
CVE Reference:   CVE-2015-1061, CVE-2015-1065   (Links to External Site)
Date:  Mar 19 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.10.x
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can execute arbitrary code on the target system. An application can obtain elevated privileges on the target system. A remote user can cause denial of service conditions on the target system. Apple OS X is affected by two vulnerabilities.

A remote user can send specially crafted SMS messages to trigger a null pointer dereference in the CoreTelephony component and cause the target device to restart [CVE-2015-1063]. Roman Digerberg, Sweden, reported this vulnerability.

A remote user in with the ability to conduct a man-in-the-middle attack can trigger a buffer overflow in the processing of data during iCloud Keychain recover and execute arbitrary code on the target system [CVE-2015-1065]. Andrey Belenko of NowSecure reported this vulnerability.

An application can trigger a type confusion error in IOSurface in the handling of serialized objects to execute arbitrary code with system privileges [CVE-2015-1061]. Ian Beer of Google Project Zero reported this vulnerability.

An application can exploit a disk mounting logic flaw to create folders in trusted locations on the target system [CVE-2015-1062]. TaiG Jailbreak Team reported this vulnerability.

A physically local user can view the home screen of the target device in some cases even if the device is not activated [CVE-2015-1064].


Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

An application can obtain elevated privileges on the target system.

A physically local user can view the home screen.

Solution:   Apple Computer has issued a fix for CVE-2015-1061 and CVE-2015-1065 for Apple OS X (APPLE-SA-2015-03-19-1 Security Update 2015-003).

The Apple Computer advisory will be available at:

https://support.apple.com/kb/HT1222

Vendor URL:  support.apple.com/kb/HT204423 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 10 2015 Apple iOS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code, Applications Gain Elevated Privileges, and Physically Local Users View the Home Screen



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC