SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Deny Service and Let Apps and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1033609
SecurityTracker URL:  http://securitytracker.com/id/1033609
CVE Reference:   CVE-2015-3801, CVE-2015-5764, CVE-2015-5765, CVE-2015-5767, CVE-2015-5788, CVE-2015-5789, CVE-2015-5790, CVE-2015-5791, CVE-2015-5792, CVE-2015-5793, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5799, CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5814, CVE-2015-5816, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5820, CVE-2015-5821, CVE-2015-5822, CVE-2015-5823, CVE-2015-5824, CVE-2015-5825, CVE-2015-5826, CVE-2015-5827, CVE-2015-5829, CVE-2015-5831, CVE-2015-5832, CVE-2015-5834, CVE-2015-5835, CVE-2015-5837, CVE-2015-5838, CVE-2015-5839, CVE-2015-5840, CVE-2015-5841, CVE-2015-5842, CVE-2015-5843, CVE-2015-5844, CVE-2015-5845, CVE-2015-5846, CVE-2015-5847, CVE-2015-5848, CVE-2015-5850, CVE-2015-5851, CVE-2015-5855, CVE-2015-5856, CVE-2015-5857, CVE-2015-5858, CVE-2015-5860, CVE-2015-5861, CVE-2015-5862, CVE-2015-5863, CVE-2015-5867, CVE-2015-5868, CVE-2015-5869, CVE-2015-5874, CVE-2015-5876, CVE-2015-5879, CVE-2015-5880, CVE-2015-5882, CVE-2015-5885, CVE-2015-5892, CVE-2015-5895, CVE-2015-5896, CVE-2015-5898, CVE-2015-5899, CVE-2015-5903, CVE-2015-5904, CVE-2015-5905, CVE-2015-5906, CVE-2015-5907, CVE-2015-5912, CVE-2015-5916, CVE-2015-5921   (Links to External Site)
Date:  Sep 18 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.0
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can modify data on the target system. A remote user can cause the target service to crash. A local user can bypass security restrictions. A local user can gain system privileges on the target system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user (Apple Pay terminal) can access limited recent transaction information when the target user makes a payment [CVE-2015-5916].

A physically local user can reset failed passcode attempts with an iOS backup [CVE-2015-5850].

A remote user can create a specially crafted ITMS link that, when loaded by the target user, will cause denial of service conditions on the target enterprise-signed application [CVE-2015-5856].

A remote user can create a specially crafted audio file that, when loaded by the target user, will cause the target application to crash [CVE-2015-5862].

A physically local user can read cache data from Apple apps [CVE-2015-5898].

A remote user that can conduct a man-in-the-middle attack can exploit a cross-domain cookie handling flaw to track the target user's web activity [CVE-2015-5885].

A remote user can cause unintended cookies to be set on the target device for a target web site [CVE-2015-3801].

A remote FTP server can cause the target connected client to obtain information about other host systems [CVE-2015-5912].

A remote user can create a specially crafted URL that, when loaded by the target user, will bypass HTTP Strict Transport Security (HSTS) and disclose sensitive data [CVE-2015-5858].

A remote user can create specially crafted HTML that, when loaded by the target user, will exploit an HSTS state handling flaw in Safari private browsing mode and track the target user [CVE-2015-5860].

A remote user (web proxy) can supply a specially crafted response to the connected target user to set cookies for a target web site [CVE-2015-5841].

A remote user that can conduct a man-in-the-middle attack can exploit a certificate validation flaw in NSURL to decrypt SSL/TLS connections [CVE-2015-5824].

An application can exploit a flaw in CoreAnimation IOSurfaces to obtain sensitive user information [CVE-2015-5880].

A user can observe many signing or decryption attempts to determine the RSA private key.

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-5874].

A remote user can create a specially crafted text file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code [CVE-2015-5829].

An application can trigger memory corruption error in dyld to execute arbitrary code with system privileges [CVE-2015-5876].

An application can exploit a code signature validation flaw in dyld to bypass code signing [CVE-2015-5839].

A local user can trigger a memory corruption flaw in DiskImages to execute arbitrary code with system privileges [CVE-2015-5847].

A Game Center application can access the target player's email address [CVE-2015-5855].

An application can exploit a flaw in IOAcceleratorFamily to determine kernel memory layout [CVE-2015-5834].

A local user can trigger a memory corruption error in IOAcceleratorFamily to execute arbitrary code with system privileges [CVE-2015-5848].

An application can exploit a memory corruption error in IOHIDFamily to execute arbitrary code with system privileges [CVE-2015-5867].

An application can exploit a memory corruption error in IOKit to execute arbitrary code with system privileges [CVE-2015-5844, CVE-2015-5845, CVE-2015-5846].

A local user can trigger a memory corruption error in IOMobileFrameBuffer to execute arbitrary code with system privileges [CVE-2015-5843].

A local user can exploit a flaw in IOStorageFamily to determine kernel memory layout [CVE-2015-5863].

A keychain deletion error my cause AppleID credentials to persist in the keychain after the user has signed out [CVE-2015-5832].

A remote user can create specially crafter JavaScript that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target user's system [CVE-2015-5791, CVE-2015-5793, CVE-2015-5814, CVE-2015-5816, CVE-2015-5822, CVE-2015-5823].

A local user can trigger a memory corruption error in the kernel and execute arbitrary code with kernel level privileges [CVE-2015-5868, CVE-2015-5896, CVE-2015-5903].

A local user (process) can invoke the processor_set_tasks API to determine task ports of other processes [CVE-2015-5882].

A remote user can send specially crafted TCP packet headers to conduct denial of service attacks against specific TCP connections [CVE-2015-5879].

A remote user on the local network can send specially crafted IPv6 router advertisements to disable IPv6 routing on the target system [CVE-2015-5869].

A local user can exploit a kernel bug to determine kernel memory layout [CVE-2015-5842].

A local user can trigger a memory corruption flaw in libpthread to execute arbitrary code with kernel-level privileges [CVE-2015-5899].

A remote user can send specially crafted email that appears to come from a contact in the target recipient's address book [CVE-2015-5857].

A local user can exploit a flaw in convenience initializer handling to downgrade encryption to a non-encrypted session and gain access to multipeer data [CVE-2015-5851].

An application can exploit a flaw in NetworkExtension to determine kernel memory layout [CVE-2015-5831].

An enterprise application can install extensions before the application has been verified as trusted [CVE-2015-5837].

A remote user can create a specially crafted data that, when loaded by the target application, will trigger an overflow in the checkint division routines and cause the application to crash [CVE-2015-5840].

A local user can read Safari bookmarks on an ostensibly locked device without supplying a passcode [CVE-2015-5903].

A remote user can create specially crafted HTML that, when loaded by the target user, will display content with a URL from a different web site [CVE-2015-5904].

A remote user can create specially crafted HTML that, when loaded by the target user, will spoof URLs on the user interface [CVE-2015-5905].

A remote user can create specially crafted HTML that, when loaded by the target user, will cause an arbitrary URL to be displayed [CVE-2015-5764, CVE-2015-5765, CVE-2015-5767].

When the target user visits a known malicious web site by using the IP address instead of domain name, the Safari Safe Browsing feature does not generate a warning.

An application can intercept communications between apps in certain cases [CVE-2015-5835].

A physically local user can bypass lock screen restrictions and use Siri to read notifications of content that is set not to be displayed at the lock screen [CVE-2015-5892].

A physically local user can bypass lock screen restrictions and reply to an audio message from the lock screen when message previews from the lock screen are disabled [CVE-2015-5861].

A remote application can exploit a flaw in SpringBoard to spoof a different application's dialog windows [CVE-2015-5838].

A user can exploit flaws in SQLite v3.8.5 [CVE-2015-5895].

A remote user may be able to obtain object references from other origins [CVE-2015-5827].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption flaw in WebKit and execute arbitrary code on the target user's system [CVE-2015-5789, CVE-2015-5790, CVE-2015-5792, CVE-2015-5794, CVE-2015-5795, CVE-2015-5796, CVE-2015-5797, CVE-2015-5799,
CVE-2015-5800, CVE-2015-5801, CVE-2015-5802, CVE-2015-5803, CVE-2015-5804, CVE-2015-5805, CVE-2015-5806, CVE-2015-5807, CVE-2015-5809, CVE-2015-5810, CVE-2015-5811, CVE-2015-5812, CVE-2015-5813, CVE-2015-5817, CVE-2015-5818, CVE-2015-5819, CVE-2015-5821].

A remote user can create specially crafted HTML containing a tel://, facetime://, or facetime-audio:// URL that, when loaded by the target user, will unintentionally dial [CVE-2015-5820].

The WebKit QuickType function can determine the last character of a password in a
filled-in web form [CVE-2015-5906].

A remote user with the ability to conduct man-in-the-middle attacks can exploit a flaw in the caching of domains with invalid certificates to redirect the target user to a different domain [CVE-2015-5907].

A remote user can create specially crafted cross-origin stylesheets that, when loaded by the target user, will obtain data from a different domain [CVE-2015-5826].

A remote user can create specially crafted content that, when loaded by the target user, will exploit a flaw in the WebKit Performance API to obtain browsing history, network activity, and mouse movements [CVE-2015-5825].

A remote user with the ability to monitor the network can exploit a flaw in the processing of Content-Disposition headers containing type attachment to obtain potentially sensitive information [CVE-2015-5921].

A remote user can create specially crafted content that, when loaded by the target user, will exploit a flaw in handling 'canvas' element images to access image data from a different web site [CVE-2015-5788].

WebSockets may be able to bypass mixed content policy enforcement and load mixed content.

Mark S. Miller of Google, Cererdlong of Alibaba Mobile Security Team, Maxime Villard of m00nbsd, CESG, Andrei Neculaesei, Guillaume Ross, Kevin G Jones of Higher Logic, Mickey Shkatov of the Intel Advanced Threat Research Team, Daoyuan Wu of Singapore Management University, Rocky K. C. Chang of Hong Kong Polytechnic University,
Lukasz Pilorz, superhei of www.knownsec.com, Yossi Oren et al. of Columbia University's Network Security Lab, filedescriptor, Chris Evans, Yaoqi Jia of National University of Singapore (NUS), Louis Romero of Google Inc., Pedro Vilaca (working from original research by Ming-chieh Pan and Sung-ting Tsai),
Jonathan Levin, Jonathan Looney, Dennis Spindel Ljungmark, Gildas, Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S. Lui, Daniel Miedema of Meridian Apps, Robert S Mozayeni, Joshua Donvito, an anonymous researcher, Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc., YoungJin Yoon of Information Security Lab (Adv.: Prof. Taekyoung Kwon),
Yonsei University, Seoul, Korea, Andreas Kurtz of NESO Security Labs, Xiaofeng Zheng of Blue Lotus Team, Tsinghua University, Erling Ellingsen of Facebook, Amit Klein, Teun van Run of FiftyTwoDegreesNorth B.V., XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University, Rahul M of TagsDoc, Antonio Sanso (@asanso) of Adobe,
Ron Masas, Krystian Kloskowski (via Secunia), Masato Kinugawa, Keita Haga of keitahaga.com, Jonathan Zdziarski, Alban Diquet (@nabla_c0d3) of Data Theorem, Emre Saglam of salesforce.com, Lufeng Li of Qihoo 360 Vulcan Team, Sam Greenhalgh of RadicalResearch Ltd, Timothy J. Wood of The Omni Group,
Kasif Dekel from Check Point Software Technologies, beist of grayhash, Filippo Bigarella, Luca Todesco, Nasser Alnasser, moony li of Trend Micro, Ilja van Sprundel of IOActive, @PanguTeam, TaiG Jailbreak Team, Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, Debin Gao, Yingjiu Li of School of Information Systems Singapore Management University,
Infocomm Research, John Villamil (@day6reak), Yahoo Pentest Team, and M1x7e1 of Safeye Team (www.safeye.org) reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can access and modify data on the target system.

A remote user can cause the target application or device to crash.

A remote or local user can bypass security controls on the target system.

A local user can obtain system privileges on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The vendor has issued a fix (9.0).

The vendor's advisory is available at:

https://support.apple.com/en-us/HT205212

Vendor URL:  support.apple.com/en-us/HT205212 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error, Input validation error, State error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 22 2015 (Apple Issues Fix for Apple Watch) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Deny Service and Let Apps and Local Users Gain Elevated Privileges
Apple has issued a fix for Apple Watch.
Oct 1 2015 (Apple Issues Fix for Apple Safari) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Deny Service and Let Apps and Local Users Gain Elevated Privileges
Apple has issued a fix for Apple Safari on OS X.
Oct 1 2015 (Apple Issues Fix for Apple OS X) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Deny Service and Let Apps and Local Users Gain Elevated Privileges
Apple has issued a fix for Apple OS X.
Oct 22 2015 (Apple Issues Fix for Apple Watch) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Deny Service and Let Apps and Local Users Gain Elevated Privileges
Apple has issued a fix for Apple Watch.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC