SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
(Apple Issues Fix for Apple OS X) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1035366
SecurityTracker URL:  http://securitytracker.com/id/1035366
CVE Reference:   CVE-2015-8659, CVE-2016-0801, CVE-2016-0802, CVE-2016-1734, CVE-2016-1740, CVE-2016-1748, CVE-2016-1750, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1761, CVE-2016-1762, CVE-2016-1775, CVE-2016-1788   (Links to External Site)
Date:  Mar 22 2016
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can obtain potentially sensitive information. An application can obtain elevated privileges on the target system. An application can bypass security controls on the target system. Apple OS X is affected.

An application can exploit a memory corruption flaw in AppleUSBNetworking to execute arbitrary code with kernel privileges [CVE-2016-1734].

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in FontParser and execute arbitrary code on the target system [CVE-2016-1740].

A remote user can exploit a flaw in nghttp2 to execute arbitrary code on the target system [CVE-2015-8659].

An application can trigger a memory corruption error to determine kernel memory layout [CVE-2016-1748].

An application can trigger a validation flaw in the kernel and cause denial of service conditions [CVE-2016-1752].

An application can trigger a use-after-free memory error in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1750].

An application can trigger an integer overflow in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1753].

An application can exploit a permissions flaw in the kernel to bypass code signing [CVE-2016-1751].

An application can trigger a race condition in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1757].

An application can trigger a null pointer dereference in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1756].

An application can trigger a memory corruption error in the kernel and execute arbitrary code with kernel-level privileges [CVE-2016-1754, CVE-2016-1755].

An application can trigger an out-of-bounds memory read error to determine kernel memory layout [CVE-2016-1758].

An application can exploit an event handler validation flaw in LaunchServices in the XPC Service API to modify events from other applications [CVE-2016-1760].

A remote user can create specially crafted XML that, when loaded by the target user, will trigger a memory corruption error in libxml2 and execute arbitrary code on the target user's system [CVE-2016-1761, CVE-2016-1762].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger an SMS URL parsing error and auto-fill text into other message threads [CVE-2016-1763].

A remote user that can monitor network communications and inject messages can decrypt and read attachments in certain cases [CVE-2016-1788].

The system may display an untrusted mobile device management (MDM) profile as verified due to a certification validation flaw [CVE-2016-1766].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption error in TrueTypeScaler and execute arbitrary code on the target user's system [CVE-2016-1775].

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target user's system [CVE-2016-1778, CVE-2016-1783].

A remote user (website) can exploit a flaw in the handling of attachment URLs to track potentially sensitive user information [CVE-2016-1781].

A remote user (website) can use a hidden web page to access the target user's device orientation and device motion data [CVE-2016-1780].

A remote user (website) can supply specially crafted geolocation requests to determine the target user's current location [CVE-2016-1779].

A remote user (website) can exploit a port redirection flaw to access restricted ports on arbitrary servers [CVE-2016-1782].

A remote user can create specially crafted HTML that, when loaded by the target user, will consume excessive resources on the target system and cause the target user's browser to crash [CVE-2016-1784].

A remote user (website) can return specially crafted redirect responses to spoof a URL and gain read access to cached contents of the specified URL [CVE-2016-1786].

A remote user (website) can exploit a character encoding caching flaw in WebKit to access cross-origin data [CVE-2016-1785].

A remote user in a privileged network position can trigger a frame validation and memory corruption error in the Wi-Fi component to execute arbitrary code [CVE-2016-0801, CVE-2016-0802].

Andrea Barisani and Andrej Rosano of Inverse Path, HappilyCoded (ant4g0nist and r3dsm0k3) (via Trend Micro's Zero Day Initiative (ZDI)), Brandon Azad, CESG, Juwei Lin of Trend Micro (via Trend Micro's Zero Day Initiative (ZDI)), Eric Monti of Square Mobile Security, Ian Beer of Google Project Zero, Pedro Vilaca, Lufeng Li of Qihoo 360 Vulcan Team,
Proteas of Qihoo 360 Nirvan Team, wol0xff (via Trend Micro's Zero Day Initiative (ZDI)), Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University, CityTog, Taylor Boyko (via Trend Micro's Zero Day Initiative (ZDI)), 0x1byte (via Trend Micro's Zero Day Initiative (ZDI)), Mihai Parparita of Google,
Devdatta Akhawe of Dropbox, Inc., Maryam Mehrnezhad, Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao of the School of Computing Science, Newcastle University, UK, xisigr of Tencent's Xuanwu Lab (http://www.tencent.com), Muneaki Nishimura (nishimunea) of Recruit Technologies Co.,Ltd., Moony Li and Jack Tang of TrendMicro, PKAV Team (PKAV.net), ma.la of LINE Corporation, and an anonymous researcher reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote or local user can obtain potentially sensitive information on the target system.

An application can obtain elevated privileges on the target system.

An application can bypass security controls on the target system.

Solution:   Apple has issued a fix for CVE-2015-8659, CVE-2016-0801, CVE-2016-0802, CVE-2016-1734, CVE-2016-1740, CVE-2016-1748, CVE-2016-1750, CVE-2016-1752, CVE-2016-1753, CVE-2016-1754, CVE-2016-1755, CVE-2016-1756, CVE-2016-1757, CVE-2016-1758, CVE-2016-1761, CVE-2016-1762, CVE-2016-1775, and CVE-2016-1788 for Apple OS X (10.11.4, Security Update 2016-002).

The Apple advisory is available at:

https://support.apple.com/en-us/HT206167

Vendor URL:  support.apple.com/en-us/HT206167 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, Resource error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 22 2016 Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Remote and Local Users Obtain Potentially Sensitive Information



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC