SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Other)  >   Apple iOS Vendors:   Apple
Apple iOS Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1025182
SecurityTracker URL:  http://securitytracker.com/id/1025182
CVE Reference:   CVE-2011-0158, CVE-2011-0159, CVE-2011-0160, CVE-2011-0161, CVE-2011-0162, CVE-2011-0163   (Links to External Site)
Date:  Mar 9 2011
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.3
Description:   Several vulnerabilities were reported in Apple iOS. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information.

A remote user can create specially crafted HTML that, when loaded by the target user, will cause the target user's browser to exit and launch an application [CVE-2011-0158]. The browser will repeat the action when reopened. Nitesh Dhanjani of Ernst & Young LLP reported this vulnerability.

In some situations, the browser will not clear the cookies when requested via the Safari Settings while the browser is running [CVE-2011-0159]. Systems prior to iOS 4.0 are not affected. Erik Wong of Google Inc. reported this vulnerability.

WebKit may disclose the target user's HTTP Basic Authentication credentials to another site [CVE-2011-0160] when the target site redirects to a different site. McIntosh Cooey of Twelve Hundred Group, Harald Hanche-Olsen, Chuck Hohn of 1111 Internet LLC (via US-CERT), and Paul Hinze of Braintree reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will inject CSS code into other documents [CVE-2011-0161]. The vendor reported this vulnerability.

A remote user on the local Wi-Fi network can cause the target device to reset [CVE-2011-0162]. Scott Boyd of ePlus Technology, inc. reported this vulnerability.

A remote user can create specially crafted HTML that, when loaded by the target user, will poison the web cache and prevent other sites from requesting certain resources [CVE-2011-0163]. The vendor reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information.

Solution:   The vendor has issued a fix (4.3).

The vendor's advisory is available at:

http://support.apple.com/kb/HT4564

Vendor URL:  support.apple.com/kb/HT4564 (Links to External Site)
Cause:   Access control error, Boundary error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC