ID

VAR-201504-0113

CVE

CVE-2015-1097

TITLE

Apple iOS and Apple TV of IOMobileFramebuffer Vulnerability in which important information is obtained

DESCRIPTION

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. Apple iOS and TV are prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to obtain sensitive information that may lead to further attacks. These issues are fixed in: Apple iOS 8.3 Apple TV 7.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-04-08-4 Apple TV 7.2 Apple TV 7.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOKit objects used by an audio driver. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-1086 Apple TV Available for: Apple TV 3rd generation and later Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security Research Team Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc. Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on iOS. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs Apple TV Available for: Apple TV 3rd generation and later Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team Apple TV Available for: Apple TV 3rd generation and later Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io Apple TV Available for: Apple TV 3rd generation and later Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc. Apple TV Available for: Apple TV 3rd generation and later Impact: Unnecessary information may be sent to external servers when downloading podcast assets Description: When downloading assets for podcast a user was subscribed to, unique identifiers were sent to external servers. This issue was resolved by removing these identifiers. CVE-ID CVE-2015-1110 : Alex Selivanov Apple TV Available for: Apple TV 3rd generation and later Impact: Hardware identifiers may be accessible by third-party apps Description: An information disclosure issue existed in the third- party app sandbox. This issue was addressed by improving the sandbox profile. CVE-ID CVE-2015-1114 Apple TV Available for: Apple TV 3rd generation and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1068 : Apple CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative CVE-2015-1070 : Apple CVE-2015-1071 : Apple CVE-2015-1072 CVE-2015-1073 : Apple CVE-2015-1074 : Apple CVE-2015-1076 CVE-2015-1077 : Apple CVE-2015-1078 : Apple CVE-2015-1079 : Apple CVE-2015-1080 : Apple CVE-2015-1081 : Apple CVE-2015-1082 : Apple CVE-2015-1083 : Apple CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5 6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK 1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX CerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn A33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J BioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3 j876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy MJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW PsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz UPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb vjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i iPMObURhCq+xIYRUTKXE =ktgN -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

information disclosure

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Alex Selivanov, Barak Gabai of the IBM X-Force Application Security Research Team, Cererdlong of Alibaba Mobile Security Team, Ikuya Fukumoto and Apple

SOURCES

LAST UPDATE DATE

2024-11-23T21:22:26.097000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE