ID

VAR-201504-0120

CVE

CVE-2015-1104

TITLE

plural Apple Vulnerabilities that bypass the network filter protection mechanism in the product kernel

DESCRIPTION

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet. Apple TV/Mac OS X/iOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, obtain sensitive information, execute arbitrary code, gain elevated privileges, conduct phishing attacks and perform other attacks. Failed attacks may cause denial-of-service conditions. A remote attacker can exploit this vulnerability by sending specially crafted packets to bypass established network-filtering protection mechanisms. The following products and versions are affected: Apple iOS 8.2 and earlier, Apple OS X 10.10.2 and earlier, Apple TV 7.1 and earlier. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys. CVE-ID CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/en-us/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-04-08-4 Apple TV 7.2 Apple TV 7.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in IOKit objects used by an audio driver. This issue was addressed through improved validation of metadata. CVE-ID CVE-2015-1086 Apple TV Available for: Apple TV 3rd generation and later Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2015-1092 : Ikuya Fukumoto Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOAcceleratorFamily that led to the disclosure of kernel memory content. This issue was addressed by removing unneeded code. CVE-ID CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in MobileFrameBuffer that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security Research Team Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc. Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc. Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on iOS. This issue was addressed by disabling ICMP redirects. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team Apple TV Available for: Apple TV 3rd generation and later Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io Apple TV Available for: Apple TV 3rd generation and later Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc. Apple TV Available for: Apple TV 3rd generation and later Impact: Unnecessary information may be sent to external servers when downloading podcast assets Description: When downloading assets for podcast a user was subscribed to, unique identifiers were sent to external servers. This issue was resolved by removing these identifiers. CVE-ID CVE-2015-1110 : Alex Selivanov Apple TV Available for: Apple TV 3rd generation and later Impact: Hardware identifiers may be accessible by third-party apps Description: An information disclosure issue existed in the third- party app sandbox. This issue was addressed by improving the sandbox profile. CVE-ID CVE-2015-1114 Apple TV Available for: Apple TV 3rd generation and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1068 : Apple CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative CVE-2015-1070 : Apple CVE-2015-1071 : Apple CVE-2015-1072 CVE-2015-1073 : Apple CVE-2015-1074 : Apple CVE-2015-1076 CVE-2015-1077 : Apple CVE-2015-1078 : Apple CVE-2015-1079 : Apple CVE-2015-1080 : Apple CVE-2015-1081 : Apple CVE-2015-1082 : Apple CVE-2015-1083 : Apple CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics CVE-2015-1120 : Apple CVE-2015-1121 : Apple CVE-2015-1122 : Apple CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc. CVE-2015-1124 : Apple Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5 6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK 1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX CerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn A33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J BioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3 j876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy MJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW PsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz UPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb vjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i iPMObURhCq+xIYRUTKXE =ktgN -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco, Ilja van Sprundel of IOActive, Mark Mentovai of Google Inc, Zimperium Mobile Security Labs, Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab, Maxime Villard of m00nbsd, lokihardt@ASRT

SOURCES

LAST UPDATE DATE

2024-11-23T21:30:33.095000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE