VARIoT IoT vulnerabilities database
| VAR-201203-0075 | CVE-2012-0606 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0073 | CVE-2012-0604 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0072 | CVE-2012-0603 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0069 | CVE-2012-0600 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0074 | CVE-2012-0605 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0071 | CVE-2012-0602 | plural Apple Used in products WebKit Vulnerabilities in arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0070 | CVE-2012-0601 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0045 | CVE-2012-0597 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0068 | CVE-2012-0599 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0044 | CVE-2012-0596 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-1 iTunes 10.6
iTunes 10.6 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit
| VAR-201203-0043 | CVE-2012-0595 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-1 iTunes 10.6
iTunes 10.6 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit
| VAR-201203-0046 | CVE-2012-0598 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0038 | CVE-2012-0590 | plural Apple Used in products WebKit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. WebKit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be
exploited to disclose sensitive information by tricking the user into
visiting a malicious website.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
9) A cross-origin error in the WebKit component can be exploited to
bypass the same-origin policy and disclose a cookie by tricking the
user into visiting a malicious website.
12) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA45698
SA46049
SA46308
SA46594
SA46815
SA47231
SA47694
Successful exploitation of vulnerabilities #2, #4, #8, and #12 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0042 | CVE-2012-0594 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-1 iTunes 10.6
iTunes 10.6 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit
| VAR-201203-0037 | CVE-2012-0589 | plural Apple Used in products WebKit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be
exploited to disclose sensitive information by tricking the user into
visiting a malicious website.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
9) A cross-origin error in the WebKit component can be exploited to
bypass the same-origin policy and disclose a cookie by tricking the
user into visiting a malicious website.
12) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA45698
SA46049
SA46308
SA46594
SA46815
SA47231
SA47694
Successful exploitation of vulnerabilities #2, #4, #8, and #12 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0036 | CVE-2012-0588 | plural Apple Used in products WebKit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be
exploited to disclose sensitive information by tricking the user into
visiting a malicious website.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
9) A cross-origin error in the WebKit component can be exploited to
bypass the same-origin policy and disclose a cookie by tricking the
user into visiting a malicious website.
12) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
For more information:
SA45698
SA46049
SA46308
SA46594
SA46815
SA47231
SA47694
Successful exploitation of vulnerabilities #2, #4, #8, and #12 may
allow execution of arbitrary code.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201203-0041 | CVE-2012-0593 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-1 iTunes 10.6
iTunes 10.6 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit
| VAR-201203-0040 | CVE-2012-0592 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The flaw exists within the JavaScriptCore component as used by WebKit. This module is responsible for the in browser implementation of JavaScript. When handling the array.splice method the browser improperly calculates the length, and thus allocation size for the newly modified array. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. Failed exploit attempts will crash the application.
NOTE: This issue was previously discussed in BID 52365 (WebKit Multiple Unspecified Memory Corruption Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be
exploited to disclose sensitive information by tricking the user into
visiting a malicious website.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
11) Multiple unspecified errors within the WebKit component can be
exploited to conduct cross-site scripting attacks.
12) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-1 iTunes 10.6
iTunes 10.6 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit
| VAR-201203-0039 | CVE-2012-0591 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. WebKit is prone to multiple unspecified memory-corruption vulnerabilities.
An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application.
Few technical details are currently available. We will update this BID when more information emerges.
Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. WebKit is vulnerable when used in Apple iOS versions prior to 5.1 and iTunes prior to 10.6. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
2) An integer underflow error within the HFS component when handling
HFS catalog files can be exploited by mounting a maliciously crafted
disk image.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
For more information see vulnerability #21 in:
SA47843
5) A race condition error in the Passcode Lock component when
handling slide to dial gestures can be exploited to bypass the
Passcode Lock screen.
6) The weakness is caused due to the Private Browsing mode in Safari
not properly preventing recording of visits to certain sites using
the pushState or replaceState JavaScript methods.
7) An error within the Siri component when handling voice commands
can be exploited to bypass the screen lock and forward an open mail
message to an arbitrary recipient.
8) A format string error in the VPN component when handling racoon
configuration files can be exploited to execute arbitrary code via a
specially crafted racoon configuration file.
10) An error within the WebKit component when handling drag-and-drop
actions can be exploited to conduct cross-site scripting attacks.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
10) Adam Barth, Google Chrome Security Team.
11) Sergey Glazunov, Jochen Eisinger of Google Chrome Team, Alan
Austin of polyvore.com.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-1 iTunes 10.6
iTunes 10.6 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit
| VAR-201203-0035 | CVE-2012-0587 | plural Apple Used in products WebKit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Apple iOS Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
RELEASE DATE:
2012-03-09
DISCUSS ADVISORY:
http://secunia.com/advisories/48288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in Apple
iOS, which can be exploited by malicious people with physical access
to bypass certain security restrictions and by malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and compromise a user's device.
1) An error within the CFNetwork component when handling URLs can be
exploited to disclose sensitive information by tricking the user into
visiting a malicious website.
3) A logic error within the kernel does not properly handle debug
system calls and can be exploited to bypass the sandbox
restrictions.
4) An integer overflow error within the libresolv library when
handling DNS resource records can be exploited to corrupt heap
memory.
9) A cross-origin error in the WebKit component can be exploited to
bypass the same-origin policy and disclose a cookie by tricking the
user into visiting a malicious website.
12) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.
SOLUTION:
Apply iOS 5.1 Software Update.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Erling Ellingsen, Facebook.
2, 8) pod2g.
3) 2012 iOS Jailbreak Dream Team.
5) Roland Kohler, the German Federal Ministry of Economics and
Technology.
6) Eric Melville, American Express.
9) Sergey Glazunov.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT5192
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
iOS 5.1 Software Update is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
unexpected request headers.
CVE-ID
CVE-2012-0641 : Erling Ellingsen of Facebook
HFS
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Mounting a maliciously crafted disk image may lead to a
device shutdown or arbitrary code execution
Description: An integer underflow existed with the handling of HFS
catalog files.
CVE-ID
CVE-2012-0642 : pod2g
Kernel
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious program could bypass sandbox restrictions
Description: A logic issue existed in the handling of debug system
calls. This may allow a malicious program to gain code execution in
other programs with the same user privileges.
CVE-ID
CVE-2012-0643 : 2012 iOS Jailbreak Dream Team
libresolv
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Applications that use the libresolv library may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: An integer overflow existed in the handling of DNS
resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive
Passcode Lock
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A race condition issue existed in the handling of slide
to dial gestures. This may allow a person with physical access to the
device to bypass the Passcode Lock screen.
CVE-ID
CVE-2012-0644 : Roland Kohler of the German Federal Ministry of
Economics and Technology
Safari
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Web page visits may be recorded in browser history even when
Private Browsing is active
Description: Safari's Private Browsing is designed to prevent
recording of a browsing session. Pages visited as a result of a site
using the JavaScript methods pushState or replaceState were recorded
in the browser history even when Private Browsing mode was active.
This issue is addressed by not recording such visits when Private
Browsing is active.
CVE-ID
CVE-2012-0585 : Eric Melville of American Express
Siri
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: An attacker with physical access to a locked phone could get
access to frontmost email message
Description: A design issue existed in Siri's lock screen
restrictions. If Siri was enabled for use on the lock screen, and
Mail was open with a message selected behind the lock screen, a voice
command could be used to send that message to an arbitrary recipient.
This issue is addressed by disabling forwarding of active messages
from the lock screen.
CVE-ID
CVE-2012-0645
VPN
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A maliciously crafted system configuration file may lead to
arbitrary code execution with system privileges
Description: A format string vulnerability existed in the handling
of racoon configuration files.
CVE-ID
CVE-2012-0646 : pod2g
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of cookies
Description: A cross-origin issue existed in WebKit, which may allow
cookies to be disclosed across origins.
CVE-ID
CVE-2011-3887 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website and dragging content
with the mouse may lead to a cross-site scripting attack
Description: A cross-origin issue existed in WebKit, which may allow
content to be dragged and dropped across origins.
CVE-ID
CVE-2012-0590 : Adam Barth of Google Chrome Security Team
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: Multiple cross-origin issues existed in WebKit.
CVE-ID
CVE-2011-3881 : Sergey Glazunov
CVE-2012-0586 : Sergey Glazunov
CVE-2012-0587 : Sergey Glazunov
CVE-2012-0588 : Jochen Eisinger of Google Chrome Team
CVE-2012-0589 : Alan Austin of polyvore.com
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-2833 : Apple
CVE-2011-2846 : Arthur Gerkis, miaubiz
CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense
VCP
CVE-2011-2857 : miaubiz
CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2867 : Dirk Schulze
CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google
Chrome Security Team using AddressSanitizer
CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2877 : miaubiz
CVE-2011-3885 : miaubiz
CVE-2011-3888 : miaubiz
CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative
CVE-2011-3908 : Aki Helin of OUSPG
CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu
CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2012-0591 : miaubiz, and Martin Barbella
CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day
Initiative
CVE-2012-0593 : Lei Zhang of the Chromium development community
CVE-2012-0594 : Adam Klein of the Chromium development community
CVE-2012-0595 : Apple
CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0597 : miaubiz
CVE-2012-0598 : Sergey Glazunov
CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com
CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google
Chrome, miaubiz, Aki Helin of OUSPG, Apple
CVE-2012-0601 : Apple
CVE-2012-0602 : Apple
CVE-2012-0603 : Apple
CVE-2012-0604 : Apple
CVE-2012-0605 : Apple
CVE-2012-0606 : Apple
CVE-2012-0607 : Apple
CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0611 : Martin Barbella using AddressSanitizer
CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0615 : Martin Barbella using AddressSanitizer
CVE-2012-0616 : miaubiz
CVE-2012-0617 : Martin Barbella using AddressSanitizer
CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0621 : Martin Barbella using AddressSanitizer
CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome
Security Team
CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0624 : Martin Barbella using AddressSanitizer
CVE-2012-0625 : Martin Barbella
CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0627 : Apple
CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of
Google Chrome Security Team using AddressSanitizer
CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0630 : Sergio Villar Senin of Igalia
CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using
AddressSanitizer
CVE-2012-0633 : Apple
CVE-2012-0635 : Julien Chaffraix of the Chromium development
community, Martin Barbella using AddressSanitizer
Installation note:
This update is only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "5.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq
4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM
bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY
RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90
HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6
7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY=
=qPeE
-----END PGP SIGNATURE-----