exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 46377

Secunia Security Advisory 46377
Posted Oct 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device.

tags | advisory, denial of service, spoof, vulnerability, xss
systems | cisco, apple
SHA-256 | 9988e49869fae63b86783adbd73e8844b8f51e6f1dd9e4bb4108d87014ff4494

Secunia Security Advisory 46377

Change Mirror Download
----------------------------------------------------------------------

Ovum says ad hoc tools are out-dated. The best practice approach?
Fast vulnerability intelligence, threat handling, and setup in one tool.

Read the new report on the Secunia VIM:
http://secunia.com/products/corporate/vim/ovum_2011_request/

----------------------------------------------------------------------

TITLE:
Apple iOS Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA46377

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/46377/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

RELEASE DATE:
2011-10-14

DISCUSS ADVISORY:
http://secunia.com/advisories/46377/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)

http://secunia.com/advisories/46377/

ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=46377

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION:
Multiple vulnerabilities have been reported in Apple iOS, which can
be exploited by malicious people with physical access to disclose
certain information and by malicious people to conduct script
insertion, cross-site scripting, and spoofing attacks, disclose
sensitive information, bypass certain security restrictions, cause a
DoS (Denial of Service), and compromise a user's device.

1) An error within the CalDAV component does not properly validate
the SSL certificate when synchronizing the calendar, which can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.

2) Input passed via invitation notes is not properly sanitised in
Calendar before being returned to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious invitation is being viewed.

3) The CFNetwork component stores a user's AppleID password and
username in the log file readable by applications, which can be
exploited to disclose the credentials.

4) The CFNetwork component does not properly restrict cross-domain
access of HTTP cookies, which can be exploited to access the cookies
of another web site.

5) An error exists within CoreFoundation when handling string
tokenization.

For more information see vulnerability #1 in:
SA46339

6) Multiple errors within CoreGraphics when handling the certain
freetype fonts can be exploited to corrupt memory.

7) An error within CoreMedia does not properly handle cross-site
redirects and can be exploited to disclose video data.

8) An error exits within the Data Access component when handling
multiple accounts configured on the same server and can be exploited
to disclose the cookie of another account.

9) The application accepts X.509 certificates with MD5 hashes, which
could lead to weak cryptographic certificates being used. This can be
exploited to disclose encrypted information e.g. using a
Man-in-the-Middle (MitM) attack.

10) A design error exists within the implementation of SSL 3.0 and
TLS 1.0 protocols.

For more information:
SA46168

11) An error within ImageIO when handling CCITT Group 4 encoded TIFF
files can be exploited to cause a buffer overflow.

For more information see vulnerability #1 in:
SA43593

12) An error in ImageIO within the handling of CCITT Group 4 encoded
TIFF image files can be exploited to cause a heap-based buffer
overflow.

For more information see vulnerability #9 in:
SA45325

13) An error within ICU (International Components for Unicode) can be
exploited to cause a buffer overflow.

For more information see vulnerability #11 in:
SA45054

14) An error within the kernel does not reclaim memory from
incomplete TCP connections, which can be exploited to exhaust system
resources by connecting to a listening service and cause the device
to reset.

15) A NULL-pointer dereference error within the kernel when handling
IPv6 socket options can be exploited to cause the device to reset.

16) An error within libxml can be exploited to cause a heap-based
buffer overflow.

For more information see vulnerability #12 in:
SA45325

17) An error within OfficeImport when viewing certain Microsoft Word
files can be exploited to cause a buffer overflow.

18) An error within OfficeImport when viewing certain Microsoft Excel
files can be exploited to cause a buffer overflow.

19) An indexing error exists in the OfficeImport framework when
processing certain records in a Microsoft Word file.

For more information see vulnerability #19 in:
SA45054

20) An error in the OfficeImport framework when processing records
can be exploited to corrupt memory.

For more information see vulnerability #28 in:
SA43814

21) An error within Safari does not properly handle the "attachment"
HTTP Content-Disposition header and can be exploited to conduct
cross-site scripting attacks.

22) The parental restrictions feature stores the restrictions
passcode in plaintext on disk and can be exploited to disclose the
passcode.

23) An error within UIKit does not properly handle "tel:" URIs and
can be exploited to cause the device to hang by tricking the user
into visiting a malicious website.

24) Some vulnerabilities are caused due to a bundled vulnerable
version of WebKit.

For more information:
SA43519
SA43683
SA43696
SA43859
SA45097
SA45325
SA45325
SA45498
SA45498
SA46339
SA46412

25) The WiFi credentials are stored in a file readable by other
applications, which may lead to the credentials being disclosed.

Successful exploitation of vulnerabilities #6, #16 – #20, and #24 may
allow execution of arbitrary code.

SOLUTION:
Apply iOS 5 Software Update.

PROVIDED AND/OR DISCOVERED BY:
1) Leszek Tasiemski, nSense.
6, 9) Reported by the vendor.

The vendor credits:
2) Rick Deacon
3) Peter Quade, qdevelop
4) Erling Ellingsen, Facebook.
7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
8) Bob Sielken, IBM
14) Wouter van der Veer, Topicus and Josh Enders
15) Thomas Clement, Intego
17) Tobias Klein via iDefense.
18) Tobias Klein, www.trapkit.de
21) Christian Matthies via iDefense and Yoshinori Oota, Business
Architects via JP/CERT.
22) An anonymous person
23) Simon Young, Anglia Ruskin University
25) Laurent OUDOT, TEHTRI Security

ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT4999

nSense:
http://www.nsense.fi/advisories/nsense_2011_006.txt

OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close