---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52002 RELEASE DATE: 2013-01-29 DISCUSS ADVISORY: http://secunia.com/advisories/52002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device. 1) An error when handling a validation failure of a AppleID certificate within the IdentityService can be exploited to potentially bypass the certificate-based AppleID authentication via an invalid AppleID certificate. 2) An error exists in International Components for Unicode. For more information see vulnerability #2 in: SA48618 3) An input validation error within the kernel can be exploited to bypass the validation check by using a pointer length of less than a page and access the first page of kernel memory. 4) An error when handling the JavaScript preferences of Safari in StoreKit can be exploited to re-enable JavaScript without user notice by visiting a site displaying a Smart App Banner. 5) Multiple vulnerabilities are caused due to a bundled vulnerable version of WebKit. For more information: SA49724 SA50105 SA50577 6) An unspecified error within WebKit can be exploited to corrupt memory. 7) Another unspecified error within WebKit can be exploited to corrupt memory. 8) Another unspecified error within WebKit can be exploited to corrupt memory. 9) Another unspecified error within WebKit can be exploited to corrupt memory. 10) Another unspecified error within WebKit can be exploited to corrupt memory. 11) Another unspecified error within WebKit can be exploited to corrupt memory. 12) Another unspecified error within WebKit can be exploited to corrupt memory. 13) Another unspecified error within WebKit can be exploited to corrupt memory. 14) Another unspecified error within WebKit can be exploited to corrupt memory. 15) Another unspecified error within WebKit can be exploited to corrupt memory. 16) Another unspecified error within WebKit can be exploited to corrupt memory. 17) Another unspecified error within WebKit can be exploited to corrupt memory. Successful exploitation of vulnerabilities #3 and #5 through #17 may allow execution of arbitrary code. 18) Certain input pasted from a different origin is not properly sanitised in WebKit before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 19) Certain unspecified input related to frame handling is not properly sanitised before being returned to the user. For more information see vulnerability #1 in: SA50759 NOTE: Additionally a weakness exists within the handling of 802.11i information elements within Broadcom's BCM4325 and BCM4329 firmware, which can be exploited to disable WiFi. SOLUTION: Apply iOS 6.1 Software Update. PROVIDED AND/OR DISCOVERED BY: 1, 9, 13, and 14) Reported by the vendor The vendor credits: 3) Mark Dowd, Azimuth Security 4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison, BitCloud, and Marek Durcek 6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome Security Team 12) Dominic Cooney, Google and Martin Barbella, Google Chrome Security Team 17) Aaron Nelson 18) Mario Heiderich, Cure53 ORIGINAL ADVISORY: APPLE-SA-2013-01-28-1: http://support.apple.com/kb/HT5642 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------