You are here

U-121: Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information

March 9, 2012 - 7:00am

Addthis

PROBLEM:

Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information

PLATFORM:

Apple iOS Version(s): prior to 5.1

ABSTRACT:

Multiple vulnerabilities were reported in Apple iOS.
 

reference LINKS: 

SecurityTracker Alert ID: 1026774
Apple Security Updates
About the security content of iOS 5.1 Software Update

CVE-2012-0641, CVE-2012-0642, CVE-2012-0643, CVE-2011-3453, CVE-2012-0644, CVE-2012-0585, CVE-2012-0645, CVE-2012-0646
CVE-2011-3887, CVE-2012-0590, CVE-2011-3881, CVE-2012-0586, CVE-2012-0587, CVE-2012-0588, CVE-2012-0589, CVE-2011-2825
CVE-2011-2833, CVE-2011-2846, CVE-2011-2847, CVE-2011-2854, CVE-2011-2855, CVE-2011-2857, CVE-2011-2860, CVE-2011-2867
CVE-2011-2868, CVE-2011-2869, CVE-2011-2870, CVE-2011-2871, CVE-2011-2872, CVE-2011-2857, CVE-2011-2873, CVE-2011-2877
CVE-2011-3885, CVE-2011-3888, CVE-2011-3897, CVE-2011-3908, CVE-2011-3908, CVE-2011-3909, CVE-2011-3928, CVE-2012-0591
CVE-2012-0592, CVE-2012-0593, CVE-2012-0593, CVE-2012-0595, CVE-2012-0596, CVE-2012-0597, CVE-2012-0598, CVE-2012-0599
CVE-2012-0600, CVE-2012-0601, CVE-2012-0602, CVE-2012-0603, CVE-2012-0604, CVE-2012-0605, CVE-2012-0606, CVE-2012-0607
CVE-2012-0608, CVE-2012-0609, CVE-2012-0610, CVE-2012-0611, CVE-2012-0612, CVE-2012-0613, CVE-2012-0614, CVE-2012-0615
CVE-2012-0616, CVE-2012-0617, CVE-2012-0618, CVE-2012-0619, CVE-2012-0620, CVE-2012-0621, CVE-2012-0622, CVE-2012-0623
CVE-2012-0624, CVE-2012-0625, CVE-2012-0626, CVE-2012-0627, CVE-2012-0628, CVE-2012-0629, CVE-2012-0630, CVE-2012-0631
CVE-2012-0632, CVE-2012-0633, CVE-2012-0635

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Apple iOS. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks. A remote user can obtain potentially sensitive information. A local user can bypass the screen lock.

Impact:

A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. A remote user can obtain potentially sensitive information.

Solution:

The vendor's  iOS 5.1 Software Update  is available and additional downloads can be found on  Apple Support Downloads

 

Apple iOS Bugs Let Remote Users Execute Arbitrary Code, Conduct Cross-Site Scripting Attacks, and Obtain Potentially Sensitive Information

 

Addthis