You are here

V-080: Apple iOS Multiple Vulnerabilities

January 30, 2013 - 12:56am

Addthis

PROBLEM:

Apple iOS Multiple Vulnerabilities

PLATFORM:

Apple iOS 6.x for iPhone 3GS and later
Apple iOS for iPad 6.x
Apple iOS for iPod touch 6.x

ABSTRACT:

Two security issues and multiple vulnerabilities have been reported in Apple iOS

REFERENCE LINKS:

Article: HT5642
APPLE-SA-2013-01-28-1 iOS 6.1 Software Update
Secunia Advisory SA52002
CVE-2011-3058
CVE-2012-2619
CVE-2012-2824
CVE-2012-2857
CVE-2012-2889
CVE-2012-3606
CVE-2012-3607
CVE-2012-3621
CVE-2012-3632
CVE-2012-3687
CVE-2012-3701
CVE-2013-0948
CVE-2013-0949
CVE-2013-0950
CVE-2013-0951
CVE-2013-0952
CVE-2013-0953
CVE-2013-0954
CVE-2013-0955
CVE-2013-0956
CVE-2013-0958
CVE-2013-0959
CVE-2013-0962
CVE-2013-0963
CVE-2013-0964
CVE-2013-0968
CVE-2013-0974

IMPACT ASSESSMENT:

High

DISCUSSION:

Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.

1) An error when handling a validation failure of a AppleID certificate within the IdentityService can be exploited to potentially bypass the certificate-based AppleID authentication via an invalid AppleID certificate.

2) An error exists in International Components for Unicode.

3) An input validation error within the kernel can be exploited to bypass the validation check by using a pointer length of less than a page and access the first page of kernel memory.

4) An error when handling the JavaScript preferences of Safari in StoreKit can be exploited to re-enable JavaScript without user notice by visiting a site displaying a Smart App Banner.

5) Multiple vulnerabilities are caused due to a bundled vulnerable version of WebKit.

6) An unspecified error within WebKit can be exploited to corrupt memory.

7) Another unspecified error within WebKit can be exploited to corrupt memory.

8) Another unspecified error within WebKit can be exploited to corrupt memory.

9) Another unspecified error within WebKit can be exploited to corrupt memory.

10) Another unspecified error within WebKit can be exploited to corrupt memory.

11) Another unspecified error within WebKit can be exploited to corrupt memory.

12) Another unspecified error within WebKit can be exploited to corrupt memory.

13) Another unspecified error within WebKit can be exploited to corrupt memory.

14) Another unspecified error within WebKit can be exploited to corrupt memory.

15) Another unspecified error within WebKit can be exploited to corrupt memory.

16) Another unspecified error within WebKit can be exploited to corrupt memory.

17) Another unspecified error within WebKit can be exploited to corrupt memory.

Successful exploitation of vulnerabilities #3 and #5 through #17 may allow execution of arbitrary code.

18) Certain input pasted from a different origin is not properly sanitised in WebKit before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

19) Certain unspecified input related to frame handling is not properly sanitised before being returned to the user.

NOTE: Additionally a weakness exists within the handling of 802.11i information elements within Broadcom's BCM4325 and BCM4329 firmware, which can be exploited to disable WiFi.

IMPACT:

Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.

SOLUTION:

Apply iOS 6.1 Software Update

 

Addthis