Apple iOS Multiple Vulnerabilities
Last Update Date:
12 Mar 2014 12:33
Release Date:
12 Mar 2014
4006
Views
RISK: High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities have been identified in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.
- The Configuration Profiles component does not properly verify expiration dates of mobile configuration profiles.
- An error exists when handling code signature validation of text relocation instructions in dynamic libraries within the dyld component, which can be exploited to bypass certain code signing requirements.
- An error exists when handling FaceTime calls from the lock screen within the FaceTime component, which can be exploited to access otherwise restricted FaceTime contacts.
- An error exists when handling JPEG2000 images in PDF files within the ImageIO component, which can be exploited to cause a buffer overflow via a specially crafted PDF file.
- An error related to libtiff exists within the ImageIO component.
- An error related to libjpeg exists within the ImageIO component.
- An error exists when handling application downloads via the Enterprise App Download within the iTunes Store component, which can be exploited to spoof an application download via Man-in-the-Middle (MitM) attacks.
- An error exists within the Office Viewer component.
- An error exists within the Safari component.
- The TelephonyUI Framework component does not properly restrict access to facetime-audio:// URLs, which can be exploited to perform an otherwise restricted FaceTime audio call without user interaction.
- An error exists when handling USB messages within the USB Host component, which can be exploited to cause memory corruption.
- Multiple unspecified errors within the WebKit component can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #4, #5, #8, #11 and #12 may allow execution of arbitrary code.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
- Spoofing
System / Technologies affected
- Versions prior to 7.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 7.1
Vulnerability Identifier
- CVE-2012-2088
- CVE-2013-2909
- CVE-2013-2926
- CVE-2013-2928
- CVE-2013-5196
- CVE-2013-5197
- CVE-2013-5198
- CVE-2013-5199
- CVE-2013-5225
- CVE-2013-5227
- CVE-2013-5228
- CVE-2013-6625
- CVE-2013-6629
- CVE-2013-6635
- CVE-2013-6835
- CVE-2014-1252
- CVE-2014-1267
- CVE-2014-1269
- CVE-2014-1270
- CVE-2014-1273
- CVE-2014-1274
- CVE-2014-1275
- CVE-2014-1277
- CVE-2014-1287
- CVE-2014-1289
- CVE-2014-1290
- CVE-2014-1291
- CVE-2014-1292
- CVE-2014-1293
- CVE-2014-1294
Source
Related Link
Share with