Skip to main content

Apple iOS Multiple Vulnerabilities

Last Update Date: 12 Mar 2014 12:33 Release Date: 12 Mar 2014 4006 Views

RISK: High Risk

TYPE: Operating Systems - Mobile & Apps

TYPE: Mobile & Apps

Multiple vulnerabilities have been identified in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.

  1. The Configuration Profiles component does not properly verify expiration dates of mobile configuration profiles.
  2. An error exists when handling code signature validation of text relocation instructions in dynamic libraries within the dyld component, which can be exploited to bypass certain code signing requirements.
  3. An error exists when handling FaceTime calls from the lock screen within the FaceTime component, which can be exploited to access otherwise restricted FaceTime contacts.
  4. An error exists when handling JPEG2000 images in PDF files within the ImageIO component, which can be exploited to cause a buffer overflow via a specially crafted PDF file.
  5. An error related to libtiff exists within the ImageIO component.
  6. An error related to libjpeg exists within the ImageIO component.
  7. An error exists when handling application downloads via the Enterprise App Download within the iTunes Store component, which can be exploited to spoof an application download via Man-in-the-Middle (MitM) attacks.
  8. An error exists within the Office Viewer component.
  9. An error exists within the Safari component.
  10. The TelephonyUI Framework component does not properly restrict access to facetime-audio:// URLs, which can be exploited to perform an otherwise restricted FaceTime audio call without user interaction.
  11. An error exists when handling USB messages within the USB Host component, which can be exploited to cause memory corruption.
  12. Multiple unspecified errors within the WebKit component can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #4, #5, #8, #11 and #12 may allow execution of arbitrary code.