Apple iOS Multiple Vulnerabilities
Last Update Date:
9 Mar 2012 11:28
Release Date:
9 Mar 2012
5929
Views
RISK: High Risk
TYPE: Operating Systems - Mobile & Apps
Multiple vulnerabilities have identified in Apple iOS. A remote user can conduct cross-site scripting attacks, obtain potentially sensitive information and cause arbitrary code to be executed on the target user's system. A local user can bypass the screen lock.
- A remote user can create a specially crafted URL that, when loaded by the target user, will cause CFNetwork to send unexpected request headers and disclose potentially sensitive information.
- A user can create a specially crafted HFS disk image that, when loaded by the target user, will trigger an integer underflow and cause the system to shutdown or execute arbitrary code.
- A user can run a specially crafted program to exploit a bug in the handling of debug system calls and bypass sandbox restrictions.
- A physically local user can bypass the screen lock passcode function.
- A remote user can cause web page visits to be recorded in the browser history when Private Browsing is active by exploiting the JavaScript methods pushState and replaceState.
- A physically local user can use Siri to access a front-most email message selected behind a lock screen.
- A remote user can create a specially crafted Racoon configuration file to trigger a format string flaw and execute arbitrary code with system privileges.
- A remote user can cause arbitrary scripting code to be executed by the target user's browser.The code will run in the security context of an arbitrary site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
- A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a memory corruption error in WebKit and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Impact
- Cross-Site Scripting
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple iOS prior to version 5.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 5.1
Vulnerability Identifier
- CVE-2011-2825
- CVE-2011-2833
- CVE-2011-2846
- CVE-2011-2847
- CVE-2011-2854
- CVE-2011-2855
- CVE-2011-2857
- CVE-2011-2860
- CVE-2011-2867
- CVE-2011-2868
- CVE-2011-2869
- CVE-2011-2870
- CVE-2011-2871
- CVE-2011-2872
- CVE-2011-2873
- CVE-2011-2877
- CVE-2011-3453
- CVE-2011-3881
- CVE-2011-3885
- CVE-2011-3887
- CVE-2011-3888
- CVE-2011-3897
- CVE-2011-3908
- CVE-2011-3909
- CVE-2011-3928
- CVE-2012-0585
- CVE-2012-0586
- CVE-2012-0587
- CVE-2012-0588
- CVE-2012-0589
- CVE-2012-0590
- CVE-2012-0591
- CVE-2012-0592
- CVE-2012-0593
- CVE-2012-0594
- CVE-2012-0595
- CVE-2012-0596
- CVE-2012-0597
- CVE-2012-0598
- CVE-2012-0599
- CVE-2012-0600
- CVE-2012-0601
- CVE-2012-0602
- CVE-2012-0603
- CVE-2012-0604
- CVE-2012-0605
- CVE-2012-0606
- CVE-2012-0607
- CVE-2012-0608
- CVE-2012-0609
- CVE-2012-0610
- CVE-2012-0611
- CVE-2012-0612
- CVE-2012-0613
- CVE-2012-0614
- CVE-2012-0615
- CVE-2012-0616
- CVE-2012-0617
- CVE-2012-0618
- CVE-2012-0619
- CVE-2012-0620
- CVE-2012-0621
- CVE-2012-0622
- CVE-2012-0623
- CVE-2012-0624
- CVE-2012-0625
- CVE-2012-0626
- CVE-2012-0627
- CVE-2012-0628
- CVE-2012-0629
- CVE-2012-0630
- CVE-2012-0631
- CVE-2012-0632
- CVE-2012-0633
- CVE-2012-0635
- CVE-2012-0641
- CVE-2012-0642
- CVE-2012-0643
- CVE-2012-0644
- CVE-2012-0645
- CVE-2012-0646
Source
Related Link
Share with