Apple iOS Security Issue and Multiple Vulnerabilities
Last Update Date:
19 Sep 2014 16:38
Release Date:
19 Sep 2014
4383
Views
RISK: High Risk
TYPE: Operating Systems - Mobile & Apps
A security issue and multiple vulnerabilities have been identified in Apple iOS, which can be exploited by malicious people with physical access to disclose potentially sensitive information and bypass certain security restrictions and by malicious people to disclose certain sensitive information and compromise a vulnerable device.
- An unspecified error related to unlocking behavior can be exploited to bypass the screen lock.
- The Mail component does not properly handle the LOGINDISABLED IMAP capability. This can be exploited to disclose user credentials via e.g. Man-in-the-Middle (MitM) attacks.
- An error exists within the Safari component.
- An error when handling text message previews can be exploited to disclose received text messages.
- An error within the Weather component related to API used to determine local weather can be exploited to disclose physical location of a user via Man-in-the-Middle (MitM) attacks.
- Multiple errors exist within the WebKit component.
Impact
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Versions prior to 8 running on iPhone 4s and later
- iPod touch (5th generation) and later
- iPad 2 and later
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 8.
Vulnerability Identifier
- CVE-2013-6663
- CVE-2014-1360
- CVE-2014-1384
- CVE-2014-1385
- CVE-2014-1387
- CVE-2014-1388
- CVE-2014-1389
- CVE-2014-4356
- CVE-2014-4363
- CVE-2014-4366
- CVE-2014-4374
- CVE-2014-4377
- CVE-2014-4381
- CVE-2014-4410
- CVE-2014-4411
- CVE-2014-4412
- CVE-2014-4413
- CVE-2014-4414
- CVE-2014-4415
Source
Related Link
Share with