Date: 11 November 2011
References: ESB-2011.1032 ESB-2011.1034 ESB-2011.1157 ESB-2011.1165 ESB-2012.0114
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.1139
iOS 5.0.1 Software Update
11 November 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iOS
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-3442 CVE-2011-3441 CVE-2011-3440
CVE-2011-3439 CVE-2011-3246
Reference: ESB-2011.1034
ESB-2011.1032
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
iOS 5.0.1 Software Update is now available and addresses the
following:
CFNetwork
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of maliciously
crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL,
CFNetwork could navigate to an incorrect server.
CVE-ID
CVE-2011-3246 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Viewing a document containing a maliciously crafted font may
lead to arbitrary code execution
Description: Multiple memory corruption issues existed in FreeType,
the most serious of which may lead to arbitrary code execution when
processing a maliciously crafted font.
CVE-ID
CVE-2011-3439 : Apple
Data Security
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: Two certificate authorities in the list of trusted root
certificates have independently issued intermediate certificates to
DigiCert Malaysia. DigiCert Malaysia has issued certificates with
weak keys that it is unable to revoke. An attacker with a privileged
network position could intercept user credentials or other sensitive
information intended for a site with a certificate issued by DigiCert
Malaysia. This issue is addressed by configuring default system trust
settings so that DigiCert Malaysia's certificates are not trusted. We
would like to acknowledge Bruce Morton of Entrust, Inc. for reporting
this issue.
Kernel
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: An application may execute unsigned code
Description: A logic error existed in the mmap system call's
checking of valid flag combinations. This issue may lead to a bypass
of codesigning checks. This issue does not affect devices running
iOS prior to version 4.3.
CVE-ID
CVE-2011-3442 : Charlie Miller of Accuvant Labs
libinfo
Available for: iOS 3.0 through 5.0 for iPhone 3GS,
iPhone 4 and iPhone 4S,
iOS 3.1 through 5.0 for iPod touch (3rd generation) and later,
iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in libinfo's handling of DNS name
lookups. When resolving a maliciously crafted hostname, libinfo could
return an incorrect result.
CVE-ID
CVE-2011-3441 : Erling Ellingsen of Facebook, Per Johansson of
Blocket AB
Passcode Lock
Available for: iOS 4.3 through 5.0 for iPad 2
Impact: A person with physical access to a locked iPad 2 may be able
to access some of the user's data
Description: When a Smart Cover is opened while iPad 2 is confirming
power off in the locked state, the iPad does not request a passcode.
This allows some access to the iPad, but data protected by Data
Protection is inaccessible and apps cannot be launched.
CVE-ID
CVE-2011-3440
Installation note:
This update is only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.
The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be
"5.0.1 (9A405)".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuxWjAAoJEGnF2JsdZQeeYkAH/1Yz7Y7kSrJKjNeGyxLpliM8
1r33Xu0r6+WJgrjq1Ym4S6Yz1SJvz6uyvt8yLlKMxQHpYxmTjoToVbzvCvr81Kam
tpXhpfihRtwzSDEJAV7jRShtylVwoTIfUBTp982eun+2PrJmHI3P070pgCjUiT/C
63O4sen+K0hhT2cJxzWYsw1hmXv8OAmy+snUOh44ovMEa10KrpOqxr6sjrSfBbpU
gHyD1BOVB5VPUWSpj+R9/Eji634StaPkmy1yp+iv926MpGMGYT8mB07ec4MP4C78
b7ZaKzmhZILikMR6+fiOUWIZJQ0M8TYzyMol15DP/5mnXiHr46eZvsqWeAuvsok=
=RjAe
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTrxx0+4yVqjM2NGpAQLtvA/+LcylhkfxfIbDK+/3reSuFtB2FKFdbvX2
u0RdOzUwnadHNhc7t1HwQReMBpdYqkDgOoIojPrpjZZCHZ2cCV3Li65PhD2cNtLv
DoBViKoBjb7KHtMHbylVJ7VY9lCFuzqgQeKcG0C/TVxJwG74cY91lSr7EjrjdBqM
Cab+2Q1USNlL5gt0WYFwW+tFNMTAfJ1sTbsVKaYClAPfjTQzTczrQ14ZxJQN8zvm
HQbVPhvOK8dk9mEze2DdCf7Zog0WJzHS33QKZs9iuFS7WLOaPjF0TNUhzVsuxqWK
DVRXz6F489btJU7ye0omdQYdiWml2upyLiMSxz6Xrcj+tT2Vp/eO1ORa1kiO+eX6
MrB/ovgyeST9ZjLcr9A2F6hH+5tyg84GQOBTQureod1dOZIARa2J/eKiBzH5ZvPi
M9Mv7Oqyiq1xeUAo0N5lhfCuuPEi5Kjem7/Znzq47/PYaRybCQXTFUYO6818Osb5
LtD66et5HIQT7AZOuLYX0rvhf2Y9JWcU0KBwtPItRI0nqO3TV6jEE6Rzm1857Wnm
AvinxD645Jp9JdHY+3habyGSkT3lwdDk4mna7fxCHzr8x3d9WNTxpWV3aVAL1t0G
p2fIryCpfdh4fUb023uSHAV4vUra+g5/MExoJKMmtWJucOtYXZqoPG3EDcJ67zld
C5EPUV6fYew=
=W/Ht
-----END PGP SIGNATURE-----
|