Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2018.2782
Apple Support 2.4 for iOS
19 September 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple Support 2.4 for iOS
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-4397
Original Bulletin:
https://support.apple.com/en-au/HT209117
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS
Apple Support 2.4 for iOS is now available and addresses the
following:
Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)
Installation note:
Apple Support 2.4 for iOS may be obtained from the iOS App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf7w4ACgkQeC9tht7T
K3Fh+BAAladfEhMqU/fHmTtXsfcmTAATaSpZOq1UF9uJ/J5RwR7OXQSkutOnNwcG
Vb0075qtoi7nTJQX94X/8qYgMvAmIYvuC/2Z7g7j4B93Co2sh4DgEmSQ1bcY5poi
3Crdd319vzfeGZ3FwqKEi6zUr7iydUA5R/f4nt6mTo0c57BFVXLVwHKMCm1iTpgk
WMatvf6fIOsxL/Q3X4DDn3sJAuVcNQTUeQIDtEaA1VT9gOuJBf5BOLXQDgYc6D84
qLKQ1sAgbtxmRYrCnbZKAvcKqWn77nvhjfaVq4OnSnjkLxowE1TD3XRzHJrdk3GN
x2ojRh3GwL2Iw15AYc3qEhI9cpJmOMdaKhu6C5UWKerILVP8lS/ygTKARSSW0id0
EfKu08f1Xi23uFiaqpSI2UBhMr0v9D49744ylUVGRVIGunqUJ0Nj9FmYBBKNRv5T
4RLGj5NsD5l7bCBBpKNA/n37ivcAetFGXpaxpAV5GGi45ZhYPK94EdbJuzte12GB
vRgyoN+LsphipjZc4Dzhu8smerpL9cIUWbINvAHfLwMEOhquTbJ6t96dHIbGOzC0
XpYbzVmYrVdCBcOZz5F+XwfOzGBWC74/tnHONeQopU8zB03vqrAEt9jM26hVtkfe
ztAS/8YR0xRcqvkx0bd7EwadbqbeDY5X+9DfwzjextQNPJz/vGA=
=s2QM
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW6HK/maOgq3Tt24GAQgczBAA2LqT0/67nOeFjAqWnrWy4C9kJO9igtVJ
TpMNffTtKCYg0RbBGcs3E1xOesQOOB5kv1XzlOHgzRdsebhcIH1IJ+IcI0gxnO8i
V19I1kM7ikwQ9TtalBCxUr1WUa90GCPryVSPEGiQpKLYCgdt9gXMh3i9xmoOWH1C
cpbO1JN2dgPLd/HynrmWaZy0uIu+liGim61rETEXcSkCa1pcfaYKWlYZCRicqExo
6lsz1yoEOoggeyvWsMzcVRqm2qkBKomBUBtI9yD3EieU4aFv4UxoGuoaXGuRvIWE
nqQY10eHv0DpfztAS0ZiJXmwFEs2qK1j+O1cNdj4L7ngOhUMR23bD1gUB5f1g9M4
KjTnyJMx2JKHftu6oWcDvnqfeZeg3xFu+55DBiVngLIPMdPa31D2a2CV9NUbXTcl
kYAyL2WRNtO/2tnWscKN//2ILC/fF7NiDdD/p6URKKpT+LT8FRvLcyuN5wJyqR1l
XHns4gPmAvUTKyz+204bgVx/tZk91Q/ZIXLiNwJpRBM2pWv9YCZnRyr8XcPY0Lj2
gh18f7WwERJNd41vBXGoaRwJ4D6ShllcHdjxbiXpBBjoiOe3k+KYcqvNlsHQOi6N
bKeMKZUkP0dzrHmXvc2EYijdvurorD3hAJcjo2Rrr014J9vuBSqbIqMlUTn5pwNu
xNPyAoWZ9t8=
=JeJL
-----END PGP SIGNATURE-----