Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2429 iOS 13.6 and iPadOS 13.6 address multiple vulnerabilities 16 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: iOS iPadOS Publisher: Apple Operating System: Apple iOS Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Existing Account Unauthorised Access -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-9936 CVE-2020-9934 CVE-2020-9933 CVE-2020-9931 CVE-2020-9925 CVE-2020-9923 CVE-2020-9918 CVE-2020-9917 CVE-2020-9916 CVE-2020-9915 CVE-2020-9914 CVE-2020-9911 CVE-2020-9910 CVE-2020-9909 CVE-2020-9907 CVE-2020-9903 CVE-2020-9895 CVE-2020-9894 CVE-2020-9893 CVE-2020-9891 CVE-2020-9890 CVE-2020-9889 CVE-2020-9888 CVE-2020-9885 CVE-2020-9878 CVE-2020-9865 CVE-2020-9862 CVE-2019-19906 CVE-2019-14899 Reference: ESB-2020.0310 ESB-2019.4770.2 Original Bulletin: https://support.apple.com/en-us/HT211288 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6 iOS 13.6 and iPadOS 13.6 are now available and address the following: Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab AVEVideoEncoder Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9907: an anonymous researcher Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may cause an unexpected application termination Description: A denial of service issue was addressed with improved input validation. CVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab CoreFoundation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to view sensitive user information Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2020-9934: an anonymous researcher Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud GeoServices Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to read sensitive location information Description: An authorization issue was addressed with improved state management. CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. iAP Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2020-9914: Andy Davis of NCC Group ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-9923: Proteas Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9909: Brandon Azad of Google Project Zero Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service Description: An input validation issue was addressed. CVE-2019-19906 Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha) Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security Safari Login AutoFill Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious attacker may cause Safari to suggest a password for the wrong domain Description: A logic issue was addressed with improved restrictions. CVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) Safari Reader Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy Description: A logic issue was addressed with improved restrictions. CVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. CVE-2020-9915: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel GroÃ\x{159} of Google Project Zero WebKit Page Loading Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10) WebKit Web Inspector Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. CVE-2020-9862: Ophir Lojkine (@lovasoa) Wi-Fi Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) WiFi Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9917: an anonymous researcher, Pradeep Deokate of Harman Additional recognition Bluetooth We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. USB Audio We would like to acknowledge Andy Davis of NCC Group for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.6 and iPadOS 13.6". - -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8POhUACgkQBz4uGe3y 0M3VAA/3ciev1rSP1w547PW3gsdGviEqUD6d5cNWfVKyIywIwqhXD24bNn471XPe ufoLyxB/SlH9yKcHjuNYmeL+tu+4Gqx+YvaNTrKkBlh0DP7bB7y1vKVDbHjTsSbx ecrPfDI3ZHXXux9+1fYZ47ISnJDakqVEI3bAw7JFtwL4DmQYdyk+xaUVTXTXksoV YwXin1usgQUZp921ygUNzP5kMwwdmbwenMS+U5s270TlSFPLflB61iykZCEOt7n4 sQqpv1A1GQPigTAPZOevl/TyfUAzRxXhOjXoBw6GSHXmfrLdkT72cw+VuIxZ2rpG 5VGkORd8S0PNDPndLYUb3VxKa4GucbuFd/f4YY4xhJuyZj1ANidPmSn1QkviqCjz 47pvdvWIQpRAQZv4yhlCfcZPYYwkHOPLsmSYbUdfKZvMHx+GneJp4T6ofZ5E7pvQ W354Asbg8fSFbx0jbmQpI0jJIgwLy8ydMVf1HsqToM/mSwTRQBjONNGQweHIdfXQ Z1PJ4cmOTutRmGLgDHIikVkq8mIu+1EOWBkLAXoZrn7d9pbosHZG/5OT3rpXpQU2 FykbSj7EkVyEJ978rAaynixaiuNbaw39osKaP4H5LcFhzyM8tF3paiR0gXKhizTB w57KB0YW0QrWBupRIdAd+yH2jt6iNviLfkq7fUAzZ3hb1iikVw== =Tlxk - -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/security-announce/apple-security-announce%40auscert.org.au This email sent to apple-security-announce@auscert.org.au - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXw/c8eNLKJtyKPYoAQhw8A/+MvD292A7eaZSPq7BHSO61ewkw6+BJFCo 0upSH2/18T4D3UHqFyUccfdC3zJUZ2Fa4u9dMPTH5giw13JyqGuyo7RmcKvYr6X5 IsZyRUZp80zRBBzU2TywikGYhPUqiTvpoDaiTKGaztCyk+Musgei9OeVNDgv9Reg ASmHCezMG3f0JcB9026KouP+lksNeHGGrwjEhHUoPy11WvfIREQTMmuax4pBwmx4 J872jZybbeb5u6+W19m8TgQ/x32nfmQMVM48cIe3ciT5JecoujPW/zM+XSzTS2Xw NHmQp015JEeDWXkScFDoUX3cgErFRv/Cd5IzxJJI30nqft/RvolJyXn16zf3LO8A iHJdhdW1UatZZ4xLhpxpRL2r06QK2cyeufnojq+FP+WQFmaJrGvVhZr4BvIiW5Sw 8Qm5T93xaL0sUdTcbEPRPMtghp2Ug12SIPqmWrCH1ILv+F7CaJRLcO3BfFzNfyWW ioXyPh5kEqQ1NUsyDxpLUOa9DPGwnKhyMEGSB3ScfMULiTZNh421KW1pTb8d1qzZ x+nDeY/6vIYmDTnXwdcv+metkB8K9XvJSiHJXIdj9Pvk+XQ/O/eNboW+J0tGaaDc Av/pvJlrohBQM/TMfF1/C2Xbsn0lXXBbI3gzxPZEa4yVjIdfGvN7EI9kAH3E7sfI Im+BXrUhIrY= =M4gc -----END PGP SIGNATURE-----