copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.1059 - [Apple iOS] iOS: Multiple vulnerabilities

Date: 01 July 2014
References: ASB-2013.0083  ESB-2013.0994  ASB-2013.0114  ESB-2013.1530  ASB-2014.0057  ESB-2014.0657  ESB-2014.0792  ESB-2014.1058.2  ESB-2014.1057  ESB-2014.1060  
ESB-2014.1615  ESB-2014.1880  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1059
                                 iOS 7.1.2
                                1 July 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          iOS
Publisher:        Apple
Operating System: Apple iOS
Impact/Access:    Root Compromise                 -- Existing Account            
                  Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
                  Access Confidential Data        -- Remote/Unauthenticated      
                  Provide Misleading Information  -- Remote with User Interaction
                  Unauthorised Access             -- Remote/Unauthenticated      
                  Reduced Security                -- Unknown/Unspecified         
Resolution:       Patch/Upgrade
CVE Names:        CVE-2014-1731 CVE-2014-1382 CVE-2014-1368
                  CVE-2014-1367 CVE-2014-1366 CVE-2014-1365
                  CVE-2014-1364 CVE-2014-1363 CVE-2014-1362
                  CVE-2014-1361 CVE-2014-1360 CVE-2014-1359
                  CVE-2014-1358 CVE-2014-1357 CVE-2014-1356
                  CVE-2014-1355 CVE-2014-1354 CVE-2014-1353
                  CVE-2014-1352 CVE-2014-1351 CVE-2014-1350
                  CVE-2014-1349 CVE-2014-1348 CVE-2014-1346
                  CVE-2014-1345 CVE-2014-1343 CVE-2014-1342
                  CVE-2014-1341 CVE-2014-1339 CVE-2014-1338
                  CVE-2014-1337 CVE-2014-1336 CVE-2014-1335
                  CVE-2014-1334 CVE-2014-1333 CVE-2014-1331
                  CVE-2014-1330 CVE-2014-1329 CVE-2014-1327
                  CVE-2014-1326 CVE-2014-1325 CVE-2014-1323
                  CVE-2013-2927 CVE-2013-2875 

Reference:        ASB-2014.0057
                  ESB-2014.1057
                  ESB-2014.0792
                  ESB-2014.0657
                  ASB-2013.0114
                  ASB-2013.0083
                  ESB-2013.1530
                  ESB-2013.0994
                  ESB-2014.1058.2

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-3 iOS 7.1.2

iOS 7.1.2 is now available and addresses the following:

Certificate Trust Policy
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Update to the certificate trust policy
Description:  The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.

CoreGraphics
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Viewing a maliciously crafted XBM file may lead to an
unexpected application termination or arbitrary code execution
Description:  An unbounded stack allocation issue existed in the
handling of XBM files. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1354 : Dima Kovalenko of codedigging.com

Kernel
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An application could cause the device to unexpectedly
restart
Description:  A null pointer dereference existed in the handling of
IOKit API arguments. This issue was addressed through additional
validation of IOKit API arguments.
CVE-ID
CVE-2014-1355 : cunzhang from Adlab of Venustech

launchd
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A heap buffer overflow existed in launchd's handling of
IPC messages. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1356 : Ian Beer of Google Project Zero

launchd
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A heap buffer overflow existed in launchd's handling of
log messages. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1357 : Ian Beer of Google Project Zero

launchd
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An integer overflow existed in launchd. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-1358 : Ian Beer of Google Project Zero

launchd
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An integer underflow existed in launchd. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-1359 : Ian Beer of Google Project Zero

Lockdown
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker possessing an iOS device could potentially
bypass Activation Lock
Description:  Devices were performing incomplete checks during device
activation, which made it possible for malicious individuals to
partially bypass Activation Lock. This issue was addressed through
additional client-side verification of data received from activation
servers.
CVE-ID
CVE-2014-1360

Lock Screen
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  An attacker in possession of a device may exceed the maximum
number of failed passcode attempts
Description:  In some circumstances, the failed passcode attempt
limit was not enforced. This issue was addressed through additional
enforcement of this limit.
CVE-ID
CVE-2014-1352 : mblsec

Lock Screen
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to a locked device may be able
to access the application that was in the foreground prior to locking
Description:  A state management issue existed in the handling of the
telephony state while in Airplane Mode. This issue was addressed
through improved state management while in Airplane Mode.
CVE-ID
CVE-2014-1353

Mail
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Mail attachments can be extracted from an iPhone 4
Description:  Data protection was not enabled for mail attachments,
allowing them to be read by an attacker with physical access to the
device. This issue was addressed by changing the encryption class of
mail attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs

Safari
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A use after free issue existed in Safari's handling of
invalid URLs. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan

Settings
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A person with physical access to the device may be able to
disable Find My iPhone without entering an iCloud password
Description:  A state management issue existed in the handling of the
Find My iPhone state. This issue was addressed through improved
handling of Find My iPhone state.
CVE-ID
CVE-2014-1350

Secure Transport
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Two bytes of uninitialized memory could be disclosed to a
remote attacker
Description:  An uninitialized memory access issue existed in the
handling of DTLS messages in a TLS connection. This issue was
addressed by only accepting DTLS messages in a DTLS connection.
CVE-ID
CVE-2014-1361 : Thijs Alkemade of The Adium Project

Siri
Available for:  iPhone 4S and later,
iPod touch (5th generation) and later,
iPad (3rd generation) and later
Impact:  A person with physical access to the phone may be able to
view all contacts
Description:  If a Siri request might refer to one of several
contacts, Siri displays a list of possible choices and the option
'More...' for a complete contact list. When used at the lock screen,
Siri did not require the passcode before viewing the complete contact
list. This issue was addressed by requiring the passcode.
CVE-ID
CVE-2014-1351 : Sherif Hashim

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2014-1731 : an anonymous member of the Blink development
community

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious site can send messages to a connected frame or
window in a way that might circumvent the receiver's origin check
Description:  An encoding issue existed in the handling of unicode
characters in URLs. A maliciously crafted URL could have led to
sending an incorrect postMessage origin. This issue was addressed
through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook

WebKit
Available for:  iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A maliciously crafted website may be able to spoof its
domain name in the address bar
Description:  A spoofing issue existed in the handling of URLs. This
issue was addressed through improved encoding of URLs.
CVE-ID
CVE-2014-1345 : Erling Ellingsen of Facebook


Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.1.2".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTsaK7AAoJEBcWfLTuOo7tfX8QAI3gb917qsoyNIRVPy3hRq3v
n6JJM2HBMiFuupE3cbaA0Kx0Gmyxdbdl0EFOjU0uTCqS3kutB/9/nTTZaRtWDS2I
pvZnvisGW5NeVD6F+WcRuR1ifLG1fihYWbLfsORV4iLl62FLae5kOWG1Z/RNW6xY
uAXEkq5mGRuEkYOD+nmvZoZMZkVcEqXassa+PpZVphkNvAPWE799sIfEeQUB8e3d
E4ZRAYBbM3peZHJKRafENhrYS4BFl92lQYfh10o/9eC8HIJ5Qo1JBLkzZi8D+z/2
RaUcGhyzgMCuQZBGdwQ8rAF6dn5A7y4TnRs7EpPp7cNe+OofkOO1Ya0rs3IRx/ds
V+vmnZrQw38YIfG45tQpO8MYrRivJNjmrQWHeuKyAfXxtAdTdmnOOVYJZvy5cklX
IbwBziUHuiNi666Vqf+Abwl2FUx4ksrxtnvojY5SPOxhyJR34Ex15QVojOTD2pqp
qyVNpy3l+5G/6kBPzDKhXJ3kOVjlO9MZerOK9hQekn80A5B0dKbNdCwehXGSkL9d
WxrA+CPva3pryc75h1x740w8KiP4pr0p1sZKjZCRIR103A2F8/NFK3M7JgJSbDrR
PKoWqou+oPP98gdRHwZxdwLaGSj/fJFBysIlUnVG2Q/UnM5g2MZXCL6JSg+PWETH
DpRuZyHlmSF53n37vSR/
=JmVc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU7IrtRLndAQH1ShLAQIumg//TSygObiEDYeGp1W2hp4Gf+9DcAtAwknD
HtsDKJ/QUmedTjoAON1lklB9V0flaHf6H9MeJM8e9cMiHLaNMm6WmBU++ndrdgiu
CigN8vV46V3hlM8xiDhI3fyI9YmvTpkr9gsRzzvRQiYnoLoe4JYxfSGOcx2vocRM
3KQW8lw2qJMc0k3YMXQQhyNyxR72UwEM5TXIyzoXX3yIRRyWPMIkBnNH/gZ+UJly
uurnuX2dxtaiGx5mgNa8re18FWhAMpyk0p+pxM3QuP0+ExhQeNE5mOSDuL4Bh0Yw
9+TKlrEHtzuUcDdbu4j42Dyk0aMz+gh7rTc9v3i9o/f17Ry2+y6aUDt2WkkS7fSK
ZodmIjM3jbIYVKlcvx+g85+QPq5MgFJncNMo+SbsUj9ziNY8fK4C9i8WmaCYL54F
lybwvQC3u8SvkpuFLxbimGRFKhutPypu2pWLPXxn94ULRr9j7UpE0xh3dGkurYyO
2W8dLzt5EyOKECVgUgBLYy7dpquouwKmYF3ftbbntVNp3ZD9+G6niAqIk5Y7InvC
8AGZQuNz6ATwtkZ5Ab8AZk8EbRmge3i2Jxe9arOFwbZgR63bT8es4FzHAlanGWDB
BWvc/PXckI8x+O5FETXjAL0ymFqK2PqSKMWTAtfSxiB7x4m3IKg+R6DPGv5EZmRF
SfmlsSXUFwU=
=sPIi
-----END PGP SIGNATURE-----