copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2016.0139 - [Apple iOS] Apple iOS: Multiple vulnerabilities

Date: 20 January 2016
References: ESB-2016.0141  ESB-2016.0184  ESB-2016.0742  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0139
                                 iOS 9.2.1
                              20 January 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apple iOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-1730 CVE-2016-1728 CVE-2016-1727
                   CVE-2016-1726 CVE-2016-1725 CVE-2016-1724
                   CVE-2016-1723 CVE-2016-1722 CVE-2016-1721
                   CVE-2016-1720 CVE-2016-1719 CVE-2016-1717
                   CVE-2015-7995  

Original Bulletin: 
   https://support.apple.com/en-us/HT205732

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-01-19-1 iOS 9.2.1

iOS 9.2.1 is now available and addresses the following:

Disk Images
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team

IOHIDFamily
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1719 : Ian Beer of Google Project Zero

IOKit
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1720 : Ian Beer of Google Project Zero

Kernel
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend
Micro

libxslt
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  A type confusion issue existed in libxslt. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-7995 : puzzor

syslog
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with root
privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

WebKit
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1723 : Apple
CVE-2016-1724 : Apple
CVE-2016-1725 : Apple
CVE-2016-1726 : Apple
CVE-2016-1727 : Apple

WebKit CSS
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Websites may know if the user has visited a given link
Description:  A privacy issue existed in the handling of the
"a:visited button" CSS selector when evaluating the containing
element's height. This was addressed through improved validation.
CVE-ID
CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix

WebSheet
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious captive portal may be able to access the user's
cookies
Description:  An issue existed that allowed some captive portals to
read or write cookies. The issue was addressed through an isolated
cookie store for all captive portals.
CVE-ID
CVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure

- -----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWnsHaAAoJEBcWfLTuOo7t1zwP/0RspCkyT0BHSQQO8VdMW/fc
Y75BJakw9EAPtzl7JuXh2uyEW0Qj7zmCAxtHj40+ahzeL/Iop4t+2bNmxG0PKKJr
xw4lfXqBPCyAFAWVnJnc7F+khS0mzOMYeSeTb809BhVZCGuPj8KaG0lO6i3Bpuv9
PegrCpntVconvMVnisv1DY5XCo+ieMnQfq3CwgjeLGJVayKwCLReEGEAy5fR/wcc
U8UPi8ya8qHEM2R4HiqKvLWifvuhduKDRef8ONVKInndtUw3uMxLADb3ly0FNfK2
ZE8e/h6x6SchWKvPIlz3LkmH11PxVzOFcDSPyF8588kqIUeejJbCVmH2NTOKNWSc
L86t9ZcJKOQeSA+vo9xuA4wL9oAqg0vTsU3imNI/eg5uo04UXnVmezFTdbnZTJUq
0muC+6spRRUEMV1c4vUSDNYQUWnplpm5tvOS1W9m/BYTeEBxrtHlNf1esnWst7LF
bP2Dm2o4eUiMeGm0oS0aCvLOAkbZxIWGBoskJQo5QItGbrGXvolAOzy8ZG4VtcMc
C57ndIvb6Aji0ZHoIoE9cQU/HAi3oA8NpAOmWnHR7TmgTLb0aKZkGbsePlpklZjO
wmxK8O47hnsplGQ/MvQoq2du1yhijKHZ36o7nl+ZLll5EE9yXgoQTJ3C3SQ0uWYq
It3pbAGWOfPf7kH++Tqf
=8vfa
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVp8OGH6ZAP0PgtI9AQKzgRAAhv5RdCSFfsdIgSpDQ0TetwIlNnid73v6
MWM9I1W55W92OIRvYqaVMjLg1su8iq6j4/g8zYz/Ta2DIr9wzVGMKikHY2o192pD
5WFC3YZd2GKIql4lERgnkgI74ki8FwiJa+Xmgs7zfjSgdLoGrm6maTVd0cLBgqyt
Vt/UH0Rr9kjfvHwhCH+7nxDXLGZJte4bJAIW5Ru8hyf5HVJx1GdXbVe7JHh8NGVj
dKaQr8QfUf0PKO0vAno5ZwPe4p7bLB7vj5dmWJxEo7rRJjuhn9XafD1WfVEOfLuM
gBCd1rBo0Xzf395RPQnDg49m6BEcPZtOnIuzhxKN9i5dE3qJrq+ilqIvwKeRWZBv
9U7P5lEGwDDtc7JNWcjuD/z+iOe2cU1klLNdZDIPS/vEfBR5nCuuFWn6CF3LYzjE
dMKQAbPVxGfktbA0g3kut6bLxECyjDCprxxk9Hrp7o+b0keH+27vmaKL5CKlZ5sG
LrMGlk300XUp4ouynLTRnXxqr6xN8QB9rBvemGo86+sFc/h0EJJPkRqge9bIf90h
Kezs/4xyulRjYubpidW7/n4spdSeRa29X0ZhYpM/KKx37UphWw0p6s0yPyE7fQoE
VslwJYElutOMDH9r7uD+QlNvxDgu6M3hDwNTUgNWPwUfm37Z9v0S4Vw/1kiXWBVb
MvjXsF4imRs=
=lu/X
-----END PGP SIGNATURE-----