Criticality level : Highly critical
Impact : Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch
Operating System:
Apple iOS 6.x for iPhone 3GS and later
Apple iOS for iPad 6.x
Apple iOS for iPod touch 6.x
Description:
Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.
1) An error when handling a validation failure of a AppleID certificate within the IdentityService can be exploited to potentially bypass the certificate-based AppleID authentication via an invalid AppleID certificate.
2) An error exists in International Components for Unicode.
3) An input validation error within the kernel can be exploited to bypass the validation check by using a pointer length of less than a page and access the first page of kernel memory.
4) An error when handling the JavaScript preferences of Safari in StoreKit can be exploited to re-enable JavaScript without user notice by visiting a site displaying a Smart App Banner.
5) Multiple vulnerabilities are caused due to a bundled vulnerable version of WebKit.
6) An unspecified error within WebKit can be exploited to corrupt memory.
7) Another unspecified error within WebKit can be exploited to corrupt memory.
8) Another unspecified error within WebKit can be exploited to corrupt memory.
9) Another unspecified error within WebKit can be exploited to corrupt memory.
10) Another unspecified error within WebKit can be exploited to corrupt memory.
11) Another unspecified error within WebKit can be exploited to corrupt memory.
12) Another unspecified error within WebKit can be exploited to corrupt memory.
13) Another unspecified error within WebKit can be exploited to corrupt memory.
14) Another unspecified error within WebKit can be exploited to corrupt memory.
15) Another unspecified error within WebKit can be exploited to corrupt memory.
16) Another unspecified error within WebKit can be exploited to corrupt memory.
17) Another unspecified error within WebKit can be exploited to corrupt memory.
Successful exploitation of vulnerabilities #3 and #5 through #17 may allow execution of arbitrary code.
18) Certain input pasted from a different origin is not properly sanitised in WebKit before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
19) Certain unspecified input related to frame handling is not properly sanitised before being returned to the user.
NOTE: Additionally a weakness exists within the handling of 802.11i information elements within Broadcom's BCM4325 and BCM4329 firmware, which can be exploited to disable WiFi.
Solution:
Apply iOS 6.1 Software Update.
Provided and/or discovered by:
1, 9, 13, and 14) Reported by the vendor
The vendor credits:
3) Mark Dowd, Azimuth Security
4) Andrew Plotkin, Zarfhome Software Consulting, Ben Madison, BitCloud, and Marek Durcek
6, 7, 8, 10, 11, 15, and 16) Abhishek Arya (Inferno), Google Chrome Security Team
12) Dominic Cooney, Google and Martin Barbella, Google Chrome Security Team
17) Aaron Nelson
18) Mario Heiderich, Cure53
Original Advisory:
APPLE-SA-2013-01-28-1:
http://support.apple.com/kb/HT5642
http://secunia.com/advisories/52002/
No comments:
Post a Comment