Published on: 18 December 2015
Apple has released software update fixing 30 vulnerabilities in iOS versions prior to iOS 9.2. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, the attacker could entice a user to open a specially crafted image or media files, font file, iBook file, iWork file, XML document, web page or install a malicious application to exploit the vulnerabilities.
Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege, a denial of service condition, information disclosure or remote arbitrary code execution.
The product vendor has released iOS 9.2 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
This link will open in a new windowhttps://support.apple.com/en-us/HT205635
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2015/12/08/Apple-Releases-Multiple-Security-Updates
This link will open in a new windowhttps://www.hkcert.org/my_url/en/alert/15120914
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7001
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7037 (to CVE-2015-7043)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7046 (to CVE-2015-7048)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7050 (to CVE-2015-7051)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7053 (to CVE-2015-7055)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7058
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7064 (to CVE-2015-7066)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7068 (to CVE-2015-7070)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7072 (to CVE-2015-7075)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7079 (to CVE-2015-7081)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7083 (to CVE-2015-7084)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7093 (to CVE-2015-7103)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7105
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7107
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7111 (to CVE-2015-7113)
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7115 (to CVE-2015-7116)
