Security Alert (A15-04-05): Multiple Vulnerabilities in Apple iOS


 

Published on: 10 April 2015

  
  

Description:

Apple has released software updates fixing 58 vulnerabilities in iOS versions prior to iOS 8.3. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could entice a user to open a specially crafted web page, font file, configuration profile or iWork file, or install a malicious application to exploit the vulnerabilities. A local attacker could also connect the affected systems with a malicious external device to execute arbitrary code or access protected information of the affected systems.

 

Affected Systems:

  • iPhone 4S and later
  • iPod touch (5th generation) and later
  • iPad 2 and later

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to information disclosure, a denial of service condition, elevation of privileges, bypass of security restrictions or remote arbitrary code execution.

 

Recommendation:

The product vendor has released iOS 8.3 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-us/HT204661
https://www.hkcert.org/my_url/en/alert/15040901
https://www.us-cert.gov/ncas/current-activity/2015/04/08/Apple-Releases-Security-Updates-OS-X-iOS-Safari-and-Apple-TV
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1126
 



Tag: iOS , iPhone , iPad , iPod , Apple
Tags