Security Alert (A17-05-05): Multiple Vulnerabilities in Apple iOS


 

Published on: 18 May 2017

Last update on: 25 August 2017

  
  

Description:

Apple has released software update fixing 41 vulnerabilities in iOS versions prior to iOS 10.3.2. These vulnerabilities are caused by the problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a maliciously crafted iBook file, web content or install a malicious application to exploit the vulnerabilities.

There are reports that the researchers who discovered some of the vulnerabilities have recently released the proof-of-concept but fully workable exploit code on the Internet. The public availability of the exploit code may lead to elevated risk of cyber attacks against the vulnerabilities.

You are advised to take immediate action to upgrade to the latest Apple iOS version, if you have not done so.

 

Affected Systems:

  • iPhone 5 and later
  • iPad 4 and later
  • iPod touch (6th generation) and later

 

Impact:

A successful attack could lead to arbitrary code execution, denial of service, elevation of privilege, security restriction bypass or information disclosure.

 

Recommendation:

The product vendor has released iOS 10.3.2 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
https://www.bleepingcomputer.com/news/security/researcher-releases-fully-working-exploit-code-for-ios-kernel-vulnerability/
https://support.apple.com/en-hk/HT207798
https://www.hkcert.org/my_url/en/alert/17051601
https://www.us-cert.gov/ncas/current-activity/2017/05/15/Apple-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2495 (to CVE-2017-2499)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2501 (to CVE-2017-2502)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2504 (to CVE-2017-2508)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2510
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2513 (to CVE-2017-2515)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2518 (to CVE-2017-2521)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2524 (to CVE-2017-2526)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2528
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2530 (to CVE-2017-2531)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2536
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2538 (to CVE-2017-2539)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2544
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2547
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2549
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6979 (to CVE-2017-6984)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6987
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6989
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6991
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6994 (to CVE-2017-6999)



Tag: Apple , iOS , iPhone , iPad , iPod
Tags