Security Alert (A17-09-06): Multiple Vulnerabilities in Apple iOS


 

Published on: 27 September 2017

  
  

Description:

Apple has released software update fixing 62 vulnerabilities in iOS versions prior to iOS 11.0.1. These vulnerabilities are caused by the problems in various iOS components. There are multiple attack vectors. Examples of the attack vectors include enticing a user to open a maliciously crafted iBook file, image and website to exploit vulnerabilities; or leveraging the vulnerabilities in Wi-Fi chipsets to execute arbitrary code on the affected systems.

 

Affected Systems:

  • iPhone 5s and later
  • iPad Air and later
  • iPod touch (6th generation) and later

 

Impact:

A successful attack could lead to arbitrary code execution, cross site scripting, denial of service, retrieval of sensitive information, information lost or spoofing. In addition, a permissions issue could also lead to unexpectedly unencrypted backup.

 

Recommendation:

The product vendor has released iOS 11.0.1 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-hk/HT208143
https://support.apple.com/en-hk/HT208112
https://www.hkcert.org/my_url/en/alert/17092701
https://www.us-cert.gov/ncas/current-activity/2017/09/26/Apple-Releases-Security-Update-iOS
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840 (to CVE-2016-9843)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0381
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7072
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7078
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7080
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7081
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7083
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7085 (to CVE-2017-7100)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7102 (to CVE-2017-7112)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7114 (to CVE-2017-7118)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7120
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7127 (to CVE-2017-7131)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7133
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7139
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7140
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7144 (to CVE-2017-7146)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7148
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10989
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11120
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11121
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000373

 



Tag: Apple , iOS , iPad , iPhone , iPod
Tags