Security Alert (A17-11-01): Multiple Vulnerabilities in Apple iOS


 

Published on: 01 November 2017

  
  

Description:

On 31 October 2017, Apple released security updates in its latest iOS version 11.1 to fix 20 vulnerabilities identified in various iOS devices. Multiple attack vectors could be adopted to exploit the vulnerabilities, such as enticing a user to open a maliciously crafted text or zip file, or access a malicious website; bypassing the device lock screen to access user information with specific local operations on the device; and launching a man-in-the-middle attack at the WPA2-encrypted Wi-Fi network connected with the vulnerable iOS devices.

 

Affected Systems:

  • iPhone 5s and later
  • iPad Air and later
  • iPod touch (6th generation) and later

 

Impact:

A successful attack could lead to arbitrary code execution, privilege escalation, denial of service, retrieval of sensitive information, unexpected application termination or data manipulation.

 

Recommendation:

The product vendor has released iOS 11.1 to address the issues.  Users should upgrade iOS to version 11.1 to patch the WPA2 protocol vulnerability as mentioned in our previous security alert (A17-10-04).

The updates can be obtained through the auto-update mechanism.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-us/HT208222
https://www.hkcert.org/my_url/en/alert/17110101
https://www.us-cert.gov/ncas/current-activity/2017/10/31/Apple-Releases-Multiple-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7113
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13783
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13784
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13785
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13791 (to CVE-2017-13796)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13799
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13802 (to CVE-2017-13805)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13844
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13849

 



Tag: Apple , iOS , iPad , iPhone , iPod
Tags