Security Alert (A16-03-10): Multiple Vulnerabilities in Apple iOS


 

Published on: 31 March 2016

  
  

Description:

Apple has released software update fixing 39 vulnerabilities in iOS versions prior to iOS 9.3. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, the attacker could bypass Apple's certificate pinning and inject messages, or entice a user to connect a USB device, open a specially crafted PDF file, font file, XML document, web page or install a malicious application to exploit the vulnerabilities.

 

Affected Systems:

  • iPhone 4s and later
  • iPod touch (5th generation) and later
  • iPad 2 and later 

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to bypass of security restrictions, a denial of service condition, information disclosure or remote arbitrary code execution.

 

Recommendation:

The product vendor has released iOS 9.3 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-us/HT206166
https://www.hkcert.org/my_url/en/alert/16032201
https://www.us-cert.gov/ncas/current-activity/2016/03/21/Apple-Releases-Multiple-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1750 (to CVE-2016-1758)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1760 (to CVE-2016-1763)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1778 (to CVE-2016-1786)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950 



Tag: iOS , Apple , iPhone , iPad , iPod
Tags