-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0257
                          iOS 5.1 Software Update
                               9 March 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Unknown/Unspecified         
                   Unauthorised Access             -- Console/Physical            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-0646 CVE-2012-0645 CVE-2012-0644
                   CVE-2012-0643 CVE-2012-0642 CVE-2012-0641
                   CVE-2012-0635 CVE-2012-0633 CVE-2012-0632
                   CVE-2012-0631 CVE-2012-0630 CVE-2012-0629
                   CVE-2012-0628 CVE-2012-0627 CVE-2012-0626
                   CVE-2012-0625 CVE-2012-0624 CVE-2012-0623
                   CVE-2012-0622 CVE-2012-0621 CVE-2012-0620
                   CVE-2012-0619 CVE-2012-0618 CVE-2012-0617
                   CVE-2012-0616 CVE-2012-0615 CVE-2012-0614
                   CVE-2012-0613 CVE-2012-0612 CVE-2012-0611
                   CVE-2012-0610 CVE-2012-0609 CVE-2012-0608
                   CVE-2012-0607 CVE-2012-0606 CVE-2012-0605
                   CVE-2012-0604 CVE-2012-0603 CVE-2012-0602
                   CVE-2012-0601 CVE-2012-0600 CVE-2012-0599
                   CVE-2012-0598 CVE-2012-0597 CVE-2012-0596
                   CVE-2012-0595 CVE-2012-0594 CVE-2012-0593
                   CVE-2012-0592 CVE-2012-0591 CVE-2012-0590
                   CVE-2012-0589 CVE-2012-0588 CVE-2012-0587
                   CVE-2012-0586 CVE-2012-0585 CVE-2011-3928
                   CVE-2011-3909 CVE-2011-3908 CVE-2011-3897
                   CVE-2011-3888 CVE-2011-3887 CVE-2011-3885
                   CVE-2011-3881 CVE-2011-3453 CVE-2011-2877
                   CVE-2011-2873 CVE-2011-2872 CVE-2011-2871
                   CVE-2011-2870 CVE-2011-2869 CVE-2011-2868
                   CVE-2011-2867 CVE-2011-2860 CVE-2011-2857
                   CVE-2011-2855 CVE-2011-2854 CVE-2011-2847
                   CVE-2011-2846 CVE-2011-2833 CVE-2011-2825

Reference:         ASB-2012.0010
                   ASB-2011.0114.2
                   ASB-2011.0101
                   ASB-2011.0095
                   ASB-2011.0084
                   ASB-2011.0079
                   ASB-2011.0068
                   ESB-2012.0256
                   ESB-2012.0114

Original Bulletin: 
   http://support.apple.com/kb/HT5192

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2012-03-07-2 iOS 5.1 Software Update

iOS 5.1 Software Update is now available and addresses the following:

CFNetwork
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description:  An issue existed in CFNetwork's handling of malformed
URLs. When accessing a maliciously crafted URL, CFNetwork could send
unexpected request headers.
CVE-ID
CVE-2012-0641 : Erling Ellingsen of Facebook

HFS
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Mounting a maliciously crafted disk image may lead to a
device shutdown or arbitrary code execution
Description:  An integer underflow existed with the handling of HFS
catalog files.
CVE-ID
CVE-2012-0642 : pod2g

Kernel
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  A malicious program could bypass sandbox restrictions
Description:  A logic issue existed in the handling of debug system
calls. This may allow a malicious program to gain code execution in
other programs with the same user privileges.
CVE-ID
CVE-2012-0643 : 2012 iOS Jailbreak Dream Team

libresolv
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Applications that use the libresolv library may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description:  An integer overflow existed in the handling of DNS
resource records, which may lead to heap memory corruption.
CVE-ID
CVE-2011-3453 : Ilja van Sprundel of IOActive

Passcode Lock
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  A person with physical access to the device may be able to
bypass the screen lock
Description:  A race condition issue existed in the handling of slide
to dial gestures. This may allow a person with physical access to the
device to bypass the Passcode Lock screen.
CVE-ID
CVE-2012-0644 : Roland Kohler of the German Federal Ministry of
Economics and Technology

Safari
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Web page visits may be recorded in browser history even when
Private Browsing is active
Description:  Safari's Private Browsing is designed to prevent
recording of a browsing session. Pages visited as a result of a site
using the JavaScript methods pushState or replaceState were recorded
in the browser history even when Private Browsing mode was active.
This issue is addressed by not recording such visits when Private
Browsing is active.
CVE-ID
CVE-2012-0585 : Eric Melville of American Express

Siri
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  An attacker with physical access to a locked phone could get
access to frontmost email message
Description:  A design issue existed in Siri's lock screen
restrictions. If Siri was enabled for use on the lock screen, and
Mail was open with a message selected behind the lock screen, a voice
command could be used to send that message to an arbitrary recipient.
This issue is addressed by disabling forwarding of active messages
from the lock screen.
CVE-ID
CVE-2012-0645

VPN
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  A maliciously crafted system configuration file may lead to
arbitrary code execution with system privileges
Description:  A format string vulnerability existed in the handling
of racoon configuration files.
CVE-ID
CVE-2012-0646 : pod2g

WebKit
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Visiting a maliciously crafted website may lead to the
disclosure of cookies
Description:  A cross-origin issue existed in WebKit, which may allow
cookies to be disclosed across origins.
CVE-ID
CVE-2011-3887 : Sergey Glazunov

WebKit
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Visiting a maliciously crafted website and dragging content
with the mouse may lead to a cross-site scripting attack
Description:  A cross-origin issue existed in WebKit, which may allow
content to be dragged and dropped across origins.
CVE-ID
CVE-2012-0590 : Adam Barth of Google Chrome Security Team

WebKit
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description:  Multiple cross-origin issues existed in WebKit.
CVE-ID
CVE-2011-3881 : Sergey Glazunov
CVE-2012-0586 : Sergey Glazunov
CVE-2012-0587 : Sergey Glazunov
CVE-2012-0588 : Jochen Eisinger of Google Chrome Team
CVE-2012-0589 : Alan Austin of polyvore.com

WebKit
Available for:  iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
CVE-ID
CVE-2011-2825 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2011-2833 : Apple
CVE-2011-2846 : Arthur Gerkis, miaubiz
CVE-2011-2847 : miaubiz, Abhishek Arya (Inferno) of Google Chrome
Security Team using AddressSanitizer
CVE-2011-2854 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2855 : Arthur Gerkis, wushi of team509 working with iDefense
VCP
CVE-2011-2857 : miaubiz
CVE-2011-2860 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2867 : Dirk Schulze
CVE-2011-2868 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2869 : Cris Neckar of Google Chrome Security Team using
AddressSanitizer
CVE-2011-2870 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2871 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2872 : Abhishek Arya (Inferno) and Cris Neckar of Google
Chrome Security Team using AddressSanitizer
CVE-2011-2873 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2011-2877 : miaubiz
CVE-2011-3885 : miaubiz
CVE-2011-3888 : miaubiz
CVE-2011-3897 : pa_kt working with TippingPoint's Zero Day Initiative
CVE-2011-3908 : Aki Helin of OUSPG
CVE-2011-3909 : Google Chrome Security Team (scarybeasts) and Chu
CVE-2011-3928 : wushi of team509 working with TippingPoint's Zero Day
Initiative
CVE-2012-0591 : miaubiz, and Martin Barbella
CVE-2012-0592 : Alexander Gavrun working with TippingPoint's Zero Day
Initiative
CVE-2012-0593 : Lei Zhang of the Chromium development community
CVE-2012-0594 : Adam Klein of the Chromium development community
CVE-2012-0595 : Apple
CVE-2012-0596 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0597 : miaubiz
CVE-2012-0598 : Sergey Glazunov
CVE-2012-0599 : Dmytro Gorbunov of SaveSources.com
CVE-2012-0600 : Marshall Greenblatt, Dharani Govindan of Google
Chrome, miaubiz, Aki Helin of OUSPG, Apple
CVE-2012-0601 : Apple
CVE-2012-0602 : Apple
CVE-2012-0603 : Apple
CVE-2012-0604 : Apple
CVE-2012-0605 : Apple
CVE-2012-0606 : Apple
CVE-2012-0607 : Apple
CVE-2012-0608 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0609 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0610 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0611 : Martin Barbella using AddressSanitizer
CVE-2012-0612 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0613 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0614 : miaubiz, Martin Barbella using AddressSanitizer
CVE-2012-0615 : Martin Barbella using AddressSanitizer
CVE-2012-0616 : miaubiz
CVE-2012-0617 : Martin Barbella using AddressSanitizer
CVE-2012-0618 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0619 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0620 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0621 : Martin Barbella using AddressSanitizer
CVE-2012-0622 : Dave Levin and Abhishek Arya of the Google Chrome
Security Team
CVE-2012-0623 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0624 : Martin Barbella using AddressSanitizer
CVE-2012-0625 : Martin Barbella
CVE-2012-0626 : Abhishek Arya (Inferno) of Google Chrome Security
Team using AddressSanitizer
CVE-2012-0627 : Apple
CVE-2012-0628 : Slawomir Blazek, miaubiz, Abhishek Arya (Inferno) of
Google Chrome Security Team using AddressSanitizer
CVE-2012-0629 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0630 : Sergio Villar Senin of Igalia
CVE-2012-0631 : Abhishek Arya (Inferno) of Google Chrome Security
Team
CVE-2012-0632 : Cris Neckar of the Google Chrome Security Team using
AddressSanitizer
CVE-2012-0633 : Apple
CVE-2012-0635 : Julien Chaffraix of the Chromium development
community, Martin Barbella using AddressSanitizer


Installation note:

This update is only available through iTunes, and will not appear
in your computer's Software Update application, or in the Apple
Downloads site. Make sure you have an Internet connection and have
installed the latest version of iTunes from www.apple.com/itunes/

iTunes will automatically check Apple's update server on its weekly
schedule. When an update is detected, it will download it. When
the iPhone, iPod touch or iPad is docked, iTunes will present the
user with the option to install the update. We recommend applying
the update immediately if possible. Selecting Don't Install will
present the option the next time you connect your iPhone, iPod touch,
or iPad.

The automatic update process may take up to a week depending on the
day that iTunes checks for updates. You may manually obtain the
update via the Check for Updates button within iTunes. After doing
this, the update can be applied when your iPhone, iPod touch, or iPad
is docked to your computer.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "5.1".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQEcBAEBAgAGBQJPV6M3AAoJEGnF2JsdZQeef/cIAKBSn0czLzJO9fu6ZyjLRvxq
4pIZgfyEVGBzpn+9IeiGFTkkVf+bOsA+Q3RlcsG5g0RlbyFgnuWu59HHsnkrElbM
bCfnnTF5eYZX/3fnLzxpX7BUsEona3nf1gHfR24OeEn36C8rZ6rZJfMLqCJNNZGY
RDSga1oeMN/AbgZuR9sYKudkE0GOmkLZfR2G4WXmrU+JncR6XoROUwoJBPhg8z90
HAxgDEbduuLLOSe7CHLS3apbh0L2tmxPCWpiBmEMg6PTlFF0HhJQJ0wusrUc8nX6
7TDsAho73wCOpChzBGQeemc6+UEN2uDmUgwVkN6n4D/qN1u6E+d3coUXOlb8hIY=
=qPeE
- -----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/apple-security-announce%40auscert.org.au

This email sent to apple-security-announce@auscert.org.au

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT1lg1e4yVqjM2NGpAQLoShAAsXCEkWcv66WEP19nyakhkKTvqhk+0ReP
RP5f2b/KoyRZ9oy/kL0CXBTPDECwIBQkeGSkwJBGGlIRFx2z+V2RkP4EFfY952W3
gLG0j9e3MjJb5dPFDt9PV6zJOducE1ZyE90hvfv6dGZaV+StK2lVQd1eqfg2m60N
duZytGeO1Z70B9dansJVi6Mc1dm5nyj/+u+e3DJhH5hvomWg5JbsqxNxp6LXMJ9h
a8ixFcAnXztXdLBugtxfYXMSYoF1lZsNHy0DTbrC31K6shJjcbzFEtGbi0C2nq5d
w8cdX/URBGtrKS3T98QpkM0eqpv65YnATdZJsB/5BmOueiaH/lTFILNeJJy0KZaF
573yvGoW6KGSXlor3QViFGjAffg751ULw4x+wL3ZEl+i6+B8+lU9VniZjZpayJvQ
fY7VMgHaGyBEfTC+O0wQvjfdqFt7DW/WKSF6MdMLu+5m+dZsD3B9wBH5GUGwAyML
GIKbUjAgBFFC8wdzWxjiewVsq+6pPIsh3qhpmyI+oDqoRa+BSYUaCMv+ItT7FAax
MYdTOvoaINH3K5LAfXxFY8Z7SKAK++curws38HCsNSgICTfTO0pkSo8z5guQ9kX9
iYxaICr8BuynB8iWCHhPLus4USsDPiLbnWLVWklyhCSpI+Gp64+WylnGnCZBpvRP
KCrRJc35Agc=
=qo2T
-----END PGP SIGNATURE-----