Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0898
iOS 6 is now available
20 September 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iOS
Publisher: Apple
Operating System: Apple iOS
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Administrator Compromise -- Existing Account
Access Privileged Data -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Provide Misleading Information -- Remote with User Interaction
Read-only Data Access -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2012-3747 CVE-2012-3746 CVE-2012-3745
CVE-2012-3744 CVE-2012-3743 CVE-2012-3742
CVE-2012-3741 CVE-2012-3740 CVE-2012-3739
CVE-2012-3738 CVE-2012-3737 CVE-2012-3736
CVE-2012-3735 CVE-2012-3734 CVE-2012-3733
CVE-2012-3732 CVE-2012-3731 CVE-2012-3730
CVE-2012-3729 CVE-2012-3728 CVE-2012-3727
CVE-2012-3726 CVE-2012-3725 CVE-2012-3724
CVE-2012-3722 CVE-2012-3710 CVE-2012-3708
CVE-2012-3706 CVE-2012-3704 CVE-2012-3703
CVE-2012-3696 CVE-2012-3695 CVE-2012-3693
CVE-2012-3691 CVE-2012-3686 CVE-2012-3684
CVE-2012-3683 CVE-2012-3682 CVE-2012-3681
CVE-2012-3680 CVE-2012-3679 CVE-2012-3678
CVE-2012-3677 CVE-2012-3676 CVE-2012-3674
CVE-2012-3673 CVE-2012-3672 CVE-2012-3671
CVE-2012-3670 CVE-2012-3669 CVE-2012-3668
CVE-2012-3667 CVE-2012-3666 CVE-2012-3665
CVE-2012-3664 CVE-2012-3663 CVE-2012-3661
CVE-2012-3660 CVE-2012-3659 CVE-2012-3658
CVE-2012-3656 CVE-2012-3655 CVE-2012-3653
CVE-2012-3652 CVE-2012-3651 CVE-2012-3650
CVE-2012-3648 CVE-2012-3647 CVE-2012-3646
CVE-2012-3645 CVE-2012-3644 CVE-2012-3642
CVE-2012-3641 CVE-2012-3640 CVE-2012-3639
CVE-2012-3638 CVE-2012-3637 CVE-2012-3636
CVE-2012-3635 CVE-2012-3634 CVE-2012-3633
CVE-2012-3631 CVE-2012-3630 CVE-2012-3629
CVE-2012-3628 CVE-2012-3627 CVE-2012-3626
CVE-2012-3625 CVE-2012-3624 CVE-2012-3620
CVE-2012-3618 CVE-2012-3617 CVE-2012-3615
CVE-2012-3614 CVE-2012-3613 CVE-2012-3612
CVE-2012-3611 CVE-2012-3610 CVE-2012-3609
CVE-2012-3608 CVE-2012-3605 CVE-2012-3604
CVE-2012-3603 CVE-2012-3602 CVE-2012-3601
CVE-2012-3600 CVE-2012-3599 CVE-2012-3598
CVE-2012-3597 CVE-2012-3596 CVE-2012-3595
CVE-2012-3594 CVE-2012-3593 CVE-2012-3592
CVE-2012-3591 CVE-2012-3590 CVE-2012-3589
CVE-2012-2818 CVE-2012-2815 CVE-2012-1521
CVE-2012-1520 CVE-2012-1173 CVE-2012-1144
CVE-2012-1143 CVE-2012-1142 CVE-2012-1141
CVE-2012-1140 CVE-2012-1139 CVE-2012-1138
CVE-2012-1137 CVE-2012-1136 CVE-2012-1135
CVE-2012-1134 CVE-2012-1133 CVE-2012-1132
CVE-2012-1131 CVE-2012-1130 CVE-2012-1129
CVE-2012-1128 CVE-2012-1127 CVE-2012-1126
CVE-2012-0683 CVE-2012-0682 CVE-2012-0680
CVE-2011-4599 CVE-2011-3971 CVE-2011-3969
CVE-2011-3968 CVE-2011-3966 CVE-2011-3958
CVE-2011-3926 CVE-2011-3924 CVE-2011-3919
CVE-2011-3913 CVE-2011-3457 CVE-2011-3328
CVE-2011-3105 CVE-2011-3090 CVE-2011-3089
CVE-2011-3086 CVE-2011-3081 CVE-2011-3078
CVE-2011-3076 CVE-2011-3075 CVE-2011-3074
CVE-2011-3073 CVE-2011-3071 CVE-2011-3069
CVE-2011-3068 CVE-2011-3067 CVE-2011-3064
CVE-2011-3060 CVE-2011-3059 CVE-2011-3053
CVE-2011-3050 CVE-2011-3048 CVE-2011-3044
CVE-2011-3043 CVE-2011-3042 CVE-2011-3041
CVE-2011-3040 CVE-2011-3039 CVE-2011-3038
CVE-2011-3037 CVE-2011-3036 CVE-2011-3035
CVE-2011-3034 CVE-2011-3032 CVE-2011-3027
CVE-2011-3026 CVE-2011-3021 CVE-2011-3016
CVE-2011-2845 CVE-2011-2834 CVE-2011-2821
CVE-2011-1944 CVE-2011-1167
Reference: ASB-2012.0096
ASB-2012.0079
ASB-2012.0073
ASB-2012.0064
ASB-2012.0063
ASB-2012.0051
ASB-2012.0047
ASB-2012.0045
ASB-2012.0040
ASB-2012.0033
ASB-2012.0027
ASB-2012.0025
ASB-2012.0019
ASB-2012.0010
ASB-2012.0004
ESB-2012.0874
ESB-2012.0705
ESB-2012.0458
ESB-2012.0346
ESB-2012.0258
ESB-2012.0178
ESB-2012.0138
ESB-2012.0114
ASB-2011.0095
ASB-2011.0079
ASB-2011.0068
ASB-2011.0062
ESB-2011.0320
ASB-2011.0114.2
ESB-2011.1249.2
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. CFNetwork may send requests to an incorrect hostname, resulting
in the disclosure of sensitive information. This issue was addressed
through improvements to URL handling.
CVE-ID
CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues were addressed by updating
FreeType to version 2.4.9. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CoreMedia
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4 protocol.
This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi
networks.
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
IPSec
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: A buffer overflow existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An invalid pointer dereference issue existed in the
kernel's handling of packet filter ioctls. This may allow an attacker
to alter kernel memory. This issue was addressed through improved
error handling.
CVE-ID
CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: An uninitialized memory access issue existed in the
Berkeley Packet Filter interpreter, which led to the disclosure of
memory content. This issue was addressed through improved memory
initialization.
CVE-ID
CVE-2012-3729 : Dan Rosenberg
libxml
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Mail may present the wrong attachment in a message
Description: A logic issue existed in Mail's handling of
attachments. If a subsequent mail attachment used the same Content-ID
as a previous one, the previous attachment would be displayed, even
in the case where the 2 mails originated from different senders. This
could facilitate some spoofing or phishing attacks. This issue was
addressed through improved handling of attachments.
CVE-ID
CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security
Team
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Email attachments may be read without user's passcode
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich
Stuntebeck of AirWatch
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker may spoof the sender of a S/MIME signed message
Description: S/MIME signed messages displayed the untrusted 'From'
address, instead of the name associated with the message signer's
identity. This issue was addressed by displaying the address
associated with the message signer's identity when it is available.
CVE-ID
CVE-2012-3732 : An anonymous researcher
Messages
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may unintentionally disclose the existence of their
email addresses
Description: When a user had multiple email addresses associated
with iMessage, replying to a message may have resulted in the reply
being sent from a different email address. This may disclose another
email address associated to the user's account. This issue was
addressed by always replying from the email address the original
message was sent to.
CVE-ID
CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Unencrypted document data may be written to a temporary file
Description: An information disclosure issue existed in the support
for viewing Microsoft Office files. When viewing a document, the
Office Viewer would write a temporary file containing data from the
viewed document to the temporary directory of the invoking process.
For an application that uses data protection or other encryption to
protect the user's files, this could lead to information
disclosure. This issue was addressed by avoiding creation of
temporary files when viewing Office documents.
CVE-ID
CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation. These issues were addressed through
improved validation of GLSL shaders.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device could briefly
view the last used third-party app on a locked device
Description: A logic issue existed with the display of the "Slide to
Power Off" slider on the lock screen. This issue was addressed
through improved lock state management.
CVE-ID
CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A logic issue existed in the termination of FaceTime
calls from the lock screen. This issue was addressed through improved
lock state management.
CVE-ID
CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: All photos may be accessible at the lock screen
Description: A design issue existed in the support for viewing
photos that were taken at the lock screen. In order to determine
which photos to permit access to, the passcode lock consulted the
time at which the device was locked and compared it to the time that
a photo was taken. By spoofing the current time, an attacker could
gain access to photos that were taken before the device was locked.
This issues was addressed by explicitly keeping track of the photos
that were taken while the device was locked.
CVE-ID
CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may perform
FaceTime calls
Description: A logic issue existed in the Emergency Dialer screen,
which permitted FaceTime calls via Voice Dialing on the locked
device. This could also disclose the user's contacts via contact
suggestions. This issue was addressed by disabling Voice Dialing on
the Emergency Dialer screen.
CVE-ID
CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: Using the camera from the screen lock could in some
cases interfere with automatic lock functionality, allowing a person
with physical access to the device to bypass the Passcode Lock
screen. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal
Computing Centre (BRZ)
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may be able to make purchases without entering Apple
ID credentials
Description: After disabling Restrictions, iOS may not ask for the
user's password during a transaction. This issue was addressed by
additional enforcement of purchase authorization.
CVE-ID
CVE-2012-3741 : Kevin Makens of Redwood High School
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Websites may use characters with an appearance similar to
the lock icon in their titles
Description: Websites could use a Unicode character to create a lock
icon in the page title. This icon was similar in appearance to the
icon used to indicate a secure connection, and could have lead the
user to believe a secure connection had been established. This issue
was addressed by removing these characters from page titles.
CVE-ID
CVE-2012-3742 : Boku Kihara of Lepidum
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This issue was addressed
through improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
System Logs
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Sandboxed apps may obtain system log content
Description: Sandboxed apps had read access to /var/log directory,
which may allow them to obtain sensitive information contained in
system logs. This issue was addressed by denying sandboxed apps
access to the /var/log directory.
CVE-ID
CVE-2012-3743
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may appear to have been sent by an arbitrary
user
Description: Messages displayed the return address of an SMS message
as the sender. Return addresses may be spoofed. This issue was
addressed by always displaying the originating address instead of the
return address.
CVE-ID
CVE-2012-3744 : pod2g
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may disrupt cellular connectivity
Description: An off-by-one buffer overflow existed in the handling
of SMS user data headers. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3745 : pod2g
UIKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker that gains access to a device's filesystem may
be able to read files that were being displayed in a UIWebView
Description: Applications that use UIWebView may leave unencrypted
files on the file system even when a passcode is enabled. This issue
was addressed through improved use of data protection.
CVE-ID
CVE-2012-3746 : Ben Smith of Box
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2818 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome
Security team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security
Team, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3708 : Apple
CVE-2012-3710 : James Robinson of Google
CVE-2012-3747 : David Bloom of Cue
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue was addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue was addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue was addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue was addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue was addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue was addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo
3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5
TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0
8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9
n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP
dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs
JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP
id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T
xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp
RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj
bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP
XtT4lS60xKz63YSg79dd
=LvMt
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUFp7Mu4yVqjM2NGpAQJYCw/9ELzt54pPgM40j6y4EU17IoKovZShWbyx
GJW8wuijDDPu8bhDslyuzrrfIj39gsxi3dKb5zpstAnEE8gIsnm0Gsnrj2S90THp
CdyfzM42vAZs7gFFxwpNIEj2IUz/g4Kdhapu9Byg5x1rb3LtIngkkS9lLfn9bI+t
93GLdZQuMjMsmiKyWFR7giTqO8ic0IFaUnBUw72EoRHq39MbIwrPwJkr7RLhOtlS
LnJTg3eePiu9fMJDsOSBEKCkWjD8Jp3OYrE+d2Kvuc0wWCwdGL/J5NejLNL+B3ZP
HZSawiFTEUbDhlfbBGTu6i7PP6vLjqeXJ+fKkh8JubgfNVgf3NfeXzJ3jwa2HsAs
jJyWMPZbPMihZnhjFOxuzWZ4hNY2tZWv8ENCNjoCcf5MpFl1rXehTrvvYX1xa2Ab
pXCm02CbTlL8zSlfdLUcaLOaEV56R8rpT4Nwpv5uOBDNaLrTxhp8V8d+xj5VqxWz
ZIS1fzIynDnr5rDXiUmwpNYj3Q/DlLZEtN7fu+UUZWsxHd4p6/5jNgE7gKuC0tcd
b+JptHglCVgxlD9YlQ/+38O5tfKppCjcjjyf/QWWwY4f2pfW7UUxL8N2BAqeQQOs
h+gCu36UptGsonQNLJa3L1Cw3HnNMKenMx79Pz6Z5K9pE6SuxmyXlJyyDAQ7OB2F
7KdHW4OEICs=
=eB7i
-----END PGP SIGNATURE-----