Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2612 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 16 October 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple Keynote Apple Pages Apple Numbers Apple iWork Publisher: Apple Operating System: Apple iOS OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-7034 CVE-2015-7033 CVE-2015-7032 CVE-2015-3784 Reference: ESB-2015.2114 ESB-2015.2113 Original Bulletin: https://support.apple.com/en-au/HT205373 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to compromise of user information Description: Multiple input validation issues existed in parsing a maliciously crafted document. These issues were addressed through improved input validation. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard) Keynote, Pages, and Numbers Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7033 : Felix Groebert of the Google Security Team Pages Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later Impact: Opening a maliciously crafted Pages document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing a maliciously crafted Pages document. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7034 : Felix Groebert of the Google Security Team Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE 9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd 5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6 DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1 Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i /3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi ikrC4CqPxEcf3lk6bXKi =Zci4 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBViBfPn6ZAP0PgtI9AQJghBAAq90Ncu3y3vmyVokqeEf3xzpNPhYS9ttE LinjPsisdVbujWPmixNpJ4C6RNbtPIiNfUpj4CvrtWmWiIcXSwIzNMn9C6D8kVU/ kA86Ycendkldl2r/sW/heuCot99sD+agZA85fslg1wUzAESP22TCWhXM15NuevqE BO1dYFvS7q1wjMd6MXIrBncWbq1N0eK4NM28GT3q4wwA1ioJcpsFkE8qgjALCLY3 AUONm0GqNfCrI4tc41KkbeISRoR+K2Yu5eMNQF10Ox/guzY7O2q/KmH3U+L7LJ1D M+isHJUwafCqzo9aqtFiV+cJxocJyqt65pePouSbunC3zgnHXCxfG1gd6qma5q8/ /dTIgSAqJ6RLQqz5M/p4ssO40Uvr8592v1eO+d3ri8pd4Df3gDD33b/xP0Nip5mZ QSl8fCyT2C/T3q1hDpiqkCuImKy4isfCKvo2TXosTpMWoMCwJpIX7ASqvWZXZkUy R1q0dmfFs6Rez7gE01UDKtLAlvRmOu6WdJjZH8u9v5RACjAd0E4P37XOQMbAl8UG zRMkJbDhTSEcZxCVInL6p++QOpBlGYcZbkEwuKGWhh0/xAWze6ktlQVbL85rcWgw DuymUaK4LZ6cAlhqyk1qQoga7KoQRdLIVRKIUbxcKsJmTBoA7J8wqIMXPMEKvej8 rwNlSa2xVpo= =V2ym -----END PGP SIGNATURE-----