Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2782 Apple Support 2.4 for iOS 19 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Apple Support 2.4 for iOS Publisher: Apple Operating System: Apple iOS Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-4397 Original Bulletin: https://support.apple.com/en-au/HT209117 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS Apple Support 2.4 for iOS is now available and addresses the following: Analytics Available for: iOS 11.0 and later Impact: An attacker in a privileged network position may be able to intercept analytics data sent to Apple Description: Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit) Installation note: Apple Support 2.4 for iOS may be obtained from the iOS App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf7w4ACgkQeC9tht7T K3Fh+BAAladfEhMqU/fHmTtXsfcmTAATaSpZOq1UF9uJ/J5RwR7OXQSkutOnNwcG Vb0075qtoi7nTJQX94X/8qYgMvAmIYvuC/2Z7g7j4B93Co2sh4DgEmSQ1bcY5poi 3Crdd319vzfeGZ3FwqKEi6zUr7iydUA5R/f4nt6mTo0c57BFVXLVwHKMCm1iTpgk WMatvf6fIOsxL/Q3X4DDn3sJAuVcNQTUeQIDtEaA1VT9gOuJBf5BOLXQDgYc6D84 qLKQ1sAgbtxmRYrCnbZKAvcKqWn77nvhjfaVq4OnSnjkLxowE1TD3XRzHJrdk3GN x2ojRh3GwL2Iw15AYc3qEhI9cpJmOMdaKhu6C5UWKerILVP8lS/ygTKARSSW0id0 EfKu08f1Xi23uFiaqpSI2UBhMr0v9D49744ylUVGRVIGunqUJ0Nj9FmYBBKNRv5T 4RLGj5NsD5l7bCBBpKNA/n37ivcAetFGXpaxpAV5GGi45ZhYPK94EdbJuzte12GB vRgyoN+LsphipjZc4Dzhu8smerpL9cIUWbINvAHfLwMEOhquTbJ6t96dHIbGOzC0 XpYbzVmYrVdCBcOZz5F+XwfOzGBWC74/tnHONeQopU8zB03vqrAEt9jM26hVtkfe ztAS/8YR0xRcqvkx0bd7EwadbqbeDY5X+9DfwzjextQNPJz/vGA= =s2QM - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6HK/maOgq3Tt24GAQgczBAA2LqT0/67nOeFjAqWnrWy4C9kJO9igtVJ TpMNffTtKCYg0RbBGcs3E1xOesQOOB5kv1XzlOHgzRdsebhcIH1IJ+IcI0gxnO8i V19I1kM7ikwQ9TtalBCxUr1WUa90GCPryVSPEGiQpKLYCgdt9gXMh3i9xmoOWH1C cpbO1JN2dgPLd/HynrmWaZy0uIu+liGim61rETEXcSkCa1pcfaYKWlYZCRicqExo 6lsz1yoEOoggeyvWsMzcVRqm2qkBKomBUBtI9yD3EieU4aFv4UxoGuoaXGuRvIWE nqQY10eHv0DpfztAS0ZiJXmwFEs2qK1j+O1cNdj4L7ngOhUMR23bD1gUB5f1g9M4 KjTnyJMx2JKHftu6oWcDvnqfeZeg3xFu+55DBiVngLIPMdPa31D2a2CV9NUbXTcl kYAyL2WRNtO/2tnWscKN//2ILC/fF7NiDdD/p6URKKpT+LT8FRvLcyuN5wJyqR1l XHns4gPmAvUTKyz+204bgVx/tZk91Q/ZIXLiNwJpRBM2pWv9YCZnRyr8XcPY0Lj2 gh18f7WwERJNd41vBXGoaRwJ4D6ShllcHdjxbiXpBBjoiOe3k+KYcqvNlsHQOi6N bKeMKZUkP0dzrHmXvc2EYijdvurorD3hAJcjo2Rrr014J9vuBSqbIqMlUTn5pwNu xNPyAoWZ9t8= =JeJL -----END PGP SIGNATURE-----