Operating System:

[Apple iOS]

Published:

16 November 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3181.2
              APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iOS
                   iPadOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Existing Account            
                   Access Privileged Data          -- Existing Account            
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Existing Account            
                   Reduced Security                -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15358 CVE-2020-13631 CVE-2020-13630
                   CVE-2020-13520 CVE-2020-13435 CVE-2020-13434
                   CVE-2020-10013 CVE-2020-9996 CVE-2020-9993
                   CVE-2020-9992 CVE-2020-9991 CVE-2020-9989
                   CVE-2020-9988 CVE-2020-9983 CVE-2020-9981
                   CVE-2020-9979 CVE-2020-9977 CVE-2020-9976
                   CVE-2020-9973 CVE-2020-9972 CVE-2020-9969
                   CVE-2020-9968 CVE-2020-9966 CVE-2020-9965
                   CVE-2020-9964 CVE-2020-9963 CVE-2020-9961
                   CVE-2020-9959 CVE-2020-9958 CVE-2020-9954
                   CVE-2020-9952 CVE-2020-9951 CVE-2020-9950
                   CVE-2020-9949 CVE-2020-9947 CVE-2020-9946
                   CVE-2020-9944 CVE-2020-9943 CVE-2020-9941
                   CVE-2020-9876 CVE-2020-9849 CVE-2020-9773
                   CVE-2020-6147 CVE-2019-14899 

Reference:         ESB-2020.1044
                   ESB-2020.1043
                   ESB-2020.1042
                   ESB-2020.1041

Original Bulletin: 
   https://support.apple.com/en-ie/HT211850

Revision History:  November  16 2020: Vendor added additional entries for 
                   multiple products and additional CVEs
                   September 17 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.

AppleAVD

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)

Assets

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020

Audio

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

Audio

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreAudio

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreCapture

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020

Disk Images

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020

Icons

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs

IDE Device Support

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium
zLabs
Entry updated September 17, 2020

ImageIO

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020

ImageIO

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020

IOSurfaceAccelerator

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)

Kernel

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Entry added November 12, 2020

Keyboard

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

libxml2

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020

Mail

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020

Messages

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to discover a users deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020

Model I/O

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020

Model I/O

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-6147: Aleksandar Nikolic of Cisco Talos
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020

Model I/O

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos

NetworkExtension

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
Entry added November 12, 2020

Phone

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB

Quick Look

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added November 12, 2020

Safari

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2020-9977: Josh Parnham (@joshparnham)
Entry added November 12, 2020

Safari

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020

Sandbox

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Regua of SecuRing (wojciechregula.blog)
Entry added November 12, 2020

Sandbox

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020

Siri

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device. This issue was addressed with improved state
management.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, MeliÌh Kerem GÃ of LiÌv College, Sinan
Gulguler

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020

WebKit

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020

WebKit

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020

WebKit

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Wi-Fi

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020

Additional recognition

App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.

Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020

Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.

CallKit
We would like to acknowledge Federico Zanetello for their assistance.

CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020

Core Location
We would like to acknowledge YiÄ\x{159}it Can YILMAZ (@yilmazcanyigit) for
their assistance.

debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.

iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020

libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.

lldb
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
Entry added November 12, 2020

Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020

Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added November 12, 2020

Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020

Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.

NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and Qubo
Song of Symantec, a division of Broadcomâ for their assistance.

Phone Keypad
We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz
University, an anonymous researcher for their assistance.
Entry updated November 12, 2020 

Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020

Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020

Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
Entry added November 12, 2020

Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.

Telephony
We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey
@canbkmaz, Yiit Can YILMAZ (@yilmazcanyigit), an anonymous
researcher for their assistance.
Entry updated November 12, 2020

UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.

Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.

WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6
jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ
UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n
7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t
pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ
A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8
pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp
PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t
KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs
K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg
/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8
uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=
=WdqR
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7HXYeNLKJtyKPYoAQjyhhAAlYg66CIonxBR/vPojBq14Rfi8oiOaCnL
eMKzROp3D8fl8rZ+BooXaUWwRPPZdnQ+zxaKidZ03Zz8F9d9YvY+B4oHbX18v+y7
U5I/IVPCBR8VtRg4QBQRU41vRe0BPOxUNvxcGtTUl9z5vfHFzaWqSh1RAWhYOf8e
chchkl7nch3IfRKVlJ57iQ58OkVD/90rYZS59+E7/fFZJqPRuNZneX1Znuwhhnk8
rMGmEh7IQJkHfEeo8wV0svVuRt123GFOeMzWHHM8qB2JKS7VnklQTogkI8TRZUjJ
XgwH078baLp7BCLd3T4vcgNZ7epJs2rmsjC5LReDkreYnGySkDRUawuW4PyEG0qa
6tqu8MSa2p5Kj6P6uWIFkcnOIU0YeY/AJ/Sc36yY/QYaKHaI/pjsGD+BBvsinS0Q
b7eZ6XQuZFaKkHAsNz3//sgHa2QqiIxaWpNUacErPTvGXeD1uC40tNu8iAswJwGR
7T93hM+irDrtmg6W0hJQsPGECCbMNJDog6VsyPL0Sau3UlckU8mzUfAHq2jApmPq
dTtaqvJiMdgvrcZvGglliQVzZoYQyYP1cL8wXiVaLnhGEy+1JxiJ90b9y1zGSJWd
dDNBr4I77TjnC+iYpAV0VEPIX2l5rMPkX95uakfjWAApGDzXyXxO4ClfEzn5dGb8
0SegleDQ91k=
=n9Ov
-----END PGP SIGNATURE-----