APPLE-SA-2015-08-13-3 iOS 8.4.1

• Subject: APPLE-SA-2015-08-13-3 iOS 8.4.1
• From: Apple Product Security 
• Date: Thu, 13 Aug 2015 10:32:25 -0700

Hash: SHA256APPLE-SA-2015-08-13-3 iOS 8.4.1iOS 8.4.1 is now available and addresses the following:AppleFileConduitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A maliciously crafted afc command may allow access toprotected parts of the filesystemDescription: An issue existed in the symbolic linking mechanism ofafc. This issue was addressed by adding additional path checks.CVE-IDCVE-2015-5746 : evad3rs, TaiG Jailbreak TeamAir TrafficAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: AirTraffic may have allowed access to protected parts of thefilesystemDescription: A path traversal issue existed in asset handling. Thiswas addressed with improved validation.CVE-IDCVE-2015-5766 : TaiG Jailbreak TeamBackupAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to create symlinks toprotected regions of the diskDescription: An issue existed within the path validation logic forsymlinks. This issue was addressed through improved pathsanitization.CVE-IDCVE-2015-5752 : TaiG Jailbreak TeambootpAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious Wi-Fi network may be able to determine networksa device has previously accessedDescription: Upon connecting to a Wi-Fi network, iOS may havebroadcast MAC addresses of previously accessed networks via the DNAv4protocol. This issue was addressed through disabling DNAv4 onunencrypted Wi-Fi networks.CVE-IDCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,University of Oxford (on the EPSRC Being There project)Certificate UIAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker with a privileged network position may be ableto accept untrusted certificates from the lock screenDescription: Under certain circumstances, the device may havepresented a certificate trust dialog while in a locked state. Thisissue was addressed through improved state management.CVE-IDCVE-2015-3756 : Andy Grant of NCC GroupCloudKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to access the iClouduser record of a previously signed in userDescription: A state inconsistency existed in CloudKit when signingout users. This issue was addressed through improved state handling.CVE-IDCVE-2015-3782 : Deepkanwal Plaha of University of TorontoCFPreferencesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious app may be able to read other apps' managedpreferencesDescription: An issue existed in the third-party app sandbox. Thisissue was addressed by improving the third-party sandbox profile.CVE-IDCVE-2015-3793 : Andreas Weinlein of the Appthority Mobility ThreatTeamCode SigningAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute unsigned codeDescription: An issue existed that allowed unsigned code to beappended to signed code in a specially crafted executable file. Thisissue was addressed through improved code signature validation.CVE-IDCVE-2015-3806 : TaiG Jailbreak TeamCode SigningAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A specially crafted executable file could allow unsigned,malicious code to executeDescription: An issue existed in the way multi-architectureexecutable files were evaluated that could have allowed unsigned codeto be executed. This issue was addressed through improved validationof executable files.CVE-IDCVE-2015-3803 : TaiG Jailbreak TeamCode SigningAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute unsigned codeDescription: A validation issue existed in the handling of Mach-Ofiles. This was addressed by adding additional checks.CVE-IDCVE-2015-3802 : TaiG Jailbreak TeamCVE-2015-3805 : TaiG Jailbreak TeamCoreMedia PlaybackAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Viewing a maliciously crafted movie file may lead to anunexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in CoreMediaPlayback. This issue was addressed through improved memory handling.CVE-IDCVE-2015-5777 : AppleCVE-2015-5778 : AppleCoreTextAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted font file may lead to anunexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing offont files. This issue was addressed through improved inputvalidation.CVE-IDCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest TeamCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest TeamDiskImagesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted DMG file may lead to anunexpected application termination or arbitrary code execution withsystem privilegesDescription: A memory corruption issue existed in parsing ofmalformed DMG images. This issue was addressed through improvedmemory handling.CVE-IDCVE-2015-3800 : Frank Graziano of the Yahoo Pentest TeamFontParserAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted font file may lead to anunexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing offont files. This issue was addressed through improved inputvalidation.CVE-IDCVE-2015-3804 : AppleCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest TeamCVE-2015-5775 : AppleImageIOAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted .tiff file may lead to anunexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing of.tiff files. This issue was addressed through improved boundschecking.CVE-IDCVE-2015-5758 : AppleImageIOAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may result in thedisclosure of process memoryDescription: An uninitialized memory access issue existed inImageIO's handling of.png images. Visiting a malicious website mayresult in sending data from process memory to the website. This issuewas addressed through improved memory initialization and additionalvalidation of.png images.CVE-IDCVE-2015-5781 : Michal ZalewskiImageIOAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may result in thedisclosure of process memoryDescription: An uninitialized memory access issue existed inImageIO's handling of TIFF images. Visiting a malicious website mayresult in sending data from process memory to the website. This issueis addressed through improved memory initialization and additionalvalidation of TIFF images.CVE-IDCVE-2015-5782 : Michal ZalewskiIOKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Parsing a maliciously crafted plist may lead to anunexpected application termination or arbitrary code execution withsystem privilegesDescription: A memory corruption existed in processing of malformedplists. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein(@jollyjinx) of Jinx GermanyIOHIDFamilyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withsystem privilegesDescription: A buffer overflow issue existed in IOHIDFamily. Thisissue was addressed through improved memory handling.CVE-IDCVE-2015-5774 : TaiG Jailbreak TeamKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to determine kernelmemory layoutDescription: An issue existed in the mach_port_space_info interface,which could have led to the disclosure of kernel memory layout. Thiswas addressed by disabling the mach_port_space_info interface.CVE-IDCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,@PanguTeamKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute arbitrarycode with system privilegesDescription: An integer overflow existed in the handling of IOKitfunctions. This issue was addressed through improved validation ofIOKit API arguments.CVE-IDCVE-2015-3768 : Ilja van SprundelLibcAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted regular expression may leadto an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the TRE library.This issue was addressed through improved memory handling.CVE-IDCVE-2015-3796 : Ian Beer of Google Project ZeroCVE-2015-3797 : Ian Beer of Google Project ZeroCVE-2015-3798 : Ian Beer of Google Project ZeroLibinfoAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A remote attacker may be able to cause unexpectedapplication termination or arbitrary code executionDescription: A memory corruption issue existed in handling AF_INET6sockets. This issue was addressed by improved memory handling.CVE-IDCVE-2015-5776 : ApplelibpthreadAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute arbitrarycode with system privilegesDescription: A memory corruption issue existed in handling syscalls.This issue was addressed through improved lock state checking.CVE-IDCVE-2015-5757 : Lufeng Li of Qihoo 360libxml2Available for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Parsing a maliciously crafted XML document may lead todisclosure of user informationDescription: A memory corruption issue existed in parsing of XMLfiles. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3807 : Michal Zalewskilibxml2Available for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Multiple vulnerabilities existed in libxml2 versions priorto 2.9.2, the most serious of which may allow a remote attacker tocause a denial of serviceDescription: Multiple vulnerabilities existed in libxml2 versionsprior to 2.9.2. These were addressed by updating libxml2 to version2.9.2.CVE-IDCVE-2012-6685 : Felix Groebert of GoogleCVE-2014-0191 : Felix Groebert of GoogleCVE-2014-3660 : Felix Groebert of GooglelibxpcAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute arbitrarycode with system privilegesDescription: A memory corruption issue existed in handling ofmalformed XPC messages. This issue was improved through improvedbounds checking.CVE-IDCVE-2015-3795 : Mathew RowleyLocation FrameworkAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to modify protected parts of thefilesystemDescription: A symbolic link issue was addressed through improvedpath validation.CVE-IDCVE-2015-3759 : Cererdlong of Alibaba Mobile Security TeamMobileInstallationAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious enterprise application may be able to replaceextensions for other appsDescription: An issue existed in the install logic for universalprovisioning profile apps, which allowed a collision to occur withexisting bundle IDs. This issue was addressed through improved bundleID validation.CVE-IDCVE-2015-5770 : FireEyeMSVDX DriverAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Viewing a malicious video may lead to a unexpected systemterminationDescription: A denial of service issue was addressed throughimproved memory handling.CVE-IDCVE-2015-5769 : Proteas of Qihoo 360 Nirvan TeamOffice ViewerAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Parsing a maliciously crafted XML file may lead todisclosure of user informationDescription: An external entity reference issue existed in XML fileparsing. This issue was addressed through improved parsing.CVE-IDCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.QL OfficeAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Parsing a maliciously crafted office document may lead to anunexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in parsing of officedocuments. This issue was addressed through improved memory handling.CVE-IDCVE-2015-5773 : AppleSafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may lead to user interfacespoofingDescription: A malicious website could open another site and promptfor user input without a way for the user to tell where the promptoriginated. The issue was addressed by displaying the prompt's originto the user.CVE-IDCVE-2015-3729 : Code Audit Labs of VulnHunt.comSafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious website may trigger an infinite number of alertmessagesDescription: An issue existed where a malicious or hacked websitecould show infinite alert messages and make users believe theirbrowser was locked. The issue was addressed through throttling ofJavaScript alerts.CVE-IDCVE-2015-3763Sandbox_profilesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An malicious app may be able to read other apps' managedpreferencesDescription: An issue existed in the third-party app sandbox. Thisissue was addressed by improving the third-party sandbox profile.CVE-IDCVE-2015-5749 : Andreas Weinlein of the Appthority Mobility ThreatTeamUIKit WebViewAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to initiate FaceTimecalls without user authorizationDescription: An issue existed in the parsing of FaceTime URLs withinWebViews. This issue was addressed through improved URL validation.CVE-IDCVE-2015-3758 : Brian Simmons of Salesforce, Guillaume RossWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to anunexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in WebKit.These issues were addressed through improved memory handling.CVE-IDCVE-2015-3730 : AppleCVE-2015-3731 : AppleCVE-2015-3732 : AppleCVE-2015-3733 : AppleCVE-2015-3734 : AppleCVE-2015-3735 : AppleCVE-2015-3736 : AppleCVE-2015-3737 : AppleCVE-2015-3738 : AppleCVE-2015-3739 : AppleCVE-2015-3740 : AppleCVE-2015-3741 : AppleCVE-2015-3742 : AppleCVE-2015-3743 : AppleCVE-2015-3744 : AppleCVE-2015-3745 : AppleCVE-2015-3746 : AppleCVE-2015-3747 : AppleCVE-2015-3748 : AppleCVE-2015-3749 : AppleWebAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may lead to user interfacespoofingDescription: Navigating to a malformed URL may have allowed amalicious website to display an arbitrary URL. This issue wasaddressed through improved URL handling.CVE-IDCVE-2015-3755 : xisigr of Tencent's Xuanwu LabWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious website may exfiltrate image data cross-originDescription: Images fetched through URLs that redirected to adata:image resource could have been exfiltrated cross-origin. Thisissue was addressed through improved canvas taint tracking.CVE-IDCVE-2015-3753 : Antonio Sanso and Damien Antipa of AdobeWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious website can trigger plaintext requests to anorigin under HTTP Strict Transport SecurityDescription: An issue existed where Content Security Policy reportrequests would not honor HTTP Strict Transport Security (HSTS). Theissue was addressed by applying HSTS to CSP.CVE-IDCVE-2015-3750 : Muneaki Nishimura (nishimunea)WebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious website can make a tap event produce a syntheticclick on another pageDescription: An issue existed in how synthetic clicks are generatedfrom tap events that could cause clicks to target other pages. Theissue was addressed through restricted click propagation.CVE-IDCVE-2015-5759 : Phillip Moon and Matt Weston of SandfieldWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Content Security Policy report requests may leak cookiesDescription: Two issues existed in how cookies were added to ContentSecurity Policy report requests. Cookies were sent in cross-originreport requests in violation of the standard. Cookies set duringregular browsing were sent in private browsing. These issues wereaddressed through improved cookie handling.CVE-IDCVE-2015-3752 : Muneaki Nishimura (nishimunea)WebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Image loading may violate a website's Content SecurityPolicy directiveDescription: An issue existed where websites with video controlswould load images nested in object elements in violation of thewebsite's Content Security Policy directive. This issue was addressedthrough improved Content Security Policy enforcement.CVE-IDCVE-2015-3751 : Muneaki Nishimura (nishimunea)Installation note:This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. Selecting Don't Installwill present the option the next time you connect your iOS device.The automatic update process may take up to a week depending on theday that iTunes or the device checks for updates. You may manuallyobtain the update via the Check for Updates button within iTunes, orthe Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this updatewill be "8.4.1".Information will also be posted to the Apple Security Updatesweb site: https://support.apple.com/kb/HT201222This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/ 
http://prod.lists.apple.com/archives/security-announce/2015/Aug/msg00002.html