- Subject: APPLE-SA-2015-09-16-1 iOS 9
- From: Apple Product Security <email@hidden>
- Date: Wed, 16 Sep 2015 11:04:32 -0700
Hash: SHA256APPLE-SA-2015-09-16-1 iOS 9iOS 9 is now available and addresses the following:Apple PayAvailable for: iPhone 6, iPad mini 3, and iPad Air 2Impact: Some cards may allow a terminal to retrieve limited recenttransaction information when making a paymentDescription: The transaction log functionality was enabled incertain configurations. This issue was addressed by removing thetransaction log functionality.CVE-IDCVE-2015-5916AppleKeyStoreAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local attacker may be able to reset failed passcodeattempts with an iOS backupDescription: An issue existed in resetting failed passcode attemptswith a backup of the iOS device. This was addressed through improvedpasscode failure logic.CVE-IDCVE-2015-5850 : an anonymous researcherApplication StoreAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Clicking a malicious ITMS link may lead to a denial ofservice in an enterprise-signed applicationDescription: An issue existed with installation through ITMS links.This was addressed through additional installation verification.CVE-IDCVE-2015-5856 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei ofFireEye, Inc.AudioAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Playing a malicious audio file may lead to an unexpectedapplication terminationDescription: A memory corruption issue existed in the handling ofaudio files. This issue issue was addressed through improved memoryhandling.CVE-IDCVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:Prof. Taekyoung Kwon), Yonsei University, Seoul, KoreaCertificate Trust PolicyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Update to the certificate trust policyDescription: The certificate trust policy was updated. The completelist of certificates may be viewed at
https://support.apple.com/en-us/HT204132.CFNetworkAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A person with physical access to an iOS device may readcache data from Apple appsDescription: Cache data was encrypted with a key protected only bythe hardware UID. This issue was addressed by encrypting the cachedata with a key protected by the hardware UID and the user'spasscode.CVE-IDCVE-2015-5898 : Andreas Kurtz of NESO Security LabsCFNetwork CookiesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker in a privileged network position can track auser's activityDescription: A cross-domain cookie issue existed in the handling oftop level domains. The issue was address through improvedrestrictions of cookie creation.CVE-IDCVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, TsinghuaUniversityCFNetwork CookiesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker may be able to create unintended cookies for awebsiteDescription: WebKit would accept multiple cookies to be set in thedocument.cookie API. This issue was addressed through improvedparsing.CVE-IDCVE-2015-3801 : Erling Ellingsen of FacebookCFNetwork FTPProtocolAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Malicious FTP servers may be able to cause the client toperform reconnaissance on other hostsDescription: An issue existed in FTP packet handling if clients wereusing an FTP proxy.CVE-IDCVE-2015-5912 : Amit KleinCFNetwork HTTPProtocolAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A maliciously crafted URL may be able to bypass HTTP StrictTransport Security (HSTS) and leak sensitive dataDescription: A URL parsing vulnerability existed in HSTS handling.This issue was addressed through improved URL parsing.CVE-IDCVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, TsinghuaUniversityCFNetwork HTTPProtocolAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious website may be able to track users in Safariprivate browsing modeDescription: An issue existed in the handling of HSTS state inSafari private browsing mode. This issue was addressed throughimproved state handling.CVE-IDCVE-2015-5860 : Sam Greenhalgh of RadicalResearch LtdCFNetwork ProxiesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Connecting to a malicious web proxy may set maliciouscookies for a websiteDescription: An issue existed in the handling of proxy connectresponses. This issue was addressed by removing the set-cookie headerwhile parsing the connect response.CVE-IDCVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, TsinghuaUniversityCFNetwork SSLAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker with a privileged network position may interceptSSL/TLS connectionsDescription: A certificate validation issue existed in NSURL when acertificate changed. This issue was addressed through improvedcertificate validation.CVE-IDCVE-2015-5824 : Timothy J. Wood of The Omni GroupCFNetwork SSLAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker may be able to decrypt data protected by SSLDescription: There are known attacks on the confidentiality of RC4.An attacker could force the use of RC4, even if the server preferredbetter ciphers, by blocking TLS 1.0 and higher connections untilCFNetwork tried SSL 3.0, which only allows RC4. This issue wasaddressed by removing the fallback to SSL 3.0.CoreAnimationAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to leak sensitive userinformationDescription: Applications could access the screen framebuffer whilethey were in the background. This issue was addressed with improvedaccess control on IOSurfaces.CVE-IDCVE-2015-5880 : Jin Han, Su Mon Kywe, Qiang Yan, Robert Deng, DebinGao, Yingjiu Li of School of Information Systems Singapore ManagementUniversity, Feng Bao and Jianying Zhou of Cryptography and SecurityDepartment Institute for Infocomm ResearchCoreCryptoAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker may be able to determine a private keyDescription: By observing many signing or decryption attempts, anattacker may have been able to determine the RSA private key. Thisissue was addressed using improved encryption algorithms.CoreTextAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted font file may lead toarbitrary code executionDescription: A memory corruption issue existed in the processing offont files. This issue was addressed through improved inputvalidation.CVE-IDCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest TeamData Detectors EngineAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing a maliciously crafted text file may lead toarbitrary code executionDescription: Memory corruption issues existed in the processing oftext files. These issues were addressed through improved boundschecking.CVE-IDCVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)Dev ToolsAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute arbitrarycode with system privilegesDescription: A memory corruption issue existed in dyld. This wasaddressed through improved memory handling.CVE-IDCVE-2015-5876 : beist of grayhashdyldAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An application may be able to bypass code signingDescription: An issue existed with validation of the code signatureof executables. This issue was addressed through improved boundschecking.CVE-IDCVE-2015-5839 :
@PanguTeam, TaiG Jailbreak TeamDisk ImagesAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withsystem privilegesDescription: A memory corruption issue existed in DiskImages. Thisissue was addressed through improved memory handling.CVE-IDCVE-2015-5847 : Filippo Bigarella, Luca TodescoGame CenterAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious Game Center application may be able to access aplayer's email addressDescription: An issue existed in Game Center in the handling of aplayer's email. This issue was addressed through improved accessrestrictions.CVE-IDCVE-2015-5855 : Nasser AlnasserICUAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Multiple vulnerabilities in ICUDescription: Multiple vulnerabilities existed in ICU versions priorto 53.1.0. These issues were addressed by updating ICU to version55.1.CVE-IDCVE-2014-8146CVE-2015-1205IOAcceleratorFamilyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to determine kernelmemory layoutDescription: An issue existed that led to the disclosure of kernelmemory content. This issue was addressed through improved boundschecking.CVE-IDCVE-2015-5834 : Cererdlong of Alibaba Mobile Security TeamIOAcceleratorFamilyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withsystem privilegesDescription: A memory corruption issue existed inIOAcceleratorFamily. This issue was addressed through improved memoryhandling.CVE-IDCVE-2015-5848 : Filippo BigarellaIOHIDFamilyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute arbitrarycode with system privilegesDescription: A memory corruption issue existed in IOHIDFamily. Thisissue was addressed through improved memory handling.CVE-IDCVE-2015-5867 : moony li of Trend MicroIOKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to execute arbitrarycode with system privilegesDescription: A memory corruption issue existed in the kernel. Thisissue was addressed through improved memory handling.CVE-IDCVE-2015-5844 : Filippo BigarellaCVE-2015-5845 : Filippo BigarellaCVE-2015-5846 : Filippo BigarellaIOMobileFrameBufferAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withsystem privilegesDescription: A memory corruption issue existed inIOMobileFrameBuffer. This issue was addressed through improved memoryhandling.CVE-IDCVE-2015-5843 : Filippo BigarellaIOStorageFamilyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local attacker may be able to read kernel memoryDescription: A memory initialization issue existed in the kernel.This issue was addressed through improved memory handling.CVE-IDCVE-2015-5863 : Ilja van Sprundel of IOActiveiTunes StoreAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: AppleID credentials may persist in the keychain after signoutDescription: An issue existed in keychain deletion. This issue wasaddressed through improved account cleanup.CVE-IDCVE-2015-5832 : Kasif Dekel from Check Point Software TechnologiesJavaScriptCoreAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to arbitrarycode executionDescription: Memory corruption issues existed in WebKit. Theseissues were addressed through improved memory handling.CVE-IDCVE-2015-5791 : AppleCVE-2015-5793 : AppleCVE-2015-5814 : AppleCVE-2015-5816 : AppleCVE-2015-5822 : Mark S. Miller of GoogleCVE-2015-5823 : AppleKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue existed in the kernel. Thisissue was addressed through improved memory handling.CVE-IDCVE-2015-5868 : Cererdlong of Alibaba Mobile Security TeamCVE-2015-5896 : Maxime Villard of m00nbsdCVE-2015-5903 : CESGKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local attacker may control the value of stack cookiesDescription: Multiple weaknesses existed in the generation of userspace stack cookies. This was addressed through improved generationof stack cookies.CVE-IDCVE-2013-3951 : Stefan EsserKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local process can modify other processes withoutentitlement checksDescription: An issue existed where root processes using theprocessor_set_tasks API were allowed to retrieve the task ports ofother processes. This issue was addressed through added entitlementchecks.CVE-IDCVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan LevinKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker may be able to launch denial of service attackson targeted TCP connections without knowing the correct sequencenumberDescription: An issue existed in xnu's validation of TCP packetheaders. This issues was addressed through improved TCP packet headervalidation.CVE-IDCVE-2015-5879 : Jonathan LooneyKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker in a local LAN segment may disable IPv6 routingDescription: An insufficient validation issue existed in handling ofIPv6 router advertisements that allowed an attacker to set the hoplimit to an arbitrary value. This issue was addressed by enforcing aminimum hop limit.CVE-IDCVE-2015-5869 : Dennis Spindel LjungmarkKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to determine kernel memory layoutDescription: An issue existed in XNU that led to the disclosure ofkernel memory. This was addressed through improved initialization ofkernel memory structures.CVE-IDCVE-2015-5842 : beist of grayhashKernelAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to cause a system denial of serviceDescription: An issue existed in HFS drive mounting. This wasaddressed by additional validation checks.CVE-IDCVE-2015-5748 : Maxime Villard of m00nbsdlibcAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue existed in the kernel. Thisissue was addressed through improved memory handling.CVE-IDCVE-2014-8611 : Adrian Chadd and Alfred Perlstein of NorseCorporationlibpthreadAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to execute arbitrary code withkernel privilegesDescription: A memory corruption issue existed in the kernel. Thisissue was addressed through improved memory handling.CVE-IDCVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan TeamMailAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker can send an email that appears to come from acontact in the recipient's address bookDescription: An issue existed in the handling of the sender'saddress. This issue was addressed through improved validation.CVE-IDCVE-2015-5857 : Emre Saglam of salesforce.comMultipeer ConnectivityAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local attacker may be able to observe unprotectedmultipeer dataDescription: An issue existed in convenience initializer handling inwhich encryption could be actively downgraded to a non-encryptedsession. This issue was addressed by changing the convenienceinitializer to require encryption.CVE-IDCVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data TheoremNetworkExtensionAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to determine kernelmemory layoutDescription: An uninitialized memory issue in the kernel led to thedisclosure of kernel memory content. This issue was addressed throughmemory initialization.CVE-IDCVE-2015-5831 : Maxime Villard of m00nbsdOpenSSLAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Multiple vulnerabilities in OpenSSLDescription: Multiple vulnerabilities existed in OpenSSL versionsprior to 0.9.8zg. These were addressed by updating OpenSSL to version0.9.8zg.CVE-IDCVE-2015-0286CVE-2015-0287PluginKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious enterprise application can install extensionsbefore the application has been trustedDescription: An issue existed in the validation of extensions duringinstallation. This was addressed through improved app verification.CVE-IDCVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei ofFireEye, Inc.removefileAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Processing malicious data may lead to unexpected applicationterminationDescription: An overflow fault existed in the checkint divisionroutines. This issue was addressed with improved division routines.CVE-IDCVE-2015-5840 : an anonymous researcherSafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A local user may be able to read Safari bookmarks on alocked iOS device without a passcodeDescription: Safari bookmark data was encrypted with a key protectedonly by the hardware UID. This issue was addressed by encrypting theSafari bookmark data with a key protected by the hardware UID and theuser's passcode.CVE-IDCVE-2015-5903 : Jonathan ZdziarskiSafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may lead to user interfacespoofingDescription: An issue may have allowed a website to display contentwith a URL from a different website. This issue was addressed throughimproved URL handling.CVE-IDCVE-2015-5904 : Erling Ellingsen of Facebook, Lukasz PilorzSafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may lead to user interfacespoofingDescription: Navigating to a malicious website with a malformedwindow opener may have allowed the display of arbitrary URLs. Thisissue was addressed through improved handling of window openers.CVE-IDCVE-2015-5905 : Keita Haga of keitahaga.comSafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Users may be tracked by malicious websites using clientcertificatesDescription: An issue existed in Safari's client certificatematching for SSL authentication. This issue was addressed throughimproved matching of valid client certificates.CVE-IDCVE-2015-1129 : Stefan Kraus of fluid Operations AG, Sylvain Munautof Whatever s.a.SafariAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may lead to user interfacespoofingDescription: Multiple user interface inconsistencies may haveallowed a malicious website to display an arbitrary URL. These issueswere addressed through improved URL display logic.CVE-IDCVE-2015-5764 : Antonio Sanso (@asanso) of AdobeCVE-2015-5765 : Ron MasasCVE-2015-5767 : Krystian Kloskowski via Secunia, Masato KinugawaSafari Safe BrowsingAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Navigating to the IP address of a known malicious websitemay not trigger a security warningDescription: Safari's Safe Browsing feature did not warn users whenvisiting known malicious websites by their IP addresses. The issuewas addressed through improved malicious site detection.Rahul M of TagsDocSecurityAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious app may be able to intercept communicationbetween appsDescription: An issue existed that allowed a malicious app tointercept URL scheme communication between apps. This was mitigatedby displaying a dialog when a URL scheme is used for the first time.CVE-IDCVE-2015-5835 : Teun van Run of FiftyTwoDegreesNorth B.V.; XiaoFengWang of Indiana University, Luyi Xing of Indiana University, TongxinLi of Peking University, Tongxin Li of Peking University, XiaolongBai of Tsinghua UniversitySiriAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A person with physical access to an iOS device may be ableto use Siri to read notifications of content that is set not to bedisplayed at the lock screenDescription: When a request was made to Siri, client siderestrictions were not being checked by the server. This issue wasaddressed through improved restriction checking.CVE-IDCVE-2015-5892 : Robert S Mozayeni, Joshua DonvitoSpringBoardAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A person with physical access to an iOS device can reply toan audio message from the lock screen when message previews from thelock screen are disabledDescription: A lock screen issue allowed users to reply to audiomessages when message previews were disabled. This issue wasaddressed through improved state management.CVE-IDCVE-2015-5861 : Daniel Miedema of Meridian AppsSpringBoardAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious application may be able to spoof anotherapplication's dialog windowsDescription: An access issue existed with privileged API calls. Thisissue was addressed through additional restrictions.CVE-IDCVE-2015-5838 : Min (Spark) Zheng, Hui Xue, Tao (Lenx) Wei, John C.S.LuiSQLiteAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Multiple vulnerabilities in SQLite v3.8.5Description: Multiple vulnerabilities existed in SQLite v3.8.5.These issues were addressed by updating SQLite to version 3.8.10.2.CVE-IDCVE-2015-5895tidyAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to arbitrarycode executionDescription: A memory corruption issue existed in Tidy. This issueswas addressed through improved memory handling.CVE-IDCVE-2015-5522 : Fernando Munoz of NULLGroup.comCVE-2015-5523 : Fernando Munoz of NULLGroup.comWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Object references may be leaked between isolated origins oncustom events, message events and pop state eventsDescription: An object leak issue broke the isolation boundarybetween origins. This issue was addressed through improved isolationbetween origins.CVE-IDCVE-2015-5827 : GildasWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to arbitrarycode executionDescription: Memory corruption issues existed in WebKit. Theseissues were addressed through improved memory handling.CVE-IDCVE-2015-5789 : AppleCVE-2015-5790 : AppleCVE-2015-5792 : AppleCVE-2015-5794 : AppleCVE-2015-5795 : AppleCVE-2015-5796 : AppleCVE-2015-5797 : AppleCVE-2015-5799 : AppleCVE-2015-5800 : AppleCVE-2015-5801 : AppleCVE-2015-5802 : AppleCVE-2015-5803 : AppleCVE-2015-5804 : AppleCVE-2015-5805CVE-2015-5806 : AppleCVE-2015-5807 : AppleCVE-2015-5809 : AppleCVE-2015-5810 : AppleCVE-2015-5811 : AppleCVE-2015-5812 : AppleCVE-2015-5813 : AppleCVE-2015-5817 : AppleCVE-2015-5818 : AppleCVE-2015-5819 : AppleCVE-2015-5821 : AppleWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may lead to unintended dialingDescription: An issue existed in handling of tel://, facetime://,and facetime-audio:// URLs. This issue was addressed through improvedURL handling.CVE-IDCVE-2015-5820 : Andrei Neculaesei, Guillaume RossWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: QuickType may learn the last character of a password in afilled-in web formDescription: An issue existed in WebKit's handling of password inputcontext. This issue was addressed through improved input contexthandling.CVE-IDCVE-2015-5906 : Louis Romero of Google Inc.WebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker in a privileged network position may be able toredirect to a malicious domainDescription: An issue existed in the handling of resource caches onsites with invalid certificates. The issue was addressed by rejectingthe application cache of domains with invalid certificates.CVE-IDCVE-2015-5907 : Yaoqi Jia of National University of Singapore (NUS)WebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: A malicious website may exfiltrate data cross-originDescription: Safari allowed cross-origin stylesheets to be loadedwith non-CSS MIME types which could be used for cross-origin dataexfiltration. This issue was addressed by limiting MIME types forcross-origin stylesheets.CVE-IDCVE-2015-5826 : filedescriptor, Chris EvansWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: The Performance API may allow a malicious website to leakbrowsing history, network activity, and mouse movementsDescription: WebKit's Performance API could have allowed a maliciouswebsite to leak browsing history, network activity, and mousemovements by measuring time. This issue was addressed by limitingtime resolution.CVE-IDCVE-2015-5825 : Yossi Oren et al. of Columbia University's NetworkSecurity LabWebKitAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: An attacker in a privileged network position may be able toleak sensitive user informationDescription: An issue existed with Content-Disposition headerscontaining type attachment. This issue was addressed by disallowingsome functionality for type attachment pages.CVE-IDCVE-2015-5921 : Mickey Shkatov of the Intel(r) Advanced ThreatResearch Team, Daoyuan Wu of Singapore Management University, RockyK. C. Chang of Hong Kong Polytechnic University, Lukasz Pilorz,superhei of www.knownsec.comWebKit CanvasAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a malicious website may disclose image data fromanother websiteDescription: A cross-origin issue existed with "canvas" elementimages in WebKit. This was addressed through improved tracking ofsecurity origins.CVE-IDCVE-2015-5788 : AppleWebKit Page LoadingAvailable for: iPhone 4s and later,iPod touch (5th generation) and later, iPad 2 and laterImpact: WebSockets may bypass mixed content policy enforcementDescription: An insufficient policy enforcement issue allowedWebSockets to load mixed content. This issue was addressed byextending mixed content policy enforcement to WebSockets.Kevin G Jones of Higher LogicInstallation note:This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. Selecting Don't Installwill present the option the next time you connect your iOS device.The automatic update process may take up to a week depending on theday that iTunes or the device checks for updates. You may manuallyobtain the update via the Check for Updates button within iTunes, orthe Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this updatewill be "9".Information will also be posted to the Apple Security Updatesweb site:
https://support.apple.com/kb/HT201222This message is signed with Apple's Product Security PGP key,and details are available at:
https://www.apple.com/support/security/pgp/
http://prod.lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
+54
