ID CVE-2011-3261 Type cve Reporter NVD Modified 2017-08-28T21:30:08
Description
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
{"securityvulns": [{"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Multiple vulnerabilities in different system components and applications.", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:VULN:11971", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11971", "title": "Apple iPhone multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-1 iOS 5 Software Update\r\n\r\niOS 5 Software Update is now available and addresses the following:\r\n\r\nCalDAV\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information from a CalDAV\r\ncalendar server\r\nDescription: CalDAV did not check that the SSL certificate presented\r\nby the server was trusted.\r\nCVE-ID\r\nCVE-2011-3253 : Leszek Tasiemski of nSense\r\n\r\nCalendar\r\nAvailable for: iOS 4.2.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 4.2.0 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 4.2.0 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted calendar invitation may inject\r\nscript in the local domain\r\nDescription: A script injection issue existed in Calendar's handling\r\nof invitation notes. This issue is addressed through improved\r\nescaping of special characters in invitation notes. This issues does\r\nnot affect devices prior to iOS 4.2.0.\r\nCVE-ID\r\nCVE-2011-3254 : Rick Deacon\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: User's AppleID password may be logged to a local file\r\nDescription: A user's AppleID password and username were logged to a\r\nfile that was readable by applications on the system. This is\r\nresolved by no longer logging these credentials.\r\nCVE-ID\r\nCVE-2011-3255 : Peter Quade of qdevelop\r\n\r\nCFNetwork\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreGraphics\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a document containing a maliciously crafted font may\r\nlead to arbitrary code execution\r\nDescription: Multiple memory corruption existed in freetype, the\r\nmost serious of which may lead to arbitrary code execution when\r\nprocessing a maliciously crafted font.\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nCoreMedia\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nData Access\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An exchange mail cookie management issue could incorrectly\r\ncause data synchronization across different accounts\r\nDescription: When multiple mail exchange accounts are configured\r\nwhich connect to the same server, a session could potentially receive\r\na valid cookie corresponding to a different account. This issue is\r\naddressed by ensuring that cookies are separated across different\r\naccounts.\r\nCVE-ID\r\nCVE-2011-3257 : Bob Sielken of IBM\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Fraudulent certificates were issued by multiple\r\ncertificate authorities operated by DigiNotar. This issue is\r\naddressed by removing DigiNotar from the list of trusted root\r\ncertificates, from the list of Extended Validation (EV) certificate\r\nauthorities, and by configuring default system trust settings so that\r\nDigiNotar's certificates, including those issued by other\r\nauthorities, are not trusted.\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Support for X.509 certificates with MD5 hashes may expose\r\nusers to spoofing and information disclosure as attacks improve\r\nDescription: Certificates signed using the MD5 hash algorithm were\r\naccepted by iOS. This algorithm has known cryptographic weaknesses.\r\nFurther research or a misconfigured certificate authority could have\r\nallowed the creation of X.509 certificates with attacker controlled\r\nvalues that would have been trusted by the system. This would have\r\nexposed X.509 based protocols to spoofing, man in the middle attacks,\r\nand information disclosure. This update disables support for an X.509\r\ncertificate with an MD5 hash for any use other than as a trusted root\r\ncertificate.\r\nCVE-ID\r\nCVE-2011-3427\r\n\r\nData Security\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker could decrypt part of a SSL connection\r\nDescription: Only the SSLv3 and TLS 1.0 versions of SSL were\r\nsupported. These versions are subject to a protocol weakness when\r\nusing block ciphers. A man-in-the-middle attacker could have injected\r\ninvalid data, causing the connection to close but revealing some\r\ninformation about the previous data. If the same connection was\r\nattempted repeatedly the attacker may eventually have been able to\r\ndecrypt the data being sent, such as a password. This issue is\r\naddressed by adding support for TLS 1.2.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nHome screen\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Switching between applications may lead to the disclosure of\r\nsensitive application information\r\nDescription: When switching between applications with the four-\r\nfinger app switching gesture, the display could have revealed the\r\nprevious application state. This issue is addressed by ensuring that\r\nthe system properly calls the applicationWillResignActive: method\r\nwhen transitioning between applications.\r\nCVE-ID\r\nCVE-2011-3431 : Abe White of Hedonic Software Inc.\r\n\r\nImageIO\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted TIFF image may result in an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libTIFF's handling of\r\nCCITT Group 4 encoded TIFF images.\r\nCVE-ID\r\nCVE-2011-0192 : Apple\r\n\r\nImageIO\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF images.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nInternational Components for Unicode\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ICU's generation of\r\ncollation keys for long strings of mostly uppercase letters.\r\nCVE-ID\r\nCVE-2011-0206 : David Bienvenu of Mozilla\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A remote attacker may cause a device reset\r\nDescription: The kernel failed to promptly reclaim memory from\r\nincomplete TCP connections. An attacker with the ability to connect\r\nto a listening service on an iOS device could exhaust system\r\nresources.\r\nCVE-ID\r\nCVE-2011-3259 : Wouter van der Veer of Topicus I&I, and Josh Enders\r\n\r\nKernel\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A local user may be able to cause a system reset\r\nDescription: A null dereference issue existed in the handling of\r\nIPV6 socket options.\r\nCVE-ID\r\nCVE-2011-1132 : Thomas Clement of Intego\r\n\r\nKeyboards\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A user may be able to determine information about the last\r\ncharacter of a password\r\nDescription: The keyboard used to type the last character of a\r\npassword was briefly displayed the next time the keyboard was used.\r\nCVE-ID\r\nCVE-2011-3245 : Paul Mousdicas\r\n\r\nlibxml\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A one-byte heap buffer overflow existed in libxml's\r\nhandling of XML data.\r\nCVE-ID\r\nCVE-2011-0216 : Billy Rios of the Google Security Team\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted Word file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in OfficeImport's handling of\r\nMicrosoft Word documents.\r\nCVE-ID\r\nCVE-2011-3260 : Tobias Klein working with Verisign iDefense Labs\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Viewing a maliciously crafted Excel file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in OfficeImport's handling\r\nof Excel files.\r\nCVE-ID\r\nCVE-2011-3261 : Tobias Klein of www.trapkit.de\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Downloading a maliciously crafted Microsoft Office file may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in OfficeImport's\r\nhandling of Microsoft Office files.\r\nCVE-ID\r\nCVE-2011-0208 : Tobias Klein working with iDefense VCP\r\n\r\nOfficeImport\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Downloading a maliciously crafted Excel file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in OfficeImport's\r\nhandling of Excel files.\r\nCVE-ID\r\nCVE-2011-0184 : Tobias Klein working with iDefense VCP\r\n\r\nSafari\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Opening maliciously crafted files on certain websites may\r\nlead to a cross-site scripting attack\r\nDescription: iOS did not support the 'attachment' value for the HTTP\r\nContent-Disposition header. This header is used by many websites to\r\nserve files that were uploaded to the site by a third-party, such as\r\nattachments in web-based e-mail applications. Any script in files\r\nserved with this header value would run as if the file had been\r\nserved inline, with full access to other resources on the origin\r\nserver. This issue is addressed by loading attachments in an isolated\r\nsecurity origin with no access to resources on other sites.\r\nCVE-ID\r\nCVE-2011-3426 : Christian Matthies working with iDefense VCP,\r\nYoshinori Oota from Business Architects Inc working with JP/CERT\r\n\r\nSettings\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: An attacker with physical access to a device may be able to\r\nrecover the restrictions passcode\r\nDescription: The parental restrictions functionality enforces UI\r\nrestrictions. Configuring parental restrictions is protected by a\r\npasscode, which was previously stored in plaintext on disk. This\r\nissue is addressed by securely storing the parental restrictions\r\npasscode in the system keychain.\r\nCVE-ID\r\nCVE-2011-3429 : an anonymous reporter\r\n\r\nSettings\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Misleading UI\r\nDescription: Configurations and settings applied via configuration\r\nprofiles did not appear to function properly under any non-English\r\nlanguage. Settings could be improperly displayed as a result. This\r\nissue is addressed by fixing a localization error.\r\nCVE-ID\r\nCVE-2011-3430 : Florian Kreitmaier of Siemens CERT\r\n\r\nUIKit Alerts\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a malicious website may cause an unexpected device\r\nhang\r\nDescription: An excessive maximum text layout length permitted\r\nmalicious websites to cause iOS to hang when drawing acceptance\r\ndialogs for very long tel: URIs. This issue is addressed by using a\r\nmore reasonable maximum URI size.\r\nCVE-ID\r\nCVE-2011-3432 : Simon Young of Anglia Ruskin University\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nCVE-ID\r\nCVE-2011-0218 : SkyLined of Google Chrome Security Team\r\nCVE-2011-0221 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0222 : Nikita Tarakanov and Alex Bazhanyuk of the CISS\r\nResearch Team, and Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0225 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0232 : J23 working with TippingPoint's Zero Day Initiative\r\nCVE-2011-0233 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0234 : Rob King working with TippingPoint's Zero Day\r\nInitiative, wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-0235 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-0238 : Adam Barth of Google Chrome Security Team\r\nCVE-2011-0254 : An anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0255 : An anonymous reporter working with TippingPoint's\r\nZero Day Initiative\r\nCVE-2011-0981 : Rik Cabanier of Adobe Systems, Inc\r\nCVE-2011-0983 : Martin Barbella\r\nCVE-2011-1109 : Sergey Glazunov\r\nCVE-2011-1114 : Martin Barbella\r\nCVE-2011-1115 : Martin Barbella\r\nCVE-2011-1117 : wushi of team509\r\nCVE-2011-1121 : miaubiz\r\nCVE-2011-1188 : Martin Barbella\r\nCVE-2011-1203 : Sergey Glazunov\r\nCVE-2011-1204 : Sergey Glazunov\r\nCVE-2011-1288 : Andreas Kling of Nokia\r\nCVE-2011-1293 : Sergey Glazunov\r\nCVE-2011-1296 : Sergey Glazunov\r\nCVE-2011-1449 : Marek Majkowski\r\nCVE-2011-1451 : Sergey Glazunov\r\nCVE-2011-1453 : wushi of team509 working with TippingPoint's Zero Day\r\nInitiative\r\nCVE-2011-1457 : John Knottenbelt of Google\r\nCVE-2011-1462 : wushi of team509\r\nCVE-2011-1797 : wushi of team509\r\nCVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2339 : Cris Neckar of the Google Chrome Security Team\r\nCVE-2011-2341 : Apple\r\nCVE-2011-2351 : miaubiz\r\nCVE-2011-2352 : Apple\r\nCVE-2011-2354 : Apple\r\nCVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome\r\nSecurity Team using AddressSanitizer\r\nCVE-2011-2359 : miaubiz\r\nCVE-2011-2788 : Mikolaj Malecki of Samsung\r\nCVE-2011-2790 : miaubiz\r\nCVE-2011-2792 : miaubiz\r\nCVE-2011-2797 : miaubiz\r\nCVE-2011-2799 : miaubiz\r\nCVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam\r\nCVE-2011-2813 : Cris Neckar of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2816 : Apple\r\nCVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-2818 : Martin Barbella\r\nCVE-2011-2820 : Raman Tenneti and Philip Rogers of Google\r\nCVE-2011-2823 : SkyLined of Google Chrome Security Team\r\nCVE-2011-2827 : miaubiz\r\nCVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3232 : Aki Helin of OUSPG\r\nCVE-2011-3234 : miaubiz\r\nCVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security\r\nTeam using AddressSanitizer\r\nCVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the\r\nChromium development community, and Abhishek Arya (Inferno) of Google\r\nChrome Security Team\r\nCVE-2011-3244 : vkouchna\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of URLs\r\nwith an embedded username. This issue is addressed through improved\r\nhandling of URLs with an embedded username.\r\nCVE-ID\r\nCVE-2011-0242 : Jobert Abma of Online24\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of DOM\r\nnodes.\r\nCVE-ID\r\nCVE-2011-1295 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A maliciously crafted website may be able to cause a\r\ndifferent URL to be shown in the address bar\r\nDescription: A URL spoofing issue existed in the handling of the DOM\r\nhistory object.\r\nCVE-ID\r\nCVE-2011-1107 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to arbitrary\r\ncode execution\r\nDescription: A configuration issue existed in WebKit's use of\r\nlibxslt. Visiting a maliciously crafted website may lead to arbitrary\r\nfiles being created with the privileges of the user, which may lead\r\nto arbitrary code execution. This issue is addressed through improved\r\nlibxslt security settings.\r\nCVE-ID\r\nCVE-2011-1774 : Nicolas Gregoire of Agarri\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a malicious website and dragging content in the\r\npage may lead to an information disclosure\r\nDescription: A cross-origin issue existed in WebKit's handling of\r\nHTML5 drag and drop. This issue is addressed by disallowing drag and\r\ndrop across different origins.\r\nCVE-ID\r\nCVE-2011-0166 : Michal Zalewski of Google Inc.\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: A cross-origin issue existed in the handling of Web\r\nWorkers.\r\nCVE-ID\r\nCVE-2011-1190 : Daniel Divricean of divricean.ro\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\nwindow.open method.\r\nCVE-ID\r\nCVE-2011-2805 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of\r\ninactive DOM windows.\r\nCVE-ID\r\nCVE-2011-3243 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-origin issue existed in the handling of the\r\ndocument.documentURI property.\r\nCVE-ID\r\nCVE-2011-2819 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: A maliciously crafted website may be able to track the URLs\r\nthat a user visits within a frame\r\nDescription: A cross-origin issue existed in the handling of the\r\nbeforeload event.\r\nCVE-ID\r\nCVE-2011-2800 : Juho Nurminen\r\n\r\nWiFi\r\nAvailable for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4,\r\niOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,\r\niOS 3.2 through 4.3.5 for iPad\r\nImpact: WiFi credentials may be logged to a local file\r\nDescription: WiFi credentials including the passphrase and\r\nencryption keys were logged to a file that was readable by\r\napplications on the system. This is resolved by no longer logging\r\nthese credentials.\r\nCVE-ID\r\nCVE-2011-3434 : Laurent OUDOT of TEHTRI Security\r\n\r\nInstallation note:\r\n\r\nThis update is only available through iTunes, and will not appear\r\nin your computer's Software Update application, or in the Apple\r\nDownloads site. Make sure you have an Internet connection and have\r\ninstalled the latest version of iTunes from www.apple.com/itunes/\r\n\r\niTunes will automatically check Apple's update server on its weekly\r\nschedule. When an update is detected, it will download it. When\r\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\r\nuser with the option to install the update. We recommend applying\r\nthe update immediately if possible. Selecting Don't Install will\r\npresent the option the next time you connect your iPhone, iPod touch,\r\nor iPad.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes checks for updates. You may manually obtain the\r\nupdate via the Check for Updates button within iTunes. After doing\r\nthis, the update can be applied when your iPhone, iPod touch, or iPad\r\nis docked to your computer.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be\r\n"5 (9A334)".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOldmtAAoJEGnF2JsdZQee/qMIAIPxmIiOqj+FMLFHZtPeC/Dp\r\n3s4JliKOOgNnjXkxErfaNvYGmeVbDaUER5jdVrWccTauzlYmy8G4uK0An2GD2YiP\r\ngB5AiCQXpONdBCi38QNdRqrYoYjc8Sa0nUp4r5uWPoiHoj5KfxvBpgygEL+zjHXS\r\nfmnrONOCWhOYp0w4q6mdTg5BH2uJCbXscD/JjbmgHQI0Vs/iUZKSRyqFo2b0Mvze\r\nNiSyzcj/4l62Cxx7xM9VbdrYL7Al2yyHfNYJQsZmoeDUlJQcdgEgEMXvOuhY3sFK\r\nmaxYr2oCp6Mtf53fplAeJIV4ijLynEWAKxTuTznAyW1k7oiGrDTfORSFKPEB9MQ=\r\n=LCQZ\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-10-15T00:00:00", "published": "2011-10-15T00:00:00", "id": "SECURITYVULNS:DOC:27151", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27151", "title": "APPLE-SA-2011-10-12-1 iOS 5 Software Update", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
