ID CVE-2014-4410 Type cve Reporter cve@mitre.org Modified 2019-03-08T16:06:00
Description
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1\r\n\r\nSafari 6.2 and Safari 7.1 are now available and address the\r\nfollowing:\r\n\r\nSafari\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials\r\nDescription: Saved passwords were autofilled on http sites, on https\r\nsites with broken trust, and in iframes. This issue was addressed by\r\nrestricting password autofill to the main frame of https sites with\r\nvalid certificate chains.\r\nCVE-ID\r\nCVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford\r\nUniversity working with Eric Chen and Collin Jackson of Carnegie\r\nMellon University\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-6663 : Atte Kettunen of OUSPG\r\nCVE-2014-4410 : Eric Seidel of Google\r\nCVE-2014-4411 : Google Chrome Security Team\r\nCVE-2014-4412 : Apple\r\nCVE-2014-4413 : Apple\r\nCVE-2014-4414 : Apple\r\nCVE-2014-4415 : Apple\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5\r\nImpact: A malicious website may be able to track users even when\r\nprivate browsing is enabled\r\nDescription: A web application could store HTML 5 application cache\r\ndata during normal browsing and then read the data during private\r\nbrowsing. This was addressed by disabling access to the application\r\ncache when in private browsing mode.\r\nCVE-ID\r\nCVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)\r\n\r\n\r\nSafari 7.1 and Safari 6.2 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUGkSxAAoJEBcWfLTuOo7tNVcP/j3m7E6n31A4jJ+KpQK8QSaC\r\nno9gPE/qLSAyHCPY1GvaLqNAiFrfbHvJu0C9GCRQe0K7CElCIovtxUZ91PREInPw\r\nyQHsyFefeICOXwmU7fz1MWJcUufV6vdThcOzLQciSC2SomiptGdfhbi1/oyXWa7b\r\n6W8m2adZBv4XDUfObEVO8S28/XsBRN5zHXGbGmwTqobBAGZp8G/IDiB5RjjY0vC3\r\nTCs4TvhlWqUSyCaubqRGtvTol8+eVqFkFsJb/e4j8IlHi83BF5Gb20F+L3kW9lBH\r\nrez4sz/chnjR5cFc6Be3ciXNdG10d5urMBFTXB8u6Wu7rl5oShD25OB/j4n+8Ik4\r\ntvQZfGsRnTicFgywX28QuRVWwldK4VFvMcHAEPZ+8FuwjJCZSLbk0JPXJTC374N2\r\n+G/fh6knx+yNEezedUAbR93OFIDn9lKniVlfVvALs8DnI4Qvfus1yQ9Pxb4rA6Y6\r\nwguh4HaAeasMVZeL9nA8NHPH4aVhGryhaGq3N4ykag/TKtXAn2EsOsevQ5tWRYV2\r\nLMJiFcDHcqjOftmbkNN/jbR35PX9InSBVeFqWG++01xKpcR/YrP1uEHY3fiQC/Z4\r\nkX7nr26nrMXJkEb28ShAlyMYmGaQdos5S6jfe2liNg2C4y4E4aUbMwi8+L/wzXO+\r\nmlqQ1qQbOepcgb+U0iLX\r\n=muK9\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-09-21T00:00:00", "published": "2014-09-21T00:00:00", "id": "SECURITYVULNS:DOC:31094", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31094", "title": "APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "Unsafe passwords autofill, unsafe cache handling, multiple memory corruptions.", "modified": "2014-09-21T00:00:00", "published": "2014-09-21T00:00:00", "id": "SECURITYVULNS:VULN:13972", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13972", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-09-17-2 Apple TV 7\r\n\r\nApple TV 7 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An attacker can obtain WiFi credentials\r\nDescription: An attacker could have impersonated a WiFi access\r\npoint, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,\r\nand used the derived credentials to authenticate to the intended\r\naccess point even if that access point supported stronger\r\nauthentication methods. This issue was addressed by removing support\r\nfor LEAP.\r\nCVE-ID\r\nCVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim\r\nLamotte of Universiteit Hasselt\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An attacker with access to an device may access sensitive\r\nuser information from logs\r\nDescription: Sensitive user information was logged. This issue was\r\naddressed by logging less information.\r\nCVE-ID\r\nCVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An attacker with a privileged network position may be able\r\nto cause a device to think that it is up to date even when it is not\r\nDescription: A validation issue existed in the handling of update\r\ncheck responses. Spoofed dates from Last-Modified response headers\r\nset to future dates were used for If-Modified-Since checks in\r\nsubsequent update requests. This issue was addressed by validation of\r\nthe Last-Modified header.\r\nCVE-ID\r\nCVE-2014-4383 : Raul Siles of DinoSec\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\r\nthe iSIGHT Partners GVP Program\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or an information disclosure\r\nDescription: An out of bounds memory read existed in the handling of\r\nPDF files. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\r\nthe iSIGHT Partners GVP Program\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An application may cause an unexpected system termination\r\nDescription: A null pointer dereference existed in the handling of\r\nIOAcceleratorFamily API arguments. This issue was addressed through\r\nimproved validation of IOAcceleratorFamily API arguments.\r\nCVE-ID\r\nCVE-2014-4369 : Catherine aka winocm\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: The device may unexpectedly restart\r\nDescription: A NULL pointer dereference was present in the\r\nIntelAccelerator driver. The issue was addressed by improved error\r\nhandling.\r\nCVE-ID\r\nCVE-2014-4373 : cunzhang from Adlab of Venustech\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to read kernel pointers,\r\nwhich can be used to bypass kernel address space layout randomization\r\nDescription: An out-of-bounds read issue existed in the handling of\r\nan IOHIDFamily function. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-4379 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in IOHIDFamily's\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-4404 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved validation of IOHIDFamily key-mapping properties.\r\nCVE-ID\r\nCVE-2014-4405 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: An out-of-bounds write issue existed in the IOHIDFamily\r\nkernel extension. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4380 : cunzhang from Adlab of Venustech\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to read uninitialized\r\ndata from kernel memory\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of IOKit functions. This issue was addressed through\r\nimproved memory initialization\r\nCVE-ID\r\nCVE-2014-4407 : @PanguTeam\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IODataQueue objects. This issue was addressed\r\nthrough improved validation of metadata.\r\nCVE-ID\r\nCVE-2014-4418 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IODataQueue objects. This issue was addressed\r\nthrough improved validation of metadata.\r\nCVE-ID\r\nCVE-2014-4388 : @PanguTeam\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2014-4389 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: Multiple uninitialized memory issues existed in the\r\nnetwork statistics interface, which led to the disclosure of kernel\r\nmemory content. This issue was addressed through additional memory\r\ninitialization.\r\nCVE-ID\r\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A person with a privileged network position may cause a\r\ndenial of service\r\nDescription: A race condition issue existed in the handling of IPv6\r\npackets. This issue was addressed through improved lock state\r\nchecking.\r\nCVE-ID\r\nCVE-2011-2391 : Marc Heuse\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: A double free issue existed in the handling of Mach\r\nports. This issue was addressed through improved validation of Mach\r\nports.\r\nCVE-ID\r\nCVE-2014-4375\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: An out-of-bounds read issue existed in rt_setgate. This\r\nmay lead to memory disclosure or memory corruption. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4408\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Some kernel hardening measures may be bypassed\r\nDescription: The 'early' random number generator used in some kernel\r\nhardening measures was not cryptographically secure, and some of its\r\noutput was exposed to user space, allowing bypass of the hardening\r\nmeasures. This issue was addressed by replacing the random number\r\ngenerator with a cryptographically secure algorithm, and using a\r\n16-byte seed.\r\nCVE-ID\r\nCVE-2014-4422 : Tarjei Mandt of Azimuth Security\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An out-of-bounds write issue existed in Libnotify. This\r\nissue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4381 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to change permissions on arbitrary\r\nfiles\r\nDescription: syslogd followed symbolic links while changing\r\npermissions on files. This issue was addressed through improved\r\nhandling of symbolic links.\r\nCVE-ID\r\nCVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech\r\nInformation Security Center (GTISC)\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An attacker with a privileged network position may cause an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-6663 : Atte Kettunen of OUSPG\r\nCVE-2014-1384 : Apple\r\nCVE-2014-1385 : Apple\r\nCVE-2014-1387 : Google Chrome Security Team\r\nCVE-2014-1388 : Apple\r\nCVE-2014-1389 : Apple\r\nCVE-2014-4410 : Eric Seidel of Google\r\nCVE-2014-4411 : Google Chrome Security Team\r\nCVE-2014-4412 : Apple\r\nCVE-2014-4413 : Apple\r\nCVE-2014-4414 : Apple\r\nCVE-2014-4415 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUGMh1AAoJEBcWfLTuOo7tSWgP/j19RyvhyRDhJJyBozeK/pN6\r\n6pgKhW3R++yi3COOjYX9oGmupiDNlIz5Rd7pkZMxq+f6BbwBh+hzXoPDdHw33yRO\r\npQ9nV32gDIBlQRjvqmJgU/w6ODJWdPukcGBZqqjTjywce/tDxC9ZQBZLcRRuifXl\r\ndQdCYmXpkIcyZ3Yh9uF6sSXy0vngZr7kvvyJnst4WTmjqF3X9Sak75/s8Xa4oLyg\r\nnaD+o2ITisuMk7dEmY6p1vqhbbQIxIeg315VyQxoGfsml9IPtOI5SWOPO+wi6nNd\r\nPyHKTFuhmlqjE+tKdBLulBMQPNreF0bCP+iNipBtAUS8RUyR19dfkDDjJeBbcqp7\r\nLsl4+6XsXABKPjrj66pBl7M7NZR+9mRfJbr83gmDN7hXu2OZJ7PxH49UKmr7JkeK\r\nOWlMyiyd4NfigtlasUTnom+Jky+uIDy/JYBGkumgoCG50cdt+BAQgb8CiPCS11LK\r\nOX0Ra4X8juRxh9TajQ+afx6r5Ma0Zdhj+ONzGJaTCCV+/NVjSKb/o+MfxlSiRYBN\r\not4R5cbQFHFDxcpMW+5S8EYt8mgUmn7oCxBm21mj9hzo9pqDVWTABaIUywI4+4n4\r\nuWnZKxtit873cik8gE+NtbngtF3/q40n0Wvf3UzP6RTedl9g56wmjZ8NPvKWL8rE\r\nvHsGbux+Eb0CYjDTQqqS\r\n=98h5\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-09-21T00:00:00", "published": "2014-09-21T00:00:00", "id": "SECURITYVULNS:DOC:31095", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31095", "title": "APPLE-SA-2014-09-17-2 Apple TV 7", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "Weak authentication, unauthorized access, information leakage, race conditions, protection bypass, memory corruptions on different formats parsing.", "modified": "2014-09-21T00:00:00", "published": "2014-09-21T00:00:00", "id": "SECURITYVULNS:VULN:13973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13973", "title": "Apple TV multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-09-17-1 iOS 8\r\n\r\niOS 8 is now available and addresses the following:\r\n\r\n802.1X\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker can obtain WiFi credentials\r\nDescription: An attacker could have impersonated a WiFi access\r\npoint, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,\r\nand used the derived credentials to authenticate to the intended\r\naccess point even if that access point supported stronger\r\nauthentication methods. This issue was addressed by disabling LEAP by\r\ndefault.\r\nCVE-ID\r\nCVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim\r\nLamotte of Universiteit Hasselt\r\n\r\nAccounts\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to identify the Apple ID\r\nof the user\r\nDescription: An issue existed in the access control logic for\r\naccounts. A sandboxed application could get information about the\r\ncurrently-active iCloud account, including the name of the account.\r\nThis issue was addressed by restricting access to certain account\r\ntypes from unauthorized applications.\r\nCVE-ID\r\nCVE-2014-4423 : Adam Weaver\r\n\r\nCertificate Trust Policy\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Update to the certificate trust policy\r\nDescription: The certificate trust policy was updated. The complete\r\nlist of certificates may be viewed at\r\nhttp://support.apple.com/kb/HT5012.\r\n\r\nAccessibility\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: The device may not lock the screen when using AssistiveTouch\r\nDescription: A logic issue existed in AssistiveTouch's handling of\r\nevents, which resulted in the screen not locking. This issue was\r\naddressed through improved handling of the lock timer.\r\nCVE-ID\r\nCVE-2014-4368 : Hendrik Bettermann\r\n\r\nAccounts Framework\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with access to an iOS device may access\r\nsensitive user information from logs\r\nDescription: Sensitive user information was logged. This issue was\r\naddressed by logging less information.\r\nCVE-ID\r\nCVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group\r\n\r\nAddress Book\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to an iOS device may read the\r\naddress book\r\nDescription: The address book was encrypted with a key protected\r\nonly by the hardware UID. This issue was addressed by encrypting the\r\naddress book with a key protected by the hardware UID and the user's\r\npasscode.\r\nCVE-ID\r\nCVE-2014-4352 : Jonathan Zdziarski\r\n\r\nApp Installation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local attacker may be able to escalate privileges and\r\ninstall unverified applications\r\nDescription: A race condition existed in App Installation. An\r\nattacker with the capability of writing to /tmp may have been able to\r\ninstall an unverified app. This issue was addressed by staging files\r\nfor installation in another directory.\r\nCVE-ID\r\nCVE-2014-4386 : evad3rs\r\n\r\nApp Installation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local attacker may be able to escalate privileges and\r\ninstall unverified applications\r\nDescription: A path traversal issue existed in App Installation. A\r\nlocal attacker could have retargeted code signature validation to a\r\nbundle different from the one being installed and cause installation\r\nof an unverified app. This issue was addressed by detecting and\r\npreventing path traversal when determining which code signature to\r\nverify.\r\nCVE-ID\r\nCVE-2014-4384 : evad3rs\r\n\r\nAssets\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto cause an iOS device to think that it is up to date even when it is\r\nnot\r\nDescription: A validation issue existed in the handling of update\r\ncheck responses. Spoofed dates from Last-Modified response headers\r\nset to future dates were used for If-Modified-Since checks in\r\nsubsequent update requests. This issue was addressed by validation of\r\nthe Last-Modified header.\r\nCVE-ID\r\nCVE-2014-4383 : Raul Siles of DinoSec\r\n\r\nBluetooth\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Bluetooth is unexpectedly enabled by default after upgrading\r\niOS\r\nDescription: Bluetooth was enabled automatically after upgrading\r\niOS. This was addressed by only turning on Bluetooth for major or\r\nminor version updates.\r\nCVE-ID\r\nCVE-2014-4354 : Maneet Singh, Sean Bluestein\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\r\nthe iSIGHT Partners GVP Program\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or an information disclosure\r\nDescription: An out of bounds memory read existed in the handling of\r\nPDF files. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\r\nthe iSIGHT Partners GVP Program\r\n\r\nData Detectors\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Tapping on a FaceTime link in Mail would trigger a FaceTime\r\naudio call without prompting\r\nDescription: Mail did not consult the user before launching\r\nfacetime-audio:// URLs. This issue was addressed with the addition of\r\na confirmation prompt.\r\nCVE-ID\r\nCVE-2013-6835 : Guillaume Ross\r\n\r\nFoundation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An application using NSXMLParser may be misused to disclose\r\ninformation\r\nDescription: An XML External Entity issue existed in NSXMLParser's\r\nhandling of XML. This issue was addressed by not loading external\r\nentities across origins.\r\nCVE-ID\r\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\r\n\r\nHome & Lock Screen\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A background app can determine which app is frontmost\r\nDescription: The private API for determining the frontmost app did\r\nnot have sufficient access control. This issue was addressed through\r\nadditional access control.\r\nCVE-ID\r\nCVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus\r\nTroBbach of Heilbronn University\r\n\r\niMessage\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Attachments may persist after the parent iMessage or MMS is\r\ndeleted\r\nDescription: A race condition existed in how attachments were\r\ndeleted. This issue was addressed by conducting additional checks on\r\nwhether an attachment has been deleted.\r\nCVE-ID\r\nCVE-2014-4353 : Silviu Schiau\r\n\r\nIOAcceleratorFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An application may cause an unexpected system termination\r\nDescription: A null pointer dereference existed in the handling of\r\nIOAcceleratorFamily API arguments. This issue was addressed through\r\nimproved validation of IOAcceleratorFamily API arguments.\r\nCVE-ID\r\nCVE-2014-4369 : Catherine aka winocm\r\n\r\nIOAcceleratorFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: The device may unexpectedly restart\r\nDescription: A NULL pointer dereference was present in the\r\nIntelAccelerator driver. The issue was addressed by improved error\r\nhandling.\r\nCVE-ID\r\nCVE-2014-4373 : cunzhang from Adlab of Venustech\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to read kernel pointers,\r\nwhich can be used to bypass kernel address space layout randomization\r\nDescription: An out-of-bounds read issue existed in the handling of\r\nan IOHIDFamily function. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-4379 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A heap buffer overflow existed in IOHIDFamily's\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2014-4404 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of key-mapping properties. This issue was addressed through\r\nimproved validation of IOHIDFamily key-mapping properties.\r\nCVE-ID\r\nCVE-2014-4405 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with kernel privileges\r\nDescription: An out-of-bounds write issue existed in the IOHIDFamily\r\nkernel extension. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4380 : cunzhang from Adlab of Venustech\r\n\r\nIOKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to read uninitialized\r\ndata from kernel memory\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of IOKit functions. This issue was addressed through\r\nimproved memory initialization\r\nCVE-ID\r\nCVE-2014-4407 : @PanguTeam\r\n\r\nIOKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IODataQueue objects. This issue was addressed\r\nthrough improved validation of metadata.\r\nCVE-ID\r\nCVE-2014-4418 : Ian Beer of Google Project Zero\r\n\r\nIOKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IODataQueue objects. This issue was addressed\r\nthrough improved validation of metadata.\r\nCVE-ID\r\nCVE-2014-4388 : @PanguTeam\r\n\r\nIOKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2014-4389 : Ian Beer of Google Project Zero\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: Multiple uninitialized memory issues existed in the\r\nnetwork statistics interface, which led to the disclosure of kernel\r\nmemory content. This issue was addressed through additional memory\r\ninitialization.\r\nCVE-ID\r\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\r\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with a privileged network position may cause a\r\ndenial of service\r\nDescription: A race condition issue existed in the handling of IPv6\r\npackets. This issue was addressed through improved lock state\r\nchecking.\r\nCVE-ID\r\nCVE-2011-2391 : Marc Heuse\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: A double free issue existed in the handling of Mach\r\nports. This issue was addressed through improved validation of Mach\r\nports.\r\nCVE-ID\r\nCVE-2014-4375 : an anonymous researcher\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to cause an unexpected system\r\ntermination or arbitrary code execution in the kernel\r\nDescription: An out-of-bounds read issue existed in rt_setgate. This\r\nmay lead to memory disclosure or memory corruption. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4408\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Some kernel hardening measures may be bypassed\r\nDescription: The random number generator used for kernel hardening\r\nmeasures early in the boot process was not cryptographically secure.\r\nSome of its output was inferable from user space, allowing bypass of\r\nthe hardening measures. This issue was addressed by using a\r\ncryptographically secure algorithm.\r\nCVE-ID\r\nCVE-2014-4422 : Tarjei Mandt of Azimuth Security\r\n\r\nLibnotify\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An out-of-bounds write issue existed in Libnotify. This\r\nissue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4381 : Ian Beer of Google Project Zero\r\n\r\nLockdown\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A device can be manipulated into incorrectly presenting the\r\nhome screen when the device is activation locked\r\nDescription: An issue existed with unlocking behavior that caused a\r\ndevice to proceed to the home screen even if it should still be in an\r\nactivation locked state. This was addressed by changing the\r\ninformation a device verifies during an unlock request.\r\nCVE-ID\r\nCVE-2014-1360\r\n\r\nMail\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Login credentials can be sent in plaintext even if the\r\nserver has advertised the LOGINDISABLED IMAP capability\r\nDescription: Mail sent the LOGIN command to servers even if they had\r\nadvertised the LOGINDISABLED IMAP capability. This issue is mostly a\r\nconcern when connecting to servers that are configured to accept non-\r\nencrypted connections and that advertise LOGINDISABLED. This issue\r\nwas addressed by respecting the LOGINDISABLED IMAP capability.\r\nCVE-ID\r\nCVE-2014-4366 : Mark Crispin\r\n\r\nMail\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to an iOS device may\r\npotentially read email attachments\r\nDescription: A logic issue existed in Mail's use of Data Protection\r\non email attachments. This issue was addressed by properly setting\r\nthe Data Protection class for email attachments.\r\nCVE-ID\r\nCVE-2014-1348 : Andreas Kurtz of NESO Security Labs\r\n\r\nProfiles\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Voice Dial is unexpectedly enabled after upgrading iOS\r\nDescription: Voice Dial was enabled automatically after upgrading\r\niOS. This issue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2014-4367 : Sven Heinemann\r\n\r\nSafari\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: User credentials may be disclosed to an unintended site via\r\nautofill\r\nDescription: Safari may have autofilled user names and passwords\r\ninto a subframe from a different domain than the main frame. This\r\nissue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-5227 : Niklas Malmgren of Klarna AB\r\n\r\nSafari\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials\r\nDescription: Saved passwords were autofilled on http sites, on https\r\nsites with broken trust, and in iframes. This issue was addressed by\r\nrestricting password autofill to the main frame of https sites with\r\nvalid certificate chains.\r\nCVE-ID\r\nCVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford\r\nUniversity working with Eric Chen and Collin Jackson of Carnegie\r\nMellon University\r\n\r\nSandbox Profiles\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Apple ID information is accessible by third-party apps\r\nDescription: An information disclosure issue existed in the third-\r\nparty app sandbox. This issue was addressed by improving the third-\r\nparty sandbox profile.\r\nCVE-ID\r\nCVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus\r\nTroBbach of Heilbronn University\r\n\r\nSettings\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Text message previews may appear at the lock screen even\r\nwhen this feature is disabled\r\nDescription: An issue existed in the previewing of text message\r\nnotifications at the lock screen. As a result, the contents of\r\nreceived messages would be shown at the lock screen even when\r\npreviews were disabled in Settings. The issue was addressed through\r\nimproved observance of this setting.\r\nCVE-ID\r\nCVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),\r\nItaly\r\n\r\nsyslog\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to change permissions on arbitrary\r\nfiles\r\nDescription: syslogd followed symbolic links while changing\r\npermissions on files. This issue was addressed through improved\r\nhandling of symbolic links.\r\nCVE-ID\r\nCVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech\r\nInformation Security Center (GTISC)\r\n\r\nWeather\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Location information was sent unencrypted\r\nDescription: An information disclosure issue existed in an API used\r\nto determine local weather. This issue was addressed by changing\r\nAPIs.\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website may be able to track users even when\r\nprivate browsing is enabled\r\nDescription: A web application could store HTML 5 application cache\r\ndata during normal browsing and then read the data during private\r\nbrowsing. This was addressed by disabling access to the application\r\ncache when in private browsing mode.\r\nCVE-ID\r\nCVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-6663 : Atte Kettunen of OUSPG\r\nCVE-2014-1384 : Apple\r\nCVE-2014-1385 : Apple\r\nCVE-2014-1387 : Google Chrome Security Team\r\nCVE-2014-1388 : Apple\r\nCVE-2014-1389 : Apple\r\nCVE-2014-4410 : Eric Seidel of Google\r\nCVE-2014-4411 : Google Chrome Security Team\r\nCVE-2014-4412 : Apple\r\nCVE-2014-4413 : Apple\r\nCVE-2014-4414 : Apple\r\nCVE-2014-4415 : Apple\r\n\r\nWiFi\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A device may be passively tracked by its WiFi MAC address\r\nDescription: An information disclosure existed because a stable MAC\r\naddress was being used to scan for WiFi networks. This issue was\r\naddressed by randomizing the MAC address for passive WiFi scans.\r\n\r\nNote:\r\niOS 8 contains changes to some diagnostic capabilities.\r\nFor details, please consult http://support.apple.com/kb/HT6331\r\niOS 8 now permits devices to untrust all previously trusted\r\ncomputers. Instructions can be found at\r\nhttp://support.apple.com/kb/HT5868\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "8".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e\r\nW2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7\r\nrHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9\r\ntNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ\r\ntZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm\r\nTMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV\r\ns32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl\r\niesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy\r\nHO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD\r\ng2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg\r\nh5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY\r\nZZCDpw0BRMEXUyXqTns7\r\n=hlmW\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-09-21T00:00:00", "published": "2014-09-21T00:00:00", "id": "SECURITYVULNS:DOC:31089", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31089", "title": "APPLE-SA-2014-09-17-1 iOS 8", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "84 vulnerabilities on different formats and protocols parsing.", "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:VULN:14051", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14051", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "Weak authentication, unauthorized access, information leakage, race conditions, protection bypass, memory corruptions on different formats parsing, XXE.", "modified": "2014-09-21T00:00:00", "published": "2014-09-21T00:00:00", "id": "SECURITYVULNS:VULN:13970", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13970", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-6 iTunes 12.0.1\r\n\r\niTunes 12.0.1 is now available and addresses the following:\r\n\r\niTunes\r\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-2871 : miaubiz\r\nCVE-2013-2875 : miaubiz\r\nCVE-2013-2909 : Atte Kettunen of OUSPG\r\nCVE-2013-2926 : cloudfuzzer\r\nCVE-2013-2927 : cloudfuzzer\r\nCVE-2013-2928 : Google Chrome Security Team\r\nCVE-2013-5195 : Apple\r\nCVE-2013-5196 : Google Chrome Security Team\r\nCVE-2013-5197 : Google Chrome Security Team\r\nCVE-2013-5198 : Apple\r\nCVE-2013-5199 : Apple\r\nCVE-2013-5225 : Google Chrome Security Team\r\nCVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day\r\nInitiative\r\nCVE-2013-6625 : cloudfuzzer\r\nCVE-2013-6635 : cloudfuzzer\r\nCVE-2013-6663 : Atte Kettunen of OUSPG\r\nCVE-2014-1268 : Apple\r\nCVE-2014-1269 : Apple\r\nCVE-2014-1270 : Apple\r\nCVE-2014-1289 : Apple\r\nCVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day\r\nInitiative, Google Chrome Security Team\r\nCVE-2014-1291 : Google Chrome Security Team\r\nCVE-2014-1292 : Google Chrome Security Team\r\nCVE-2014-1293 : Google Chrome Security Team\r\nCVE-2014-1294 : Google Chrome Security Team\r\nCVE-2014-1298 : Google Chrome Security Team\r\nCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of\r\nUniversity of Szeged / Samsung Electronics\r\nCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's\r\nZero Day Initiative\r\nCVE-2014-1301 : Google Chrome Security Team\r\nCVE-2014-1302 : Google Chrome Security Team, Apple\r\nCVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative\r\nCVE-2014-1304 : Apple\r\nCVE-2014-1305 : Apple\r\nCVE-2014-1307 : Google Chrome Security Team\r\nCVE-2014-1308 : Google Chrome Security Team\r\nCVE-2014-1309 : cloudfuzzer\r\nCVE-2014-1310 : Google Chrome Security Team\r\nCVE-2014-1311 : Google Chrome Security Team\r\nCVE-2014-1312 : Google Chrome Security Team\r\nCVE-2014-1313 : Google Chrome Security Team\r\nCVE-2014-1323 : banty\r\nCVE-2014-1324 : Google Chrome Security Team\r\nCVE-2014-1325 : Apple\r\nCVE-2014-1326 : Apple\r\nCVE-2014-1327 : Google Chrome Security Team, Apple\r\nCVE-2014-1329 : Google Chrome Security Team\r\nCVE-2014-1330 : Google Chrome Security Team\r\nCVE-2014-1331 : cloudfuzzer\r\nCVE-2014-1333 : Google Chrome Security Team\r\nCVE-2014-1334 : Apple\r\nCVE-2014-1335 : Google Chrome Security Team\r\nCVE-2014-1336 : Apple\r\nCVE-2014-1337 : Apple\r\nCVE-2014-1338 : Google Chrome Security Team\r\nCVE-2014-1339 : Atte Kettunen of OUSPG\r\nCVE-2014-1340 : Apple\r\nCVE-2014-1341 : Google Chrome Security Team\r\nCVE-2014-1342 : Apple\r\nCVE-2014-1343 : Google Chrome Security Team\r\nCVE-2014-1344 : Ian Beer of Google Project Zero\r\nCVE-2014-1362 : Apple, miaubiz\r\nCVE-2014-1363 : Apple\r\nCVE-2014-1364 : Apple\r\nCVE-2014-1365 : Apple, Google Chrome Security Team\r\nCVE-2014-1366 : Apple\r\nCVE-2014-1367 : Apple\r\nCVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)\r\nCVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung\r\nElectronics\r\nCVE-2014-1384 : Apple\r\nCVE-2014-1385 : Apple\r\nCVE-2014-1386 : an anonymous researcher\r\nCVE-2014-1387 : Google Chrome Security Team\r\nCVE-2014-1388 : Apple\r\nCVE-2014-1389 : Apple\r\nCVE-2014-1390 : Apple\r\nCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative\r\nCVE-2014-1731 : an anonymous member of the Blink development\r\ncommunity\r\nCVE-2014-4410 : Eric Seidel of Google\r\nCVE-2014-4411 : Google Chrome Security Team\r\nCVE-2014-4412 : Apple\r\nCVE-2014-4413 : Apple\r\nCVE-2014-4414 : Apple\r\nCVE-2014-4415 : Apple\r\n\r\n\r\niTunes 12.0.1 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUQCKuAAoJEBcWfLTuOo7t3cgP/RCpdvSrkHZM2SsNXSVtaCfW\r\nauW4hMgN5s2OkYxWwiHDhnKB6dM5Jb4aC5a4j7JECUMRZ7MxIw4EgfV0SJDfRP7M\r\n90YhewGKLaapfc6SRYl1lws+Me+OXf0tjzgBEyD+3qdhFDCCQzWh2F+rpjj4Bzbo\r\ncWrPn454dEEvJvDRc7/U13xvbSNm94jedzZjuCDkiA8+1UFF1fWqxU1Iw8HjW1U2\r\nKUe0Uzrpyul85shviO/nO4hnuGMT3i85ZBmTWjMhsOteLsp/ZRSHrvuKps3XM0qg\r\nrBp8W//gFgYreMUP3m779SkCAPznmA7XnufCZBdbLJwdQBac+xdcjdQa+RdjUfXA\r\nFb8sDaNQm1qJVfo8kDWe6ED7MbnxbwrpKswQFN2Mft3wXLNdfdViLmQ4A3mJ+1ju\r\n0RoR8SuoZiZrClbPW0C08i6Y4EZfVeG1lNzJQySlqg2ZhFPcrdQMyLr0mSs58ClE\r\n19km+0fMKWzb8XJsQZkir41P5sheldAVsqtQBud2Q25xnM8LmTDuX1ywXUEvTKO8\r\nSRAZ4EF1vvfVpHE9w/XgBzRC9J23scN1/WnzDeoVMxkz4YrvsZdV3bjJJMJ4bDs6\r\n85hjnwYe8QFnfaZPoMcstwWQMxA8Hl4mhu3B+1PKWlT6FENpCKCCc5W5MxWrAXnp\r\nK0B4Ue5bqvDqVL0KLkrB\r\n=+heG\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31304", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31304", "title": "APPLE-SA-2014-10-16-6 iTunes 12.0.1", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-11-26T11:18:58", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote Mac OS X host is a\nversion prior to 6.2 or 7.1. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An error exists related to saved passwords and the\n incorrect automatic filling of HTML forms. A remote\n attacker can exploit this to obtain sensitive\n information. (CVE-2014-4363)\n\n - Multiple memory corruption errors exist related to\n the included version of WebKit that can allow\n application crashes or arbitrary code execution.\n (CVE-2013-6663, CVE-2014-4410, CVE-2014-4411,\n CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,\n CVE-2014-4415)\n\n - An error exists related to HTML5 application cache\n data handling and the included version of WebKit that\n allows the disclosure of sensitive information from\n private browsing sessions. (CVE-2014-4409)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_SAFARI7_1.NASL", "href": "https://www.tenable.com/plugins/nessus/77747", "published": "2014-09-18T00:00:00", "title": "Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77747);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2013-6663\",\n \"CVE-2014-4363\",\n \"CVE-2014-4409\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 69881,\n 69909,\n 69937,\n 69966,\n 69970,\n 69973,\n 69974,\n 69975,\n 69976,\n 69984\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-09-17-4\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.2 / 7.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X host is a\nversion prior to 6.2 or 7.1. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An error exists related to saved passwords and the\n incorrect automatic filling of HTML forms. A remote\n attacker can exploit this to obtain sensitive\n information. (CVE-2014-4363)\n\n - Multiple memory corruption errors exist related to\n the included version of WebKit that can allow\n application crashes or arbitrary code execution.\n (CVE-2013-6663, CVE-2014-4410, CVE-2014-4411,\n CVE-2014-4412, CVE-2014-4413, CVE-2014-4414,\n CVE-2014-4415)\n\n - An error exists related to HTML5 application cache\n data handling and the included version of WebKit that\n allows the disclosure of sensitive information from\n private browsing sessions. (CVE-2014-4409)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6440\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.2 / 7.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-6663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[89]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8 / 10.9\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nif (\"10.8\" >< os) fixed_version = \"6.2\";\nelse fixed_version = \"7.1\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-27T10:16:42", "bulletinFamily": "scanner", "description": "According to its banner, the remote Apple TV device is a version prior\nto 7. It is, therefore, affected by multiple vulnerabilities, the most\nserious of which can result in arbitrary code execution.", "modified": "2019-11-02T00:00:00", "id": "APPLETV_7_0.NASL", "href": "https://www.tenable.com/plugins/nessus/77822", "published": "2014-09-24T00:00:00", "title": "Apple TV < 7 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77822);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2011-2391\",\n \"CVE-2013-6663\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-4357\",\n \"CVE-2014-4364\",\n \"CVE-2014-4369\",\n \"CVE-2014-4371\",\n \"CVE-2014-4372\",\n \"CVE-2014-4373\",\n \"CVE-2014-4375\",\n \"CVE-2014-4377\",\n \"CVE-2014-4378\",\n \"CVE-2014-4379\",\n \"CVE-2014-4380\",\n \"CVE-2014-4381\",\n \"CVE-2014-4383\",\n \"CVE-2014-4388\",\n \"CVE-2014-4389\",\n \"CVE-2014-4404\",\n \"CVE-2014-4405\",\n \"CVE-2014-4407\",\n \"CVE-2014-4408\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\",\n \"CVE-2014-4418\",\n \"CVE-2014-4419\",\n \"CVE-2014-4420\",\n \"CVE-2014-4421\",\n \"CVE-2014-4422\"\n );\n script_bugtraq_id(\n 62531,\n 65930,\n 69223,\n 69881,\n 69882,\n 69903,\n 69911,\n 69912,\n 69913,\n 69915,\n 69919,\n 69921,\n 69923,\n 69924,\n 69927,\n 69928,\n 69929,\n 69930,\n 69931,\n 69934,\n 69938,\n 69939,\n 69941,\n 69942,\n 69944,\n 69946,\n 69947,\n 69948,\n 69950,\n 69966,\n 69970,\n 69973\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-09-17-2\");\n\n script_name(english:\"Apple TV < 7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version in the banner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV device is a version prior\nto 7. It is, therefore, affected by multiple vulnerabilities, the most\nserious of which can result in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533468/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV 7 or later. Note that this update is only\navailable for 3rd generation and later models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4418\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X IOKit Keyboard Driver Root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nget_kb_item_or_exit(\"www/appletv\");\n\nport = 3689;\nbanner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\nif (\n \"DAAP-Server: iTunes/\" >!< banner &&\n \"RIPT-Server: iTunesLib/\" >!< banner\n) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\npat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \\((Mac )?OS X\\)\";\nmatches = egrep(pattern:pat, string:banner);\n\nif (\n \"DAAP-Server: iTunes/\" >< banner &&\n !matches\n) audit(AUDIT_WRONG_WEB_SERVER, port, \"iTunes on an Apple TV\");\n\nfixed_major = \"11.1\";\nfixed_char = \"b\";\nfixed_minor = \"37\";\nfixed_airtunes_version = \"210.98\";\n\nreport = \"\";\n\n# Check first for 3rd gen and recent 2nd gen models.\nif (matches)\n{\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n major = match[1];\n char = match[2];\n minor = int(match[3]);\n\n if (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||\n (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&\n (\n ord(char) < ord(fixed_char) ||\n (\n ord(char) == ord(fixed_char) &&\n minor < fixed_minor\n )\n )\n )\n )\n {\n report = '\\n Source : ' + line +\n '\\n Installed iTunes version : ' + major + char + minor +\n '\\n Fixed iTunes version : ' + fixed_major + fixed_char + fixed_minor +\n '\\n';\n }\n else if (major == fixed_major && char == fixed_char && minor == fixed_minor)\n {\n airtunes_port = 5000;\n # nb: 'http_server_header()' exits if it can't get the HTTP banner.\n server_header = http_server_header(port:airtunes_port);\n if (isnull(server_header)) audit(AUDIT_WEB_NO_SERVER_HEADER, airtunes_port);\n if (\"AirTunes\" >!< server_header) audit(AUDIT_WRONG_WEB_SERVER, airtunes_port, \"AirTunes\");\n\n match = eregmatch(string:server_header, pattern:\"^AirTunes\\/([0-9][0-9.]+)\");\n if (!match) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"AirTunes\", airtunes_port);\n airtunes_version = match[1];\n\n if (ver_compare(ver:airtunes_version, fix:fixed_airtunes_version, strict:FALSE) < 0)\n {\n report = '\\n Source : ' + server_header +\n '\\n Installed AirTunes version : ' + airtunes_version +\n '\\n Fixed AirTunes version : ' + fixed_airtunes_version +\n '\\n';\n }\n else audit(AUDIT_LISTEN_NOT_VULN, \"AirTunes\", airtunes_port, airtunes_version);\n }\n }\n }\n}\nelse\n{\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\nif (report)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:47:36", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is\nprior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities due to the included version of WebKit. The errors\ncould lead to application crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application", "modified": "2019-11-02T00:00:00", "id": "ITUNES_12_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/78597", "published": "2014-10-21T00:00:00", "title": "Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78597);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2875\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6635\",\n \"CVE-2013-6663\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1323\",\n \"CVE-2014-1324\",\n \"CVE-2014-1325\",\n \"CVE-2014-1326\",\n \"CVE-2014-1327\",\n \"CVE-2014-1329\",\n \"CVE-2014-1330\",\n \"CVE-2014-1331\",\n \"CVE-2014-1333\",\n \"CVE-2014-1334\",\n \"CVE-2014-1335\",\n \"CVE-2014-1336\",\n \"CVE-2014-1337\",\n \"CVE-2014-1338\",\n \"CVE-2014-1339\",\n \"CVE-2014-1340\",\n \"CVE-2014-1341\",\n \"CVE-2014-1342\",\n \"CVE-2014-1343\",\n \"CVE-2014-1344\",\n \"CVE-2014-1362\",\n \"CVE-2014-1363\",\n \"CVE-2014-1364\",\n \"CVE-2014-1365\",\n \"CVE-2014-1366\",\n \"CVE-2014-1367\",\n \"CVE-2014-1368\",\n \"CVE-2014-1382\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1386\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-1390\",\n \"CVE-2014-1713\",\n \"CVE-2014-1731\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 64361,\n 67553,\n 67572\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-6\");\n\n script_name(english:\"Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.0.1. It is, therefore, affected by multiple\nvulnerabilities due to the included version of WebKit. The errors\ncould lead to application crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533723/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.0.1.26\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:47:36", "bulletinFamily": "scanner", "description": "The version of Apple iTunes on the remote host is prior to version\n12.0.1. It is, therefore, affected by multiple vulnerabilities related\nto the included version of WebKit. The errors could lead to\napplication crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application", "modified": "2019-11-02T00:00:00", "id": "ITUNES_12_0_1_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/78598", "published": "2014-10-21T00:00:00", "title": "Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78598);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2013-2871\",\n \"CVE-2013-2875\",\n \"CVE-2013-2909\",\n \"CVE-2013-2926\",\n \"CVE-2013-2927\",\n \"CVE-2013-2928\",\n \"CVE-2013-5195\",\n \"CVE-2013-5196\",\n \"CVE-2013-5197\",\n \"CVE-2013-5198\",\n \"CVE-2013-5199\",\n \"CVE-2013-5225\",\n \"CVE-2013-5228\",\n \"CVE-2013-6625\",\n \"CVE-2013-6635\",\n \"CVE-2013-6663\",\n \"CVE-2014-1268\",\n \"CVE-2014-1269\",\n \"CVE-2014-1270\",\n \"CVE-2014-1289\",\n \"CVE-2014-1290\",\n \"CVE-2014-1291\",\n \"CVE-2014-1292\",\n \"CVE-2014-1293\",\n \"CVE-2014-1294\",\n \"CVE-2014-1298\",\n \"CVE-2014-1299\",\n \"CVE-2014-1300\",\n \"CVE-2014-1301\",\n \"CVE-2014-1302\",\n \"CVE-2014-1303\",\n \"CVE-2014-1304\",\n \"CVE-2014-1305\",\n \"CVE-2014-1307\",\n \"CVE-2014-1308\",\n \"CVE-2014-1309\",\n \"CVE-2014-1310\",\n \"CVE-2014-1311\",\n \"CVE-2014-1312\",\n \"CVE-2014-1313\",\n \"CVE-2014-1323\",\n \"CVE-2014-1324\",\n \"CVE-2014-1325\",\n \"CVE-2014-1326\",\n \"CVE-2014-1327\",\n \"CVE-2014-1329\",\n \"CVE-2014-1330\",\n \"CVE-2014-1331\",\n \"CVE-2014-1333\",\n \"CVE-2014-1334\",\n \"CVE-2014-1335\",\n \"CVE-2014-1336\",\n \"CVE-2014-1337\",\n \"CVE-2014-1338\",\n \"CVE-2014-1339\",\n \"CVE-2014-1340\",\n \"CVE-2014-1341\",\n \"CVE-2014-1342\",\n \"CVE-2014-1343\",\n \"CVE-2014-1344\",\n \"CVE-2014-1362\",\n \"CVE-2014-1363\",\n \"CVE-2014-1364\",\n \"CVE-2014-1365\",\n \"CVE-2014-1366\",\n \"CVE-2014-1367\",\n \"CVE-2014-1368\",\n \"CVE-2014-1382\",\n \"CVE-2014-1384\",\n \"CVE-2014-1385\",\n \"CVE-2014-1386\",\n \"CVE-2014-1387\",\n \"CVE-2014-1388\",\n \"CVE-2014-1389\",\n \"CVE-2014-1390\",\n \"CVE-2014-1713\",\n \"CVE-2014-1731\",\n \"CVE-2014-4410\",\n \"CVE-2014-4411\",\n \"CVE-2014-4412\",\n \"CVE-2014-4413\",\n \"CVE-2014-4414\",\n \"CVE-2014-4415\"\n );\n script_bugtraq_id(\n 64361,\n 67553,\n 67572\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-10-16-6\");\n\n script_name(english:\"Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n12.0.1. It is, therefore, affected by multiple vulnerabilities related\nto the included version of WebKit. The errors could lead to\napplication crashes or arbitrary code execution.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT203115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/533723/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.0.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.0.1.26\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
