CVE-2015-5898

CVE-2015-5898 affects CFNetwork in Apple iOS before 9. The issue: CFNetwork caches data using a key protected only by the hardware UID, enabling physically proximate attackers to access cached information. The root cause is the cache encryption key being derived from the hardware UID alone. Impac...

CVE-2015-5858

Summary: CVE-2015-5858 affects the CFNetwork HTTPProtocol component in Apple iOS and permits a remote attacker to bypass HSTS via a crafted URL, potentially leaking sensitive data. The root cause is a URL parsing issue in HSTS handling within CFNetwork. Impact: data exposure through bypassed HSTS...

Apple Addresses Dozens of Vulnerabilities, Embraces Two-Factor Authentication in iOS 9

Apple pushed out iOS 9 Wednesday, addressing a cornucopia of vulnerabilities, including bugs that could lead to arbitrary code execution, credential leakage, and interface spoofing among other issues. But conspicuously absent from the update however is a fix for the vulnerability in AirDrop that...

Apple iOS < 8.3 Multiple Vulnerabilities

Binary data 8803.prm...

APPLE-SA-2015-06-30-1 iOS 8.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-1 iOS 8.4 iOS 8.4 is now available and addresses the following: Application Store Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A malicious universal provisioning profile app ma...

Memory corruption

The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted credentials in a URL...

CVE-2015-3684

Technical details about CVE-2015-3684 are not provided in the connected documents. The initial description notes memory corruption via crafted credentials in CFNetwork’s HTTPAuthentication, but no specific affected products, versions, exploitability, or fixes are given here. Monitor for updates.

Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth -...

Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl -...

APPLE-SA-2015-04-08-3 iOS 8.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-3 iOS 8.3 iOS 8.3 is now available and addresses the following: AppleKeyStore Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A malicious application may be able to guess the user's...

CVE-2015-1091

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-1090

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security HSTS state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file...

CVE-2015-1089

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Design/Logic Flaw

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security HSTS state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file...

Design/Logic Flaw

CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Design/Logic Flaw

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-1089

CVE-2015-1089 affects CFNetwork in Apple iOS prior to 8.3 and OS X prior to 10.10.3. The issue arises from improper handling of cookies during redirects in HTTP responses, allowing a remote attacker to bypass the Same Origin Policy via a crafted site. Affected components/files: CFNetwork (and rel...

CVE-2015-1090

CVE-2015-1090 affects CFNetwork in Apple iOS before 8.3. The vulnerability occurs because HTTP Strict Transport Security (HSTS) state is not deleted when Safari history is cleared, enabling an attacker to read sensitive information from the history file. The issue is addressed in iOS 8.3; upgrade...

CVE-2015-1091

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

CVE-2015-1090

CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security HSTS state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file...