Apple iOS CFNetwork敏感信息泄露漏洞

CVE ID：CVE-2011-3246 Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 CFNetwork处理恶意特制URL存在问题，当访问特制的HTTP或HTTPS URL时，CFNetwork会导航到不正确的服务器上。 Apple iOS 5.x for iPhone 3GS and later Apple iOS for iPod touch 5.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： http://support.apple.com/kb/HT5052...

Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller's Expulsion

Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program. As reported by...

Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)

This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2011-006. OpenVAS Vulnerability Test $Id: gbmacosxsu11-006.nasl 7029 2017-08-31 11:51:40Z teissa $ Mac OS X v10.6.8 Multiple Vulnerabilities 2011-006 Authors: Rachana Shetty Copyright:...

APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006 OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following: Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and...

APPLE-SA-2011-10-12-1 iOS 5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-1 iOS 5 Software Update iOS 5 Software Update is now available and addresses the following: CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch 3rd generation and later, iOS...

CVE-2011-3246

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted 1 http or 2 https URL...

CVE-2011-3255

CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application...

CVE-2011-0231

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."...

Code injection

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted 1 http or 2 https URL...

Design/Logic Flaw

CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application...

CVE-2011-3246

CVE-2011-3246 affects CFNetwork in Apple iOS (pre-5.0.1) and Mac OS X (pre-10.7.2). The flaw is improper URL parsing, enabling a crafted (http/https) URL to trigger visits to unintended origins and leak cookies. Connected sources confirm the vulnerability is tied to CFNetwork URL handling and is ...

CVE-2011-3255

CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application...

CVE-2011-0231

CVE-2011-0231 affects CFNetwork in Apple Mac OS X before 10.7.2, where cookie-storage policy handling could allow remote web servers to track users via cookies (synchronization issue). The vulnerability is addressed in OS X Lion v10.7.2 via Security Update 2011-006 and accompanying OS X Lion upda...

CVE-2011-3255

The CVE-2011-3255 issue affects CFNetwork in iOS before 5. It arises because AppleID credentials can be stored in a local file, making sensitive information accessible to remote attackers who craft apps that access the file. The core impact is credential exposure and potential leakage of AppleID ...

CVE-2011-3246

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted 1 http or 2 https URL...

CVE-2011-0231

CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."...

Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)

This host is missing an important security update according to Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007 OpenVAS Vulnerability Test $Id: gbmacosxsu10-007.nasl 7052 2017-09-04 11:50:51Z teissa $ Mac OS X v10.6.4 Multiple Vulnerabilities 2010-007 Authors: Madhuri D Copyright: Copyrig...

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue...

CVE-2010-1420

Cross-site scripting XSS vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file...

CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority...