Apple iOS Multiple Vulnerabilities Altamente critica
Where:From remote
Impact:Unknown, Security Bypass, Spoofing, Exposure of sensitive information, System access
Solution Status:Vendor Patch
Description
Two security issues and multiple vulnerabilities have been reported in Apple iOS, where one has an unknown impact and others can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to conduct spoofing attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a vulnerable device.
1) A boundary error within the CoreGraphics component when handling XBM files can be exploited to cause a stack-based buffer overflow via a specially crafted XBM file.
2) The device does not perform proper checks during device activation, which can be exploited to bypass Activation Lock.
3) A state management error within the Lock Screen component when handling the telephony state while in Airplane Mode can be exploited to gain access to the application that was in the foreground prior to locking.
4) A use-after-free error within the Safari component when handling URLs can be exploited to cause memory corruption.
5) An error can be exploited to disclose memory.
6) The application bundles a vulnerable version of WebKit.
7) An error can be exploited to bypass the origin check.
8) An error can be exploited to spoof the domain name of a web site in the address bar.
The security issues and vulnerabilities are reported in versions prior to 7.1.2.
Solution:
Update to version 7.1.2.