RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
BID:69882
Info
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
| Bugtraq ID: | 69882 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 17 2014 12:00AM |
| Updated: | Sep 23 2014 12:01AM |
| Credit: | Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte, Adam Weaver, Hendrik Bettermann, Heli Myllykoski, Jonathan Zdziarski, evad3rs, Raul Siles of DinoSec, Maneet Singh, Sean Bluestein, Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partne |
| Vulnerable: |
Apple TV 2.2 Apple TV 2.1 Apple TV 2.0 Apple TV 1.1 Apple TV 1.0 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 Apple Apple TV 5.0 Apple Apple TV 4.4 Apple Apple TV 4.3 Apple Apple TV 4.2 Apple Apple TV 4.1 Apple Apple TV 4.0 Apple Apple TV 2.1 Apple Apple TV 1.0 |
| Not Vulnerable: | |
Discussion
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
Apple iOS and TV are prone to multiple security vulnerabilities. These issues affect the following components:
802.1X, Accounts, Accessibility, Accounts Framework, Address Book, App Installation, Assets, Bluetooth, CoreGraphics, Foundation, Home & Lock Screen, iMessage, IOAcceleratorFamily, IOAcceleratorFamily, IOHIDFamily, IOHIDFamily, IOKit, Kernel, Libnotify, Mail, Profiles, Safari, Sandbox Profiles, syslog and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
This BID is being retired. The following individual records exist to better document the issues:
69913 Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability
69917 Apple iOS CVE-2014-4423 Information Disclosure Vulnerability
69926 Apple iOS Lock Screen CVE-2014-4368 Security Bypass Vulnerability
69930 Apple iOS and TV CVE-2014-4357 Local Information Disclosure Security Vulnerability
69932 Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability
69936 Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability
69940 Apple iOS CVE-2014-4384 Local Privilege Escalation Vulnerability
69941 Apple iOS and TV CVE-2014-4383 Security Bypass Vulnerability
69943 Apple iOS CVE-2014-4354 Unspecified Security Vulnerability
69903 Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
69915 Apple TV/Mac OS X/iOS CVE-2014-4378 Out of Bounds Read Memory Corruption Vulnerability
69905 Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability
69921 Apple TV/Mac OS X/iOS CVE-2014-4379 Out of Bounds Read Memory Corruption Vulnerability
69929 Apple TV and iOS CVE-2014-4369 NULL Pointer Dereference Denial of Service Vulnerability
69934 Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability
69938 Apple TV and iOS CVE-2014-4405 NULL Pointer Dereference Remote Code Execution Vulnerability
69942 Apple TV and iOS CVE-2014-4380 Out of Bounds Read Write Remote Code Execution Vulnerability
69947 Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability
69949 Apple iOS CVE-2014-4361 Security Bypass Vulnerability
69951 Apple iOS CVE-2014-4353 Race Condition Local Information Disclosure Vulnerability
69912 Apple iOS and TV CVE-2014-4407 Information Disclosure Security Vulnerability
69919 Apple iOS and TV CVE-2014-4371 Unspecified Security Vulnerability
69924 Apple iOS and TV CVE-2014-4421 Unspecified Security Vulnerability
69927 Apple iOS and TV CVE-2014-4420 Unspecified Security Vulnerability
69928 Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability
69939 Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability
69944 Apple iOS and TV CVE-2014-4375 Local Memory Corruption Vulnerability
69946 Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
69948 Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability
69950 Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability
69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability
69911 Apple iOS and TV CVE-2014-4422 Security Bypass Vulnerability
69931 Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability
69914 Apple iOS CVE-2014-4366 Information Disclosure Vulnerability
69945 Apple iOS CVE-2014-4367 Security Vulnerability
69920 Apple iOS CVE-2014-4362 Information Disclosure Vulnerability
69922 Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability
69923 Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability
Apple iOS and TV are prone to multiple security vulnerabilities. These issues affect the following components:
802.1X, Accounts, Accessibility, Accounts Framework, Address Book, App Installation, Assets, Bluetooth, CoreGraphics, Foundation, Home & Lock Screen, iMessage, IOAcceleratorFamily, IOAcceleratorFamily, IOHIDFamily, IOHIDFamily, IOKit, Kernel, Libnotify, Mail, Profiles, Safari, Sandbox Profiles, syslog and WebKit components.
Successfully exploiting these issues may allow attackers to crash the affected device, bypass security restrictions, obtain sensitive information, or execute arbitrary code. Other attacks are also possible.
This BID is being retired. The following individual records exist to better document the issues:
69913 Apple iOS and TV CVE-2014-4364 Spoofing Vulnerability
69917 Apple iOS CVE-2014-4423 Information Disclosure Vulnerability
69926 Apple iOS Lock Screen CVE-2014-4368 Security Bypass Vulnerability
69930 Apple iOS and TV CVE-2014-4357 Local Information Disclosure Security Vulnerability
69932 Apple iOS CVE-2014-4352 Local Information Disclosure Security Vulnerability
69936 Apple iOS CVE-2014-4386 Local Privilege Escalation Vulnerability
69940 Apple iOS CVE-2014-4384 Local Privilege Escalation Vulnerability
69941 Apple iOS and TV CVE-2014-4383 Security Bypass Vulnerability
69943 Apple iOS CVE-2014-4354 Unspecified Security Vulnerability
69903 Multiple Apple Products CVE-2014-4377 PDF Handling Integer Overflow Vulnerability
69915 Apple TV/Mac OS X/iOS CVE-2014-4378 Out of Bounds Read Memory Corruption Vulnerability
69905 Apple Mac OS X and iOS CVE-2014-4374 XML External Entity Information Disclosure Vulnerability
69921 Apple TV/Mac OS X/iOS CVE-2014-4379 Out of Bounds Read Memory Corruption Vulnerability
69929 Apple TV and iOS CVE-2014-4369 NULL Pointer Dereference Denial of Service Vulnerability
69934 Apple TV and iOS CVE-2014-4373 NULL Pointer Dereference Denial of Service Vulnerability
69938 Apple TV and iOS CVE-2014-4405 NULL Pointer Dereference Remote Code Execution Vulnerability
69942 Apple TV and iOS CVE-2014-4380 Out of Bounds Read Write Remote Code Execution Vulnerability
69947 Apple TV and iOS CVE-2014-4404 Heap Based Buffer Overflow Vulnerability
69949 Apple iOS CVE-2014-4361 Security Bypass Vulnerability
69951 Apple iOS CVE-2014-4353 Race Condition Local Information Disclosure Vulnerability
69912 Apple iOS and TV CVE-2014-4407 Information Disclosure Security Vulnerability
69919 Apple iOS and TV CVE-2014-4371 Unspecified Security Vulnerability
69924 Apple iOS and TV CVE-2014-4421 Unspecified Security Vulnerability
69927 Apple iOS and TV CVE-2014-4420 Unspecified Security Vulnerability
69928 Apple iOS and TV CVE-2014-4419 Unspecified Security Vulnerability
69939 Apple iOS and TV CVE-2014-4408 Out of Bounds Read Local Memory Corruption Vulnerability
69944 Apple iOS and TV CVE-2014-4375 Local Memory Corruption Vulnerability
69946 Apple iOS and TV CVE-2014-4418 Remote Code Execution Vulnerability
69948 Apple TV/Mac OS X/iOS CVE-2014-4388 Remote Code Execution Vulnerability
69950 Apple TV/Mac OS X/iOS CVE-2014-4389 Integer Buffer Overflow Vulnerability
69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability
69911 Apple iOS and TV CVE-2014-4422 Security Bypass Vulnerability
69931 Apple TV/Mac OS X/iOS CVE-2014-4381 Arbitrary Code Execution Vulnerability
69914 Apple iOS CVE-2014-4366 Information Disclosure Vulnerability
69945 Apple iOS CVE-2014-4367 Security Vulnerability
69920 Apple iOS CVE-2014-4362 Information Disclosure Vulnerability
69922 Apple iOS CVE-2014-4356 Local Information Disclosure Vulnerability
69923 Apple iOS and TV CVE-2014-4372 Local Security Bypass Vulnerability
69937 WebKit Private Browsing CVE-2014-4409 Security Bypass Vulnerability
Exploit / POC
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
Some of these issues may not require specific exploit code and may be trivial to exploit.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Some of these issues may not require specific exploit code and may be trivial to exploit.
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
RETIRED: Apple iOS Prior to iOS 8 and TV Prior to TV 7 Multiple Vulnerabilities
References:
References:
- iOS Homepage (Apple)
- iPad Homepage (Apple)
- iPhone Product Page (Apple)
- iPod touch Product Page (Apple)