Accessibility Options |  Sitemap |  Contact Us
   
 
 
 
HOME space ABOUTCERTIn space KNOWLEDGEBASE space TRAINING space ADVISORIES space VULNOTES space space Facebook space x space insta space youtube space Linkedin
WLine
DigitalIndia
WLine
csk
WLine
Full Member FIRST
Line
Operational Member TFCSIRT
Line
Accredited Member APCERT
Line
Global Research Partner APWG
Line
Associate Partner Charter
Line
CNA
WLine
 Directions by CERT-In under  Section 70B, Information  Technology Act 2000
WLine
 Guidelines on Information  Security Practices for  Government Entities
WLine
 Technical Guidelines on NEW  SOFTWARE BILL OF MATERIALS  (SBOM)
WLine
 Cyber Security GuidelinesNEW  for Smart City Infrastructure
About CERT-in
Line
point point Client's /Citizen's Charter
Line
point point Roles & Functions
Line
point point Advisory Committee
Line
point point Act/Rules/Regulations
Line
point point Internal Complaint Committee         (ICC) 
Line
point point RFC2350 
line
point point Press  
Line
point point Tender 
Line
point point Subscribe Mailing List
Line
point point Contact Us
Line
Line
Reporting
point
 Incident Reporting
point
Line
point
 Vulnerability Reporting
point
Line
point
 Feedback
point
Line
KnowledgeBase
Line
point Point Guidelines
Line
point Point Presentations
Line
point Point White Papers 
Line
point Point Annual Report 
Line
Line
Line
line
Line
line
line
Advisories
Line
VulnerabilityNotes
Line
RelatedLinks
Line
point Point World CERTs
Line
point point Antivirus Resources
line
point point FAQ
line
line
Line
Line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
spacer
Home - AdvisoriesPrint
point

CERT-In Advisory CIAD-2015-0059

Multiple Vulnerabilities in Apple iOS

Original Issue Date: October 27, 2015

Severity Rating: High

Software Affected

  • Apple iOS versions prior to 9.1

Overview

Multiple vulnerabilities have been reported in Apple iOS which could allow a remote attacker to overwrite arbitrary files, cause denial of service conditions, make revoked certificates to appear valid, disclose sensitive information, bypass security restrictions or execute arbitrary code with elevated privileges to gain complete control of the affected system.

Description

These vulnerabilities exist due to multiple memory corruptions issues in Accelerate Framework CoreGraphics,  IOAcceleratorFamily, IOHIDFamily, OpenGL, CoreText and  FontParser Components,  improper parsing of disk images, improper memory handling by GasGauge component, improper handling of CPIO archives metadata, inappropriate parsing of cookies with different letter casing, buffer overflow errors in DNS client library and ImageIO component, improper input validation and memory initialization by kernel, inadequate authorization checks by telephony component and improper certificate revocations by affected software.

Successful exploitation of these vulnerabilities could allow an attacker to overwrite cookies and arbitrary files, cause denial of service conditions, make revoked certificates to appear valid, bypass security restrictions, disclose sensitive information or execute arbitrary code with elevated privileges to gain complete control of the affected system.

Solution

Apply appropriate updates as mentioned in Apple Security Updates.  

Vendor Information

Apple
https://support.apple.com/en-in/HT205370

References

Apple
https://support.apple.com/en-in/HT205370

Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=41649

SecurityTracker
http://www.securitytracker.com/id/1033932

PacketStorm
https://packetstormsecurity.com/files/cve/CVE-2015-5924
https://packetstormsecurity.com/files/cve/CVE-2015-5925
https://packetstormsecurity.com/files/cve/CVE-2015-5926
https://packetstormsecurity.com/files/cve/CVE-2015-5927
https://packetstormsecurity.com/files/cve/CVE-2015-5928
https://packetstormsecurity.com/files/cve/CVE-2015-5929
https://packetstormsecurity.com/files/cve/CVE-2015-5930
https://packetstormsecurity.com/files/cve/CVE-2015-5935
https://packetstormsecurity.com/files/cve/CVE-2015-5936
https://packetstormsecurity.com/files/cve/CVE-2015-5937
https://packetstormsecurity.com/files/cve/CVE-2015-5939
https://packetstormsecurity.com/files/cve/CVE-2015-5940
https://packetstormsecurity.com/files/cve/CVE-2015-5942
https://packetstormsecurity.com/files/cve/CVE-2015-6974
https://packetstormsecurity.com/files/cve/CVE-2015-6975
https://packetstormsecurity.com/files/cve/CVE-2015-6977
https://packetstormsecurity.com/files/cve/CVE-2015-6976
https://packetstormsecurity.com/files/cve/CVE-2015-6978
https://packetstormsecurity.com/files/cve/CVE-2015-6979
https://packetstormsecurity.com/files/cve/CVE-2015-6981
https://packetstormsecurity.com/files/cve/CVE-2015-6982
https://packetstormsecurity.com/files/cve/CVE-2015-6983
https://packetstormsecurity.com/files/cve/CVE-2015-6986
https://packetstormsecurity.com/files/cve/CVE-2015-6988
https://packetstormsecurity.com/files/cve/CVE-2015-6989
https://packetstormsecurity.com/files/cve/CVE-2015-6990
https://packetstormsecurity.com/files/cve/CVE-2015-6991
https://packetstormsecurity.com/files/cve/CVE-2015-6992
https://packetstormsecurity.com/files/cve/CVE-2015-7006
https://packetstormsecurity.com/files/cve/CVE-2015-7015
https://packetstormsecurity.com/files/cve/CVE-2015-7014
https://packetstormsecurity.com/files/cve/CVE-2015-7012

CVE Name
CVE-2015-5924
CVE-2015-5925
CVE-2015-5926
CVE-2015-5927
CVE-2015-5928
CVE-2015-5929
CVE-2015-5930
CVE-2015-5935
CVE-2015-5936
CVE-2015-5937
CVE-2015-5939
CVE-2015-5940
CVE-2015-5942
CVE-2015-6974
CVE-2015-6975
CVE-2015-6976
CVE-2015-6977
CVE-2015-6978
CVE-2015-6979
CVE-2015-6981
CVE-2015-6983
CVE-2015-6986
CVE-2015-6988
CVE-2015-6989
CVE-2015-6990
CVE-2015-6991
CVE-2015-6992
CVE-2015-6994
CVE-2015-6995
CVE-2015-6996
CVE-2015-6997
CVE-2015-7000
CVE-2015-7002
CVE-2015-7004
CVE-2015-7005
CVE-2015-7006
CVE-2015-7008
CVE-2015-7009
CVE-2015-7010
CVE-2015-7012
CVE-2015-7014
CVE-2015-7015
CVE-2015-7017
CVE-2015-7018
CVE-2015-7022
CVE-2015-7023

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

 
Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.
Website Policies |  Terms of Use |  Help Last Updated On May 01, 2025