==================================================================== CERT-Renater Note d'Information No. 2017/VULN155 _____________________________________________________________________ DATE : 18/05/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): iOS versions prior to 10.3.2. ===================================================================== https://support.apple.com/fr-fr/HT207798 ____________________________________________________________________ APPLE-SA-2017-05-15-2 iOS 10.3.2 iOS 10.3.2 is now available and addresses the following: AVEVideoEncoder Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CoreAudio Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team iBooks Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted book may open arbitrary websites without user permission Description: A URL handling issue was addressed through improved state management. CVE-2017-2497: Jun Kokatsu (@shhnjk) iBooks Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with root privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2017-6981: evi1m0 of YSRC (sec.ly.com) IOSurface Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6979: Adam Donenfeld of Zimperium zLabs Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2501: Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack Notifications Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved memory handling. CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers Safari Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Visiting a maliciously crafted webpage may lead to an application denial of service Description: An issue in Safari's history menu was addressed through improved memory handling. CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc. Security Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Update to the certificate trust policy Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance. CVE-2017-2498: Andrew Jerman SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz SQLite Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative TextInput Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2496: Apple CVE-2017-2505: lokihardt of Google Project Zero CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative CVE-2017-2514: lokihardt of Google Project Zero CVE-2017-2515: lokihardt of Google Project Zero CVE-2017-2521: lokihardt of Google Project Zero CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab ( tencent.com) working with Trend Micro’s Zero Day Initiative CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative CVE-2017-2530: Wei Yuan of Baidu Security Lab CVE-2017-2531: lokihardt of Google Project Zero CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative CVE-2017-6980: lokihardt of Google Project Zero CVE-2017-6984: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management. CVE-2017-2504: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management. CVE-2017-2508: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management. CVE-2017-2510: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management. CVE-2017-2528: lokihardt of Google Project Zero WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues with addressed through improved memory handling. CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative WebKit Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management. CVE-2017-2549: lokihardt of Google Project Zero WebKit Web Inspector Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: An application may be able to execute unsigned code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2499: George Dan (@theninjaprawn) Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "10.3.2". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================