Lista de parches de seguridad iOS 9.3.2, urgente actualizar

maxim

@maxim_apps
Si tenéis un dispositivo iOS es muy importante actualizar urgentemente a IOS 9.3.2, estás con el culo vendido. Estos son todos los parches que tapa la última actualización.


Accessibility


Impact: An application may be able to determine kernel memory layout
Description: A buffer overflow was addressed through improved size validation.


CVE-2016-1790 : Rapelly Akhil


CFNetwork Proxies


Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An information leak existed in the handling of HTTP and HTTPS requests. This issue was addressed through improved URL handling.
CVE-ID
CVE-2016-1801 : Alex Chapman and Paul Stone of Context Information Security


CommonCrypto

Impact: A malicious application may be able to leak sensitive user information
Description: An issue existed in the handling of return values in CCCrypt. This issue was addressed through improved key length management.

CVE-2016-1802 : Klaus Rodewig


CoreCapture

Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.


CVE-2016-1803 : Ian Beer of Google Project Zero, daybreaker working with Trend Micro’s Zero Day Initiative


Disk Images


Impact: A local attacker may be able to read kernel memory
Description: A race condition was addressed through improved locking.


CVE-2016-1807 : Ian Beer of Google Project Zero

Disk Images


Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.

CVE-2016-1808 : Moony Li (Flyic) and Jack Tang (jacktang310) of Trend Micro


ImageIO

Impact: Processing a maliciously crafted image may lead to a denial of service
Description: A null pointer dereference was addressed through improved validation.


CVE-2016-1811 : Lander Brandt (landaire)


IOAcceleratorFamily


Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.


CVE-2016-1817 : Moony Li (Flyic) and Jack Tang (jacktang310) of Trend Micro working with Trend Micro's Zero Day Initiative
CVE-2016-1818 : Juwei Lin of TrendMicro
CVE-2016-1819 : Ian Beer of Google Project Zero


IOAcceleratorFamily

Impact: An application may be able to cause a denial of service
Description: A null pointer dereference was addressed through improved locking.


CVE-2016-1814 : Juwei Lin of TrendMicro


IOAcceleratorFamily

Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference was addressed through improved validation.


CVE-2016-1813 : Ian Beer of Google Project Zero

IOHIDFamily


Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed through improved memory handling.


CVE-2016-1823 : Ian Beer of Google Project Zero
CVE-2016-1824 : Marco Grassi (marcograss) of KeenLab (keen_lab), Tencent

Kernel


Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues were addressed through improved memory handling.


CVE-2016-1827 : Brandon Azad
CVE-2016-1829 : CESG
CVE-2016-1830 : Brandon Azad


libc


Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed through improved input validation.


CVE-2016-1832 : Karl Williamson


libxml2


Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.


CVE-2016-1833 : Mateusz Jurczyk
CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2016-1838 : Mateusz Jurczyk
CVE-2016-1840 : Kostya Serebryany


libxslt


Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-1841 : Sebastian Apelt


MapKit


Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: Shared links were sent with HTTP rather than HTTPS. This was addressed by enabling HTTPS for shared links.

CVE-2016-1842 : Richard Shupak


OpenGL

Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1847 : Tongbo Luo and Bo Qu of Palo Alto Networks

Safari


Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the history. The issue was addressed through improved data deletion.

CVE-2016-1849 : Adham Ghrayeb


Siri

Impact: A person with physical access to an iOS device may be able to use Siri to access contacts and photos from the the lock screen
Description: A state management issue existed when accessing Siri results on the lock screen. This issue was addressed by disabling data detectors in Twitter results when the device is locked.


CVE-2016-1852 : videosdebarraquito

WebKit

Impact: Visiting a malicious website may disclose data from another website
Description: An insufficient taint tracking issue in the parsing of svg images was addressed through improved taint tracking.

CVE-2016-1858 : an anonymous researcher

WebKit

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1854 : Anonymous working with Trend Micro's Zero Day Initiative
CVE-2016-1855 : Tongbo Luo and Bo Qu of Palo Alto Networks
CVE-2016-1856 : lokihardt working with Trend Micro's Zero Day Initiative
CVE-2016-1857 : Jeonghoon ShinA.D.D and Liang Chen, Zhen Feng, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative


WebKit Canvas

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed through improved memory handling.


CVE-2016-1859 : Liang Chen, wushi of KeenLab, Tencent working with Trend Micro's Zero Day Initiative
 
Arriba