Multiple Vulnerabilities in Apple iOS
Original Issue Date: September 25, 2014
Severity Rating: High
- Apple iOS versions prior to 8
Multiple vulnerabilities have been reported in Apple iOS which could allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions or cause Denial of Service (DoS) conditions.
These vulnerabilities occur due to an error in LEAP authentication, a logic issue while handling events in AssistiveTouch, race condition and path traversal issue in App installation, improper bounds checking in CoreGraphics and IOHIDFamily, improper handling of XML in NSXMLParser, null pointer dereference issue in IOAcceleratorFamily, insufficient validation in IOKit, improper restrictions in auto filling of passwords in forms in Safari and various memory corruption and race condition issues.
Successful exploitation of these vulnerabilities could allow a remote attacker to gain access to sensitive information, bypass security restrictions or cause Denial of Service (DoS) conditions.
A local attacker could also exploit these vulnerabilities to bypass security restrictions and gain access to a targeted device. The attacker could use this access to run un-trusted third-party applications to gain access to sensitive information or to execute arbitrary code with elevated privileges on an affected device.
Upgrade to Apple iOS 8
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003