|
  1. Home
  2. Security Alerts
  3. Security Alert (A15-07-01)

 

Security Alert (A15-07-01): Multiple Vulnerabilities in Apple iOS


 

Published on: 02 July 2015

  
  

Description:

Apple has released software update fixing 33 vulnerabilities in iOS versions prior to iOS 8.4. These vulnerabilities are caused by problems in various iOS components. There are multiple attack vectors, a remote attacker could intercept SSL/TLS connections and perform man-in-the-middle (MITM) attacks (also known as Logjam attack). The attacker could also entice a user to open a specially crafted font file, PDF file, TIFF file, SMS or web page to exploit the vulnerabilities.


Affected Systems:

  • iPhone 4s and later
  • iPod touch (5th generation) and later
  • iPad 2 and later

Impact:

Depending on the vulnerability exploited, a successful attack could lead to cross site scripting, information disclosure or remote arbitrary code execution.


Recommendation:

The product vendor has released iOS 8.4 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.


More Information:

https://support.apple.com/zh-hk/HT204941
https://support.apple.com/kb/DL1818
https://www.hkcert.org/my_url/en/alert/15070201
https://www.us-cert.gov/ncas/current-activity/2015/06/30/Apple-Releases-Security-Updates-QuickTime-Safari-Mac-EFI-OS-X
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 (to CVE-2014-8130)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152 (to CVE-2015-1153)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155 (to CVE-2015-1157)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658 (to CVE-2015-3659)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3684 (to CVE-2015-3690)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3721 (to CVE-2015-3728)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
 

 

Tag: Apple, iOS, iPad, iPhone, iPod
Tags
Back to Advisories