• [转]About the security content of iOS 8


    Source:http://support.apple.com/kb/HT6441

    For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

    For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

    Where possible, CVE IDs are used to reference the vulnerabilities for further information.

    To learn about other Security Updates, see Apple Security Updates.

    iOS 8

    • 802.1X

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: An attacker can obtain WiFi credentials

      Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default.

      CVE-ID

      CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt

    • Accounts

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to identify the Apple ID of the user

      Description: An issue existed in the access control logic for accounts. A sandboxed application could get information about the currently-active iCloud account, including the name of the account. This issue was addressed by restricting access to certain account types from unauthorized applications.

      CVE-ID

      CVE-2014-4423 : Adam Weaver

    • Accessibility

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: The device may not lock the screen when using AssistiveTouch

      Description: A logic issue existed in AssistiveTouch's handling of events, which resulted in the screen not locking. This issue was addressed through improved handling of the lock timer.

      CVE-ID

      CVE-2014-4368 : Hendrik Bettermann

    • Accounts Framework

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: An attacker with access to an iOS device may access sensitive user information from logs

      Description: Sensitive user information was logged. This issue was addressed by logging less information.

      CVE-ID

      CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group

    • Address Book

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A person with physical access to an iOS device may read the address book

      Description: The address book was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the address book with a key protected by the hardware UID and the user's passcode.

      CVE-ID

      CVE-2014-4352 : Jonathan Zdziarski

    • App Installation

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A local attacker may be able to escalate privileges and install unverified applications

      Description: A race condition existed in App Installation. An attacker with the capability of writing to /tmp may have been able to install an unverified app. This issue was addressed by staging files for installation in another directory.

      CVE-ID

      CVE-2014-4386 : evad3rs

    • App Installation

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A local attacker may be able to escalate privileges and install unverified applications

      Description: A path traversal issue existed in App Installation. A local attacker could have retargeted code signature validation to a bundle different from the one being installed and cause installation of an unverified app. This issue was addressed by detecting and preventing path traversal when determining which code signature to verify.

      CVE-ID

      CVE-2014-4384 : evad3rs

    • Assets

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: An attacker with a privileged network position may be able to cause an iOS device to think that it is up to date even when it is not

      Description: A validation issue existed in the handling of update check responses. Spoofed dates from Last-Modified response headers set to future dates were used for If-Modified-Since checks in subsequent update requests. This issue was addressed by validation of the Last-Modified header.

      CVE-ID

      CVE-2014-4383 : Raul Siles of DinoSec

    • Bluetooth

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Bluetooth is unexpectedly enabled by default after upgrading iOS

      Description: Bluetooth was enabled automatically after upgrading iOS. This was addressed by only turning on Bluetooth for major or minor version updates.

      CVE-ID

      CVE-2014-4354 : Maneet Singh, Sean Bluestein

    • Certificate Trust Policy

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Update to the certificate trust policy

      Description: The certificate trust policy was updated. The complete list of certificates may be viewed athttp://support.apple.com/kb/HT5012.

    • CoreGraphics

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

      Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

    • CoreGraphics

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure

      Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program

    • Data Detectors

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime audio call without prompting

      Description: Mail did not consult the user before launching facetime-audio:// URLs. This issue was addressed with the addition of a confirmation prompt.

      CVE-ID

      CVE-2013-6835 : Guillaume Ross

    • Foundation

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: An application using NSXMLParser may be misused to disclose information

      Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins.

      CVE-ID

      CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)

    • Home & Lock Screen

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A background app can determine which app is frontmost

      Description: The private API for determining the frontmost app did not have sufficient access control. This issue was addressed through additional access control.

      CVE-ID

      CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus Troßbach of Heilbronn University

    • iMessage

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Attachments may persist after the parent iMessage or MMS is deleted

      Description: A race condition existed in how attachments were deleted. This issue was addressed by conducting additional checks on whether an attachment has been deleted.

      CVE-ID

      CVE-2014-4353 : Silviu Schiau

    • IOAcceleratorFamily

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: An application may cause an unexpected system termination

      Description: A null pointer dereference existed in the handling of IOAcceleratorFamily API arguments. This issue was addressed through improved validation of IOAcceleratorFamily API arguments.

      CVE-ID

      CVE-2014-4369 : Catherine aka winocm and Cererdlong of Alibaba Mobile Security Team

    • IOAcceleratorFamily

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: The device may unexpectedly restart

      Description: A NULL pointer dereference was present in the IntelAccelerator driver. The issue was addressed by improved error handling.

      CVE-ID

      CVE-2014-4373 : cunzhang from Adlab of Venustech

    • IOHIDFamily

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to read kernel pointers, which can be used to bypass kernel address space layout randomization

      Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4379 : Ian Beer of Google Project Zero

    • IOHIDFamily

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with system privileges

      Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4404 : Ian Beer of Google Project Zero

    • IOHIDFamily

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with system privileges

      Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties.

      CVE-ID

      CVE-2014-4405 : Ian Beer of Google Project Zero

    • IOHIDFamily

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with kernel privileges

      Description: An out-of-bounds write issue existed in the IOHIDFamily kernel extension. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4380 : cunzhang from Adlab of Venustech

    • IOKit

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to read uninitialized data from kernel memory

      Description: An uninitialized memory access issue existed in the handling of IOKit functions. This issue was addressed through improved memory initialization

      CVE-ID

      CVE-2014-4407 : @PanguTeam

    • IOKit

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with system privileges

      Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.

      CVE-ID

      CVE-2014-4418 : Ian Beer of Google Project Zero

    • IOKit

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with system privileges

      Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.

      CVE-ID

      CVE-2014-4388 : @PanguTeam

    • IOKit

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with system privileges

      Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.

      CVE-ID

      CVE-2014-4389 : Ian Beer of Google Project Zero

    • Kernel

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A local user may be able to determine kernel memory layout

      Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.

      CVE-ID

      CVE-2014-4371 : Fermin J. Serna of the Google Security Team

      CVE-2014-4419 : Fermin J. Serna of the Google Security Team

      CVE-2014-4420 : Fermin J. Serna of the Google Security Team

      CVE-2014-4421 : Fermin J. Serna of the Google Security Team

    • Kernel

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A person with a privileged network position may cause a denial of service

      Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking.

      CVE-ID

      CVE-2011-2391 : Marc Heuse

    • Kernel

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel

      Description: A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports.

      CVE-ID

      CVE-2014-4375 : an anonymous researcher

    • Kernel

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel

      Description: An out-of-bounds read issue existed in rt_setgate. This may lead to memory disclosure or memory corruption. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4408

    • Kernel

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Some kernel hardening measures may be bypassed

      Description: The random number generator used for kernel hardening measures early in the boot process was not cryptographically secure. Some of its output was inferable from user space, allowing bypass of the hardening measures. This issue was addressed by using a cryptographically secure algorithm.

      CVE-ID

      CVE-2014-4422 : Tarjei Mandt of Azimuth Security

    • Libnotify

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious application may be able to execute arbitrary code with root privileges

      Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking.

      CVE-ID

      CVE-2014-4381 : Ian Beer of Google Project Zero

    • Lockdown

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A device can be manipulated into incorrectly presenting the home screen when the device is activation locked

      Description: An issue existed with unlocking behavior that caused a device to proceed to the home screen even if it should still be in an activation locked state. This was addressed by changing the information a device verifies during an unlock request.

      CVE-ID

      CVE-2014-1360

    • Mail

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Login credentials can be sent in plaintext even if the server has advertised the LOGINDISABLED IMAP capability

      Description: Mail sent the LOGIN command to servers even if they had advertised the LOGINDISABLED IMAP capability. This issue is mostly a concern when connecting to servers that are configured to accept non-encrypted connections and that advertise LOGINDISABLED. This issue was addressed by respecting the LOGINDISABLED IMAP capability.

      CVE-ID

      CVE-2014-4366 : Mark Crispin

    • Mail

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A person with physical access to an iOS device may potentially read email attachments

      Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments.

      CVE-ID

      CVE-2014-1348 : Andreas Kurtz of NESO Security Labs

    • Profiles

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Voice Dial is unexpectedly enabled after upgrading iOS

      Description: Voice Dial was enabled automatically after upgrading iOS. This issue was addressed through improved state management.

      CVE-ID

      CVE-2014-4367 : Sven Heinemann

    • Safari

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: User credentials may be disclosed to an unintended site via autofill

      Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.

      CVE-ID

      CVE-2013-5227 : Niklas Malmgren of Klarna AB

    • Safari

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: An attacker with a privileged network position may intercept user credentials

      Description: Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains.

      CVE-ID

      CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford University working with Eric Chen and Collin Jackson of Carnegie Mellon University

    • Sandbox Profiles

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Apple ID information is accessible by third-party apps

      Description: An information disclosure issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.

      CVE-ID

      CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus Troßbach of Heilbronn University

    • Settings

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Text message previews may appear at the lock screen even when this feature is disabled

      Description: An issue existed in the previewing of text message notifications at the lock screen. As a result, the contents of received messages would be shown at the lock screen even when previews were disabled in Settings. The issue was addressed through improved observance of this setting.

      CVE-ID

      CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR), Italy

    • syslog

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A local user may be able to change permissions on arbitrary files

      Description: syslogd followed symbolic links while changing permissions on files. This issue was addressed through improved handling of symbolic links.

      CVE-ID

      CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech Information Security Center (GTISC)

    • Weather

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Location information was sent unencrypted

      Description: An information disclosure issue existed in an API used to determine local weather. This issue was addressed by changing APIs.

    • WebKit

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A malicious website may be able to track users even when private browsing is enabled

      Description: A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode.

      CVE-ID

      CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)

    • WebKit

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

      Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

      CVE-ID

      CVE-2013-6663 : Atte Kettunen of OUSPG

      CVE-2014-1384 : Apple

      CVE-2014-1385 : Apple

      CVE-2014-1387 : Google Chrome Security Team

      CVE-2014-1388 : Apple

      CVE-2014-1389 : Apple

      CVE-2014-4410 : Eric Seidel of Google

      CVE-2014-4411 : Google Chrome Security Team

      CVE-2014-4412 : Apple

      CVE-2014-4413 : Apple

      CVE-2014-4414 : Apple

      CVE-2014-4415 : Apple

    • WiFi

      Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

      Impact: A device may be passively tracked by its WiFi MAC address

      Description: An information disclosure existed because a stable MAC address was being used to scan for WiFi networks. This issue was addressed by randomizing the MAC address for passive WiFi scans.

    Note:

    iOS 8 contains changes to some diagnostic capabilities. For details, please consulthttp://support.apple.com/kb/HT6331

    iOS 8 now permits devices to untrust all previously trusted computers. Instructions can be found athttp://support.apple.com/kb/HT5868

    Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
  • 相关阅读:
    What the key facts to choose Row Store and Column Store 沧海
    自定义数据源(ECC>BW) 沧海
    What is SAP HANA appliance software 沧海
    安装BI_CONT时遇到Open Data Extraction Requests的问题 沧海
    Process Chain\DTP\Infopackage相关的几个table和function module 沧海
    Note 741478 FAQ: Materialized views 沧海
    HANA 与 Exalytics 的对比 沧海
    SAP HANA database and how to improve performance 沧海
    SAP HANA 已实施的客户清单 沧海
    BW BEx的VBA开发接口介绍 沧海
  • 原文地址:https://www.cnblogs.com/Proteas/p/3979030.html
Copyright © 2020-2023  润新知