Apple Squashes 35 Security Bugs in iOS 7.1.2 for Siri, Webkit, More

| Product News

There weren't that many line items in the iOS 7.1.2 update Apple released on Monday, but the company smushed some 35 security bugs, including 18 memory leak issues in Safari alone. A security flaw that allowed someone to use Siri to view an iPhone's Contacts without a passcode was also addressed, as were a number of issues in WebKit.

iOS 7 Bugs

Apple's full security releases notes:

iOS 7.1.2 is now available and addresses the following:

Certificate Trust Policy
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates may be viewed at
http://support.apple.com/kb/HT5012.

CoreGraphics
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution
Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1354 : Dima Kovalenko of codedigging.com

Kernel
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An application could cause the device to unexpectedly restart
Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments.
CVE-ID
CVE-2014-1355 : cunzhang from Adlab of Venustech

launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1356 : Ian Beer of Google Project Zero

launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1357 : Ian Beer of Google Project Zero

launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1358 : Ian Beer of Google Project Zero

launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1359 : Ian Beer of Google Project Zero

Lockdown
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker possessing an iOS device could potentially bypass Activation Lock
Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers.
CVE-ID
CVE-2014-1360

Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts
Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.
CVE-ID
CVE-2014-1352 : mblsec

Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking
Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.
CVE-ID
CVE-2014-1353

Mail
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Mail attachments can be extracted from an iPhone 4
Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs

Safari
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling.
CVE-ID
CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan

Settings
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state.
CVE-ID
CVE-2014-1350

Secure Transport
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker
Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection.
CVE-ID
CVE-2014-1361 : Thijs Alkemade of The Adium Project

Siri
Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later
Impact: A person with physical access to the phone may be able to view all contacts
Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode.
CVE-ID
CVE-2014-1351 : Sherif Hashim

WebKit
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2014-1731 : an anonymous member of the Blink development
community

WebKit
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check
Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook

WebKit
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof its domain name in the address bar
Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs.
CVE-ID
CVE-2014-1345 : Erling Ellingsen of Facebook

As of this writing, Apple's security site still hasn't been updated with this document.

Comments

Scott B in DC

Where did you find the security release notes? They are not on their website in the link Apple provides.

Log-in to comment