1. #1
    @maxim_apps Nivel 3 MacPoints y autoridad de maxim MacPoints y autoridad de maxim MacPoints y autoridad de maxim MacPoints y autoridad de maxim MacPoints y autoridad de maxim MacPoints y autoridad de maxim
    Avatar de maxim

    iOS 10.3.3, urgente para iPhone 5 en adelante así como iPad 4 y más reciente

    El equipo de seguridad de Google Project Zero así como otros usuarios expertos en la materia han terminado de parchear iOS, el sistema operativo de smartphones más parcheado del mundo.


    La nueva actualización contiene más de 20 fallos de seguridad gordos desde el Kernel has el famoso cáncer de Apple, Safari y Webkit. Ademas soluciona un fallo grave en la Wi-fi que permite que te roben hasta el carnet de identidad.




    Contacts
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
    Description: A buffer overflow issue was addressed through improved memory handling.
    CVE-2017-7062: Shashank (@cyberboyIndia)


    CoreAudio
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution
    Description: A memory corruption issue was addressed with improved bounds checking.
    CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team


    EventKitUI
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: A remote attacker may cause an unexpected application termination
    Description: A resource exhaustion issue was addressed through improved input validation.
    CVE-2017-7007: José Antonio Esteban (@Erratum_) of Sapsi Consultores


    IOUSBFamily
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team


    Kernel
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-7022: an anonymous researcher
    CVE-2017-7024: an anonymous researcher
    CVE-2017-7026: an anonymous researcher


    Kernel
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with kernel privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-7023: an anonymous researcher
    CVE-2017-7025: an anonymous researcher
    CVE-2017-7027: an anonymous researcher
    CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team


    Kernel
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An application may be able to read restricted memory
    Description: A validation issue was addressed with improved input sanitization.
    CVE-2017-7028: an anonymous researcher
    CVE-2017-7029: an anonymous researcher


    libarchive
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
    Description: A buffer overflow was addressed through improved bounds checking.
    CVE-2017-7068: found by OSS-Fuzz


    libxml2
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
    Description: An out-of-bounds read was addressed through improved bounds checking.
    CVE-2017-7010: Apple
    CVE-2017-7013: found by OSS-Fuzz


    libxpc
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-7047: Ian Beer of Google Project Zero


    Messages
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: A remote attacker may cause an unexpected application termination
    Description: A memory consumption issue was addressed through improved memory handling.
    CVE-2017-7063: Shashank (@cyberboyIndia)


    Notifications
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Notifications may appear on the lock screen when disabled
    Description: A lock screen issue was addressed with improved state management.
    CVE-2017-7058: an anonymous researcher


    Safari
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Visiting a malicious website may lead to address bar spoofing
    Description: An inconsistent user interface issue was addressed with improved state management.
    CVE-2017-2517: xisigr of Tencent's Xuanwu Lab (tencent.com)


    Safari Printing


    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs
    Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs.
    CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana


    Telephony
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An attacker in a privileged network position may be able to execute arbitrary code
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-8248


    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: A malicious website may exfiltrate data cross-origin
    Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered.
    CVE-2017-7006: an anonymous researcher, David Kohlbrenner of UC San Diego


    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Visiting a malicious website may lead to address bar spoofing
    Description: A state management issue was addressed with improved frame handling.
    CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)


    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2017-7018: lokihardt of Google Project Zero
    CVE-2017-7020: likemeng of Baidu Security Lab
    CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
    CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
    CVE-2017-7037: lokihardt of Google Project Zero
    CVE-2017-7039: Ivan Fratric of Google Project Zero
    CVE-2017-7040: Ivan Fratric of Google Project Zero
    CVE-2017-7041: Ivan Fratric of Google Project Zero
    CVE-2017-7042: Ivan Fratric of Google Project Zero
    CVE-2017-7043: Ivan Fratric of Google Project Zero
    CVE-2017-7046: Ivan Fratric of Google Project Zero
    CVE-2017-7048: Ivan Fratric of Google Project Zero
    CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
    CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
    CVE-2017-7056: lokihardt of Google Project Zero
    CVE-2017-7061: lokihardt of Google Project Zero


    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting
    Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management.
    CVE-2017-7038: Egor Karbutov (@ShikariSenpai) of Digital Security and Egor Saltykov (@ansjdnakjdnajkd) of Digital Security, Neil Jenkins of FastMail Pty Ltd
    CVE-2017-7059: an anonymous researcher


    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed through improved memory handling.
    CVE-2017-7049: Ivan Fratric of Google Project Zero


    WebKit
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An application may be able to read restricted memory
    Description: A memory initialization issue was addressed through improved memory handling.
    CVE-2017-7064: lokihardt of Google Project Zero


    WebKit Page Loading
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department


    WebKit Web Inspector
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2017-7012: Apple


    Wi-Fi
    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation
    Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-9417: Nitay Artenstein of Exodus Intelligence




  2. #2
    Applesan@ Nivel 0 MacPoints y autoridad de milon MacPoints y autoridad de milon
    Avatar de milon

    Menos mal que existe Google Project Zero, sino, hoy día no existiría el iPhone o macOS




Otros temas destacados