Apple iOS Multiple Vulnerabilities

SA48454

CVE-2011-3046, CVE-2011-3056, CVE-2012-0672, CVE-2012-0674

20 Mar 2012

09 May 2012

Highly Critical

Vendor Patch

From remote

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Security Bypass

This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.

The actual impact varies significantly depending on the design and purpose of the affected application.

Spoofing

This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.

Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) An error within Safari when opening a new window using "window.open()" can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

This vulnerability is confirmed in iOS version 5.1 (9B176) on iPhone 4 and 4th generation iPod touch. Other versions and devices may also be affected.

2) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.

For more information:
SA48321
SA48512

3) An error within the WebKit component can be exploited to corrupt memory.

Successful exploitation of vulnerabilities #2 and #3 may allow execution of arbitrary code.

Apply iOS 5.1.1 Software Update.

1) David Vieira-Kurz, MajorSecurity.
3) The vendor credits Adam Barth and Abhishek Arya of the Google Chrome Security Team.

MajorSecurity:
http://archives.neohapsis.com/archives/bugtraq/2012-03/0095.html

Apple:
http://support.apple.com/kb/HT5278