• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2016-01-19-1 iOS 9.2.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2016-01-19-1 iOS 9.2.1


  • Subject: APPLE-SA-2016-01-19-1 iOS 9.2.1
  • From: Apple Product Security <email@hidden>
  • Date: Tue, 19 Jan 2016 15:43:37 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-01-19-1 iOS 9.2.1

iOS 9.2.1 is now available and addresses the following:

Disk Images
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team

IOHIDFamily
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1719 : Ian Beer of Google Project Zero

IOKit
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1720 : Ian Beer of Google Project Zero

Kernel
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend
Micro

libxslt
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  A type confusion issue existed in libxslt. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-7995 : puzzor

syslog
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with root
privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

WebKit
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1723 : Apple
CVE-2016-1724 : Apple
CVE-2016-1725 : Apple
CVE-2016-1726 : Apple
CVE-2016-1727 : Apple

WebKit CSS
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Websites may know if the user has visited a given link
Description:  A privacy issue existed in the handling of the
"a:visited button" CSS selector when evaluating the containing
element's height. This was addressed through improved validation.
CVE-ID
CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix

WebSheet
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious captive portal may be able to access the user's
cookies
Description:  An issue existed that allowed some captive portals to
read or write cookies. The issue was addressed through an isolated
cookie store for all captive portals.
CVE-ID
CVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWnsHaAAoJEBcWfLTuOo7t1zwP/0RspCkyT0BHSQQO8VdMW/fc
Y75BJakw9EAPtzl7JuXh2uyEW0Qj7zmCAxtHj40+ahzeL/Iop4t+2bNmxG0PKKJr
xw4lfXqBPCyAFAWVnJnc7F+khS0mzOMYeSeTb809BhVZCGuPj8KaG0lO6i3Bpuv9
PegrCpntVconvMVnisv1DY5XCo+ieMnQfq3CwgjeLGJVayKwCLReEGEAy5fR/wcc
U8UPi8ya8qHEM2R4HiqKvLWifvuhduKDRef8ONVKInndtUw3uMxLADb3ly0FNfK2
ZE8e/h6x6SchWKvPIlz3LkmH11PxVzOFcDSPyF8588kqIUeejJbCVmH2NTOKNWSc
L86t9ZcJKOQeSA+vo9xuA4wL9oAqg0vTsU3imNI/eg5uo04UXnVmezFTdbnZTJUq
0muC+6spRRUEMV1c4vUSDNYQUWnplpm5tvOS1W9m/BYTeEBxrtHlNf1esnWst7LF
bP2Dm2o4eUiMeGm0oS0aCvLOAkbZxIWGBoskJQo5QItGbrGXvolAOzy8ZG4VtcMc
C57ndIvb6Aji0ZHoIoE9cQU/HAi3oA8NpAOmWnHR7TmgTLb0aKZkGbsePlpklZjO
wmxK8O47hnsplGQ/MvQoq2du1yhijKHZ36o7nl+ZLll5EE9yXgoQTJ3C3SQ0uWYq
It3pbAGWOfPf7kH++Tqf
=8vfa
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


  • Prev by Date: APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • Next by Date: APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
  • Previous by thread: APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • Next by thread: APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
  • Index(es):
    • Date
    • Thread

Apple Footer

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Apple can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.
 Apple
  1. Lists
  2. Archives
More ways to shop: Visit an Apple Store, call 1-800-MY-APPLE, or find a reseller.
United States
Copyright © Apple Inc. All rights reserved.
Privacy Policy Terms of Use Sales and Refunds Legal Site Map