• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
APPLE-SA-2016-01-19-1 iOS 9.2.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2016-01-19-1 iOS 9.2.1

  • Subject: APPLE-SA-2016-01-19-1 iOS 9.2.1
  • From: Apple Product Security <email@hidden>
  • Date: Tue, 19 Jan 2016 15:43:37 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-01-19-1 iOS 9.2.1

iOS 9.2.1 is now available and addresses the following:

Disk Images
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2016-1717 : Frank Graziano of Yahoo! Pentest Team

IOHIDFamily
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2016-1719 : Ian Beer of Google Project Zero

IOKit
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1720 : Ian Beer of Google Project Zero

Kernel
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with
kernel privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1721 : Ian Beer of Google Project Zero and Ju Zhu of Trend
Micro

libxslt
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  A type confusion issue existed in libxslt. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-7995 : puzzor

syslog
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A local user may be able to execute arbitrary code with root
privileges
Description:  A memory corruption issue was addressed through
improved memory handling.
CVE-ID
CVE-2016-1722 : Joshua J. Drake and Nikias Bassen of Zimperium zLabs

WebKit
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2016-1723 : Apple
CVE-2016-1724 : Apple
CVE-2016-1725 : Apple
CVE-2016-1726 : Apple
CVE-2016-1727 : Apple

WebKit CSS
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  Websites may know if the user has visited a given link
Description:  A privacy issue existed in the handling of the
"a:visited button" CSS selector when evaluating the containing
element's height. This was addressed through improved validation.
CVE-ID
CVE-2016-1728 : an anonymous researcher coordinated via Joe Vennix

WebSheet
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious captive portal may be able to access the user's
cookies
Description:  An issue existed that allowed some captive portals to
read or write cookies. The issue was addressed through an isolated
cookie store for all captive portals.
CVE-ID
CVE-2016-1730 : Adi Sharabani and Yair Amit of Skycure

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWnsHaAAoJEBcWfLTuOo7t1zwP/0RspCkyT0BHSQQO8VdMW/fc
Y75BJakw9EAPtzl7JuXh2uyEW0Qj7zmCAxtHj40+ahzeL/Iop4t+2bNmxG0PKKJr
xw4lfXqBPCyAFAWVnJnc7F+khS0mzOMYeSeTb809BhVZCGuPj8KaG0lO6i3Bpuv9
PegrCpntVconvMVnisv1DY5XCo+ieMnQfq3CwgjeLGJVayKwCLReEGEAy5fR/wcc
U8UPi8ya8qHEM2R4HiqKvLWifvuhduKDRef8ONVKInndtUw3uMxLADb3ly0FNfK2
ZE8e/h6x6SchWKvPIlz3LkmH11PxVzOFcDSPyF8588kqIUeejJbCVmH2NTOKNWSc
L86t9ZcJKOQeSA+vo9xuA4wL9oAqg0vTsU3imNI/eg5uo04UXnVmezFTdbnZTJUq
0muC+6spRRUEMV1c4vUSDNYQUWnplpm5tvOS1W9m/BYTeEBxrtHlNf1esnWst7LF
bP2Dm2o4eUiMeGm0oS0aCvLOAkbZxIWGBoskJQo5QItGbrGXvolAOzy8ZG4VtcMc
C57ndIvb6Aji0ZHoIoE9cQU/HAi3oA8NpAOmWnHR7TmgTLb0aKZkGbsePlpklZjO
wmxK8O47hnsplGQ/MvQoq2du1yhijKHZ36o7nl+ZLll5EE9yXgoQTJ3C3SQ0uWYq
It3pbAGWOfPf7kH++Tqf
=8vfa
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • Next by Date: APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
  • Previous by thread: APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • Next by thread: APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
  • Index(es):
    • Date
    • Thread