CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in Apple iOS Prior to iOS 8 and TV Prior to TV 7

MS-ISAC ADVISORY NUMBER:

2015-006

DATE(S) ISSUED:

01/27/2015

OVERVIEW:

Multiple vulnerabilities have been discovered in Apple iOS Prior to iOS 8 and TV Prior to TV 7. Apple iOS is an operating system for iPhone, iPod touch, iPad and Apple TV. The iPhone is a mobile phone that runs on the ARM architecture. The iPod touch is a portable music player. The iPad is a tablet device. Apple TV is a media streaming appliance.

These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file, including an email attachment, using a vulnerable version of Apple iOS.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

Updates are available.

SYSTEMS AFFECTED:

  • Apple iOS Prior to iOS 8.1.3
  • Apple TV Prior to TV 7.0.3

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Apple iOS Prior to iOS 8.1.3 and TV Prior to TV 7.0.3. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file. The below vulnerabilities have been fixed in Security Updates 2015-000 and 2015-001. The vulnerabilities are as follows:

A maliciously crafted afc command may allow access to protected parts of the filesystem [CVE-2014-4480]
Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution [CVE-2014-4481]
A local user may be able to execute unsigned code [CVE-2014-4455]
Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution [CVE-2014-4483]
Processing a maliciously crafted .dfont file may lead to an unexpected application termination or arbitrary code execution [CVE-2014-4484]
Viewing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution [CVE-2014-4485]
A malicious application may be able to execute arbitrary code with system privileges [CVE-2014-4486], [CVE-2014-4487], [CVE-2014-4488], [CVE-2014-4489], and [CVE-2014-4495]
A website may be able to bypass sandbox restrictions using the iTunes Store [CVE-2014-8840]
Maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel [CVE-2014-4491] and [CVE-2014-4496]
A malicious, sandboxed app can compromise the networkd daemon [CVE-2014-4492]
A malicious enterprise-signed application may be able to take control of the local container for applications already on a device [CVE-2014-4493]
Enterprise-signed applications may be launched without prompting for trust [CVE-2014-4494]
Visiting a website that frames malicious content may lead to UI spoofing [CVE-2014-4467]
Style sheets are loaded cross-origin which may allow for data exfiltration [CVE-2014-4465]
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution [CVE-2014-3192], [CVE-2014-4459], [CVE-2014-4466], [CVE-2014-4468], [CVE-2014-4469], [CVE-2014-4470], [CVE-2014-4471], [CVE-2014-4472], [CVE-2014-4473], [CVE-2014-4474], [CVE-2014-4475], [CVE-2014-4476], [CVE-2014-4477], and [CVE-2014-4479]
Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMENDATIONS:

We recommend the following actions be taken:

Update vulnerable Apple products immediately after appropriate testing.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
Do not open email attachments or click on URLs from unknown or un-trusted sources.

REFERENCES:

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8840

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories