[转]About the security content of iOS 8
Source:http://support.apple.com/kb/HT6441
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see Apple Security Updates.
iOS 8
802.1X
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID of the user
Description: An issue existed in the access control logic for accounts. A sandboxed application could get information about the currently-active iCloud account, including the name of the account. This issue was addressed by restricting access to certain account types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Accessibility
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of events, which resulted in the screen not locking. This issue was addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access sensitive user information from logs
Description: Sensitive user information was logged. This issue was addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the address book
Description: The address book was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the address book with a key protected by the hardware UID and the user's passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and install unverified applications
Description: A race condition existed in App Installation. An attacker with the capability of writing to /tmp may have been able to install an unverified app. This issue was addressed by staging files for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and install unverified applications
Description: A path traversal issue existed in App Installation. A local attacker could have retargeted code signature validation to a bundle different from the one being installed and cause installation of an unverified app. This issue was addressed by detecting and preventing path traversal when determining which code signature to verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able to cause an iOS device to think that it is up to date even when it is not
Description: A validation issue existed in the handling of update check responses. Spoofed dates from Last-Modified response headers set to future dates were used for If-Modified-Since checks in subsequent update requests. This issue was addressed by validation of the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading iOS
Description: Bluetooth was enabled automatically after upgrading iOS. This was addressed by only turning on Bluetooth for major or minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
Certificate Trust Policy
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates may be viewed athttp://support.apple.com/kb/HT5012.
CoreGraphics
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime audio call without prompting
Description: Mail did not consult the user before launching facetime-audio:// URLs. This issue was addressed with the addition of a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose information
Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did not have sufficient access control. This issue was addressed through additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus Troßbach of Heilbronn University
iMessage
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is deleted
Description: A race condition existed in how attachments were deleted. This issue was addressed by conducting additional checks on whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of IOAcceleratorFamily API arguments. This issue was addressed through improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm and Cererdlong of Alibaba Mobile Security Team
IOAcceleratorFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the IntelAccelerator driver. The issue was addressed by improved error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers, which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily kernel extension. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized data from kernel memory
Description: An uninitialized memory access issue existed in the handling of IOKit functions. This issue was addressed through improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a denial of service
Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This may lead to memory disclosure or memory corruption. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening measures early in the boot process was not cryptographically secure. Some of its output was inferable from user space, allowing bypass of the hardening measures. This issue was addressed by using a cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a device to proceed to the home screen even if it should still be in an activation locked state. This was addressed by changing the information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had advertised the LOGINDISABLED IMAP capability. This issue is mostly a concern when connecting to servers that are configured to accept non-encrypted connections and that advertise LOGINDISABLED. This issue was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via autofill
Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept user credentials
Description: Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford University working with Eric Chen and Collin Jackson of Carnegie Mellon University
Sandbox Profiles
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus Troßbach of Heilbronn University
Settings
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even when this feature is disabled
Description: An issue existed in the previewing of text message notifications at the lock screen. As a result, the contents of received messages would be shown at the lock screen even when previews were disabled in Settings. The issue was addressed through improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR), Italy
syslog
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary files
Description: syslogd followed symbolic links while changing permissions on files. This issue was addressed through improved handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used to determine local weather. This issue was addressed by changing APIs.
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when private browsing is enabled
Description: A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC address was being used to scan for WiFi networks. This issue was addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities. For details, please consulthttp://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted computers. Instructions can be found athttp://support.apple.com/kb/HT5868
[转]About the security content of iOS 8的更多相关文章
- iOS Application Security
文章分A,B,C,D 4个部分. A) iOS Application Security 下面介绍iOS应用安全,如何分析和动态修改app. 1)iOS Application security Pa ...
- iOS常用开发资源整理
在行--专家付费咨询 杂项 App Release Checklist—iOS App发布清单. Hey Focus—帮助你专注于一个任务. Objective Cloud—Objective C A ...
- 【资源集合】94个iOS开发资源推荐,帮你加速应用开发
资源总结类文章总是开发者们所喜欢的,网上已经有各种weekly.头条以及期刊类资源总结,今天这篇来自于开发者Viswateja Reddy的总结.原文对各个项目的介绍非常简单,为了更便于阅读,编辑在原 ...
- iOS 集成极光推送
最近极光推送更新到V3版本之后,推送又不成功!配合服务器联调了半天,发现是服务器环境配置有问题. 想着就把极光推送的步骤给记录下来. 一.配置push证书 这个可以到极光文档里写,很详细 二.导入必要 ...
- Types of Security Vulnerabilities
1)内存空间安全.2)参量级别数据安全:3)通信级别数据安全:4)数据访问控制:5)通信对象身份确认. https://developer.apple.com/library/content/docu ...
- About the iOS File System
两个维度: 1)是否给用户使用: 2)是否持久存储. During installation of a new app, the installer creates a number of conta ...
- Summary of Critical and Exploitable iOS Vulnerabilities in 2016
Summary of Critical and Exploitable iOS Vulnerabilities in 2016 Author:Min (Spark) Zheng, Cererdlong ...
- IOS开发基础知识--碎片41
1:UIWebView加载本地的HTML NSString *path = [[NSBundle mainBundle] bundlePath]; NSURL *baseURL = [NSURL fi ...
- iOS安全笔记
这一篇文章, 加上里面链接的几篇文章(一个百度的, 两个阮一峰的), 全看完应该了解得差不多了 如何打造一个安全的App?这是每一个移动开发者必须面对的问题.在移动App开发领域,开发工程师对于安全方 ...
随机推荐
- div元素上下左右居中
<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <m ...
- linux_ssky-keygen + ssh-copy-id 无密码登陆远程LINUX主机
使用下例中ssky-keygen和ssh-copy-id,仅需通过3个步骤的简单设置而无需输入密码就能登录远程Linux主机. ssh-keygen 创建公钥和密钥. ssh-copy-id 把本地主 ...
- java_model_dao_自动生成_generator-mybatis-generator-1.3.2 基于maven插件
用mybatis原因很简单,易用,性能.是介于jdbc和hibernate之间的一个完美方案. 很简单: 1:配置pom <project xmlns="http://maven.ap ...
- obj-c编程15[Cocoa实例03]:MVC以及归档化演示样例
前面的博文里介绍了归档和解档,这里我们把它实际应用到一个简单的代码中去,将它作为一个多文档应用程序的打开和保存的背后支持.另外这里介绍一下MVC思想,这个在不论什么语言里都会有,它是一种设计思想,主要 ...
- [CLR via C#]1.6 Framework类库~1.9与非托管代码的互操作性
原文:[CLR via C#]1.6 Framework类库~1.9与非托管代码的互操作性 1.6 Framework类库 1. .NET Framework中包含了Framework类库(Frame ...
- MapReduce的InputFormat学习过程
昨天,经过几个小时的学习.该MapReduce学习的某一位的方法的第一阶段.即当大多数文件的开头的Data至key-value制图.那是,InputFormat的过程.虽说过程不是非常难,可是也存在非 ...
- POJ 1035 代码+具体的目光
Spell checker Time Limit: 2000MS Memory Limit: 65536K Total Submissions: 19319 Accepted: 7060 Descri ...
- 【phpMyAdmin】更改配置文件连接到其他server
默认phpMyAdmin安装完毕后对机器的访问mysql,但有时我们需要访问其它server的mysql数据库,所以我们需要配置. 真,phpMyAdmin已经为我们做了配置的选项.可是须要我们进行一 ...
- 从一道数学题弹程序员的思维:数学题,求证:(a+b%c)%c=(a+b)%c
在学校论坛看到这道题目,全忘了的感觉. 如果你是高中的,那我觉得你完全没问题.但是,在这个博客园的圈子,觉得全部人都是程(ban)序(zhuan)员(gong)相关的人员,解决这个问题有点难度,毕竟, ...
- APP-随身听
简单到复杂听你的专属音响界,听金融.听物业,听新闻和其他节目专辑,简要介绍了新的音频应用,给你不一样的聆听体验.还记得老歌做?这里有.您留声机的一部分!很简单的音频应用,随时随地与此应用程序来听你的私 ...