SB2019012301 - Multiple vulnerabilities in Apple iOS

Description

This security bulletin contains information about 31 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2019-6200)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists due to out-of-bounds read in the Bluetooth component when handling malicious input. A remote authenticated attacker can supply specially crafted input and cause the service to crash.

2) Privilege escalation (CVE-ID: CVE-2019-6210)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to an error in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Buffer overflow (CVE-ID: CVE-2019-6213)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger buffer overflow and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2019-6218)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Memory corruption (CVE-ID: CVE-2019-6235)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to a boundary error in the AppleKeyStore component when handling malicious input. A remote attacker can trigger memory corruption to circumvent sandbox restrictions.

6) Out-of-bounds read (CVE-ID: CVE-2019-6202)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to out-of-bounds read in the Core Media component when handling malicious input. A local authenticated attacker can run a specially crafted application and gain elevated privileges.

7) Out-of-bounds read (CVE-ID: CVE-2019-6221)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to out-of-bounds read in the Core Media component when handling malicious input. A local authenticated attacker can run a specially crafted application and gain elevated privileges.

8) Out-of-bounds read (CVE-ID: CVE-2019-6231)

The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in the CoreAnimation component when handling malicious input. A local authenticated attacker can run a specially crafted application and access arbitrary data.

9) Memory corruption (CVE-ID: CVE-2019-6230)

The vulnerability allows a local authenticated attacker to bypass security restrictions.

The weakness exists due to a boundary error in the CoreAnimation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and circumvent sandbox restrictions.

10) Buffer overflow (CVE-ID: CVE-2019-6224)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the FaceTime component when handling malicious input. A remote attacker can initiate a FaceTime call, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

11) Type confusion (CVE-ID: CVE-2019-6214)

The vulnerability allows a local authenticated attacker to bypass security restrictions.

The weakness exists due to a boundary error in the IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger type confusion error and circumvent sandbox restrictions.

12) Memory corruption (CVE-ID: CVE-2019-6225)

The vulnerability allows a local authenticated attacker to gain elevated privileges.

The weakness exists due to a boundary error in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

13) Memory corruption (CVE-ID: CVE-2019-6205)

The vulnerability allows a local authenticated attacker to bypass security restrictions.

The weakness exists due to lock state checking in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and cause unexpected changes in memory shared between processes.

14) Out-of-bounds read (CVE-ID: CVE-2019-6209)

The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.

The weakness exists due to out-of-bounds read in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application and determine kernel memory layout.

15) Memory corruption (CVE-ID: CVE-2019-6208)

The vulnerability allows a local authenticated attacker to bypass security restrictions.

The weakness exists due to lock state checking in the Kernel component when handling malicious input. A local authenticated attacker can run a specially crafted application, trigger memory corruption and cause unexpected changes in memory shared between processes.

16) Security restrictions bypass (CVE-ID: CVE-2019-6206)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to improper state management in the Keyboard component with autofill resuming after it was canceled. A remote attacker can cause password autofill fill in passwords after they were manually cleared.

17) Input validation error (CVE-ID: CVE-2019-6219)

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to an error in the Natural Language Processing component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted message and cause the service to crash.

18) Cross-site scripting (CVE-ID: CVE-2019-6228)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the Safari Reader component due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.

19) Cross-site scripting (CVE-ID: CVE-2019-6229)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists in the WebKit component due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal the authentication cookies and gain access to the device.

20) SQL injection (CVE-ID: CVE-2018-20346)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

21) SQL injection (CVE-ID: CVE-2018-20505)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

22) SQL injection (CVE-ID: CVE-2018-20506)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

23) Memory corruption (CVE-ID: CVE-2019-6227)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

24) Memory corruption (CVE-ID: CVE-2019-6233)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

25) Memory corruption (CVE-ID: CVE-2019-6234)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

26) Type confusion (CVE-ID: CVE-2019-6215)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger type confusion error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

27) Memory corruption (CVE-ID: CVE-2019-6212)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

28) Memory corruption (CVE-ID: CVE-2019-6216)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

29) Memory corruption (CVE-ID: CVE-2019-6217)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

30) Memory corruption (CVE-ID: CVE-2019-6226)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebKit component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

31) Memory corruption (CVE-ID: CVE-2019-6211)

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to a boundary error in the WebRTC component when handling malicious input. A remote attacker can trick the victim into processing a specially crafted content, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT209443