Description: A memory corruption issue was addressed with improved bounds checking. Impact: A remote attacker may cause an unexpected application termination. Description: A resource exhaustion issue was addressed through improved input validation. Impact: An application may be able to execute arbitrary code with kernel privileges. Description: A memory corruption issue was addressed with improved memory handling.
Impact: An application may be able to execute arbitrary code with system privileges. Description: A validation issue was addressed with improved input sanitization. Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution. Description: A buffer overflow was addressed through improved bounds checking. Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information. Description: An out-of-bounds read was addressed through improved bounds checking.
Description: A memory consumption issue was addressed through improved memory handling. Description: A lock screen issue was addressed with improved state management. Entry updated July 28, Safari. Description: An inconsistent user interface issue was addressed with improved state management. Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs. Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked.
The issue was addressed through throttling of print dialogs. Impact: An attacker in a privileged network position may be able to execute arbitrary code. Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack.
This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered. Impact: Processing a maliciously crafted x certificate may lead to arbitrary code execution. Description: A memory corruption issue existed in the parsing of certificates. Impact: Siri might reveal text message contents while the device is locked. Description: An insufficient locking issue was addressed with improved state management. Impact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution.
Description: A validation issue existed in bookmark creation. Description: An inconsistent user interface issue was addressed through improved state management. Impact: Processing maliciously crafted web content may exfiltrate data cross-origin. Description: A prototype access issue was addressed through improved exception handling. Entry updated June 20, WebKit. Description: A type confusion issue was addressed through improved memory handling.
Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Description: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions. Impact: Processing maliciously crafted web content may lead to high memory consumption.
Description: An uncontrolled resource consumption issue was addressed through improved regex processing. Impact: Processing maliciously crafted web content may result in the disclosure of process memory. Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.
Description: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.
Description: A validation issue existed in the handling of page loading. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management. Description: A logic issue existed in the handling of strict mode functions.
Impact: Visiting a maliciously crafted website may compromise user information. Entry added March 28, WebKit. Description: A logic issue existed in frame handling. This issue was addressed through improved state management. Description: A validation issue existed in element handling. Impact: Closing a window while paused in the debugger may lead to unexpected application termination. We would like to acknowledge Flyin9 ZhenHui Lee for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement.
Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information. About the security content of iOS About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.
CVE Suprovici Vadim of UniApps team, an anonymous researcher Audio Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.
CVE Mei Wang of GearTeam CoreText Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE John Villamil, Doyensec CoreText Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation.
CVE John Villamil, Doyensec CoreText Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation.
CVE Ilya Nesterov and Maxim Goncharov FontParser Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE Entry updated March 28, ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.
CVE an anonymous researcher working with Trend Micro's Zero Day Initiative ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation.
CVE iTunes Store Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An attacker in a privileged network position may be able to tamper with iTunes network traffic Description: Requests to iTunes sandbox web services were sent in cleartext. CVE Richard Shupak linkedin. CVE Apple Entry added May 2, JavaScriptCore Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted web page may lead to universal cross site scripting Description: A prototype issue was addressed through improved logic.
CVE lokihardt of Google Project Zero Entry updated April 24, Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation.
CVE an anonymous researcher Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling.
CVE lokihardt of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management.
CVE Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking.
CVE Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking.
CVE Ian Beer of Google Project Zero Kernel Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. Entry updated March 30, libarchive Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks.
This update includes Portrait Camera for iPhone 7 Plus beta , transit directions for Japan, stability improvements and bug fixes. For information on the security content of this update, please visit this website: Apple security updates. It also improves power management during peak workloads to avoid unexpected shutdowns on iPhone.
This update: Addresses an issue that could prevent headphone audio controls from temporarily not working Resolves an issue that caused Photos to quit for some users when turning on iCloud Photo Library Fixes an issue that prevented enabling some app extensions For information on the security content of this update, please visit this website: Apple security updates.
0コメント