1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IOS 10.3.2 Release

Discussion in 'Apple iOS' started by Lucifer, May 16, 2017.

  1. Lucifer

    Lucifer Trial Moderator Staff Member

    664
    402
    173
    Credits:
    2,604
    Hello CCM members

    As of yesterday Apple Released 10.3.2 publicly here is what Apple fixed with iOS 10.3.2
    About the security content of iOS 10.3.2
    This document describes the security content of iOS 10.3.2.


    About Apple security updates
    For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Please login or register to view links or downloads! page.

    For more information about security, see the Please login or register to view links or downloads! page. You can encrypt communications with Apple using the Please login or register to view links or downloads!.

    Apple security documents reference vulnerabilities by Please login or register to view links or downloads! when possible.

    [​IMG]

    iOS 10.3.2
    Released May 15, 2017

    AVEVideoEncoder

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to gain kernel privileges

    Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

    CoreAudio

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to read restricted memory

    Description: A validation issue was addressed with improved input sanitization.

    CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team

    iBooks

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: A maliciously crafted book may open arbitrary websites without user permission

    Description: A URL handling issue was addressed through improved state management.

    CVE-2017-2497: Jun Kokatsu (@shhnjk)

    iBooks

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to execute arbitrary code with root privileges

    Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

    CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)

    IOSurface

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to gain kernel privileges

    Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2017-6979: Adam Donenfeld of Zimperium zLabs

    Kernel

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to execute arbitrary code with kernel privileges

    Description: A race condition was addressed through improved locking.

    CVE-2017-2501: Ian Beer of Google Project Zero

    Kernel

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to read restricted memory

    Description: A validation issue was addressed with improved input sanitization.

    CVE-2017-2507: Ian Beer of Google Project Zero

    CVE-2017-6987: Patrick Wardle of Synack

    Notifications

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to cause a denial of service

    Description: A denial of service issue was addressed through improved memory handling.

    CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers

    Safari

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Visiting a maliciously crafted webpage may lead to an application denial of service

    Description: An issue in Safari's history menu was addressed through improved memory handling.

    CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

    Security

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Update to the certificate trust policy

    Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.

    CVE-2017-2498: Andrew Jerman

    SQLite

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: A maliciously crafted SQL query may lead to arbitrary code execution

    Description: A use after free issue was addressed through improved memory management.

    CVE-2017-2513: found by OSS-Fuzz

    SQLite

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: A maliciously crafted SQL query may lead to arbitrary code execution

    Description: A buffer overflow issue was addressed through improved memory handling.

    CVE-2017-2518: found by OSS-Fuzz

    CVE-2017-2520: found by OSS-Fuzz

    SQLite

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: A maliciously crafted SQL query may lead to arbitrary code execution

    Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2017-2519: found by OSS-Fuzz

    SQLite

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to arbitrary code execution

    Description: Multiple memory corruption issues were addressed with improved input validation.

    CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative

    CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative

    TextInput

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Parsing maliciously crafted data may lead to arbitrary code execution

    Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2017-2524: Ian Beer of Google Project Zero

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to arbitrary code execution

    Description: Multiple memory corruption issues were addressed with improved memory handling.

    CVE-2017-2496: Apple

    CVE-2017-2505: lokihardt of Google Project Zero

    CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative

    CVE-2017-2514: lokihardt of Google Project Zero

    CVE-2017-2515: lokihardt of Google Project Zero

    CVE-2017-2521: lokihardt of Google Project Zero

    CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative

    CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative

    CVE-2017-2530: an anonymous researcher

    CVE-2017-2531: lokihardt of Google Project Zero

    CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative

    CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative

    CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative

    CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative

    CVE-2017-6980: lokihardt of Google Project Zero

    CVE-2017-6984: lokihardt of Google Project Zero

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting

    Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.

    CVE-2017-2504: lokihardt of Google Project Zero

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting

    Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.

    CVE-2017-2508: lokihardt of Google Project Zero

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting

    Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.

    CVE-2017-2510: lokihardt of Google Project Zero

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting

    Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.

    CVE-2017-2528: lokihardt of Google Project Zero

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to arbitrary code execution

    Description: Multiple memory corruption issues with addressed through improved memory handling.

    CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative

    WebKit

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: Processing maliciously crafted web content may lead to universal cross site scripting

    Description: A logic issue existed in frame loading. This issue was addressed with improved state management.

    CVE-2017-2549: lokihardt of Google Project Zero

    WebKit Web Inspector

    Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

    Impact: An application may be able to execute unsigned code

    Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2017-2499: George Dan (@theninjaprawn)

    Now if you look closely you will see Apple gave no credit to pangu for any bug fixes so that shows that pangu is not working with Apple.

    This is a good thing that pangu is not working with Apple, but that does not mean pangu will release the jailbreak. One big issue that we see with this new iOS update is the kernel bug fixes if you guys remember back on 10.2 that is how the the 10.2 jailbreak came into play because of a kernel exploit.

    Once pangu releases their jailbreak if they do I will be sure to let you guys know :smile:

    Have a nice day everyone :kissingheart:
     
    CabCon and Pyrex BLJ like this.

Share This Page