Languages

About the security content of iOS 6

Learn about the security content of iOS 6, which can be downloaded and installed using iTunes.

This document describes the security content of iOS 6.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

iOS 6

  • CFNetwork

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

    Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling.

    CVE-ID

    CVE-2012-3724 : Erling Ellingsen of Facebook

  • CoreGraphics

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Multiple vulnerabilities in FreeType

    Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/

    CVE-ID

    CVE-2012-1126

    CVE-2012-1127

    CVE-2012-1128

    CVE-2012-1129

    CVE-2012-1130

    CVE-2012-1131

    CVE-2012-1132

    CVE-2012-1133

    CVE-2012-1134

    CVE-2012-1135

    CVE-2012-1136

    CVE-2012-1137

    CVE-2012-1138

    CVE-2012-1139

    CVE-2012-1140

    CVE-2012-1141

    CVE-2012-1142

    CVE-2012-1143

    CVE-2012-1144

  • CoreMedia

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization.

    CVE-ID

    CVE-2012-3722 : Will Dormann of the CERT/CC

  • DHCP

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed

    Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks.

    CVE-ID

    CVE-2012-3725 : Mark Wuergler of Immunity, Inc.

  • ImageIO

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5.

    CVE-ID

    CVE-2011-1167

  • ImageIO

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images.

    CVE-ID

    CVE-2011-3026 : Jüri Aedla

    CVE-2011-3048

    CVE-2011-3328

  • ImageIO

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution

    Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management.

    CVE-ID

    CVE-2012-3726 : Phil of PKJE Consulting

  • ImageIO

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images.

    CVE-ID

    CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative

  • International Components for Unicode

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution

    Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2011-4599

  • IPSec

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution

    Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3727 : iOS Jailbreak Dream Team

  • Kernel

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling.

    CVE-ID

    CVE-2012-3728 : iOS Jailbreak Dream Team

  • Kernel

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A local user may be able to determine kernel memory layout

    Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization.

    CVE-ID

    CVE-2012-3729 : Dan Rosenberg

  • libxml

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches.

    CVE-ID

    CVE-2011-1944 : Chris Evans of Google Chrome Security Team

    CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences

    CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences

    CVE-2011-3919 : Jüri Aedla

  • Mail

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Mail may present the wrong attachment in a message

    Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments.

    CVE-ID

    CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team

  • Mail

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Email attachments may be read without user's passcode

    Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments.

    CVE-ID

    CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch

  • Mail

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: An attacker may spoof the sender of a S/MIME signed message

    Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available.

    CVE-ID

    CVE-2012-3732 : An anonymous researcher.

  • Messages

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A user may unintentionally disclose the existence of their email addresses

    Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to.

    CVE-ID

    CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC

  • Office Viewer

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Unencrypted document data may be written to a temporary file

    Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user’s files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents.

    CVE-ID

    CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies

  • OpenGL

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders.

    CVE-ID

    CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team

  • Passcode Lock

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device

    Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management.

    CVE-ID

    CVE-2012-3735 : Chris Lawrence DBB

  • Passcode Lock

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A person with physical access to the device may be able to bypass the screen lock

    Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management.

    CVE-ID

    CVE-2012-3736 : Ian Vitek of 2Secure AB

  • Passcode Lock

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: All photos may be accessible at the lock screen

    Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked.

    CVE-ID

    CVE-2012-3737 : Ade Barkah of BlueWax Inc.

  • Passcode Lock

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A person with physical access to a locked device may perform FaceTime calls

    Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen.

    CVE-ID

    CVE-2012-3738 : Ade Barkah of BlueWax Inc.

  • Passcode Lock

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A person with physical access to the device may be able to bypass the screen lock

    Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management.

    CVE-ID

    CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ)

  • Passcode Lock

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A person with physical access to the device may be able to bypass the screen lock

    Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management.

    CVE-ID

    CVE-2012-3740 : Ian Vitek of 2Secure AB

  • Restrictions

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A user may be able to make purchases without entering Apple ID credentials

    Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization.

    CVE-ID

    CVE-2012-3741 : Kevin Makens of Redwood High School

  • Safari

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Websites may use characters with an appearance similar to the lock icon in their titles

    Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles.

    CVE-ID

    CVE-2012-3742 : Boku Kihara of Lepidum

  • Safari

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled

    Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute.

    CVE-ID

    CVE-2012-0680 : Dan Poltawski of Moodle

  • System Logs

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Sandboxed apps may obtain system log content

    Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory.

    CVE-ID

    CVE-2012-3743

  • Telephony

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: An SMS message may appear to have been sent by an arbitrary user

    Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address.

    CVE-ID

    CVE-2012-3744 : pod2g

  • Telephony

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: An SMS message may disrupt cellular connectivity

    Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2012-3745 : pod2g

  • UIKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView

    Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection.

    CVE-ID

    CVE-2012-3746 : Ben Smith of Box

  • WebKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2011-3016 : miaubiz

    CVE-2011-3021 : Arthur Gerkis

    CVE-2011-3027 : miaubiz

    CVE-2011-3032 : Arthur Gerkis

    CVE-2011-3034 : Arthur Gerkis

    CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis

    CVE-2011-3036 : miaubiz

    CVE-2011-3037 : miaubiz

    CVE-2011-3038 : miaubiz

    CVE-2011-3039 : miaubiz

    CVE-2011-3040 : miaubiz

    CVE-2011-3041 : miaubiz

    CVE-2011-3042 : miaubiz

    CVE-2011-3043 : miaubiz

    CVE-2011-3044 : Arthur Gerkis

    CVE-2011-3050 : miaubiz

    CVE-2011-3053 : miaubiz

    CVE-2011-3059 : Arthur Gerkis

    CVE-2011-3060 : miaubiz

    CVE-2011-3064 : Atte Kettunen of OUSPG

    CVE-2011-3068 : miaubiz

    CVE-2011-3069 : miaubiz

    CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative

    CVE-2011-3073 : Arthur Gerkis

    CVE-2011-3074 : Slawomir Blazek

    CVE-2011-3075 : miaubiz

    CVE-2011-3076 : miaubiz

    CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team

    CVE-2011-3081 : miaubiz

    CVE-2011-3086 : Arthur Gerkis

    CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz

    CVE-2011-3090 : Arthur Gerkis

    CVE-2011-3105 : miaubiz

    CVE-2011-3913 : Arthur Gerkis

    CVE-2011-3924 : Arthur Gerkis

    CVE-2011-3926 : Arthur Gerkis

    CVE-2011-3958 : miaubiz

    CVE-2011-3966 : Aki Helin of OUSPG

    CVE-2011-3968 : Arthur Gerkis

    CVE-2011-3969 : Arthur Gerkis

    CVE-2011-3971 : Arthur Gerkis

    CVE-2012-0682 : Apple Product Security

    CVE-2012-0683 : Dave Mandelin of Mozilla

    CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP

    CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP

    CVE-2012-2818 : miaubiz

    CVE-2012-3589 : Dave Mandelin of Mozilla

    CVE-2012-3590 : Apple Product Security

    CVE-2012-3591 : Apple Product Security

    CVE-2012-3592 : Apple Product Security

    CVE-2012-3593 : Apple Product Security

    CVE-2012-3594 : miaubiz

    CVE-2012-3595 : Martin Barbella of Google Chrome Security

    CVE-2012-3596 : Skylined of the Google Chrome Security Team

    CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3598 : Apple Product Security

    CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3600 : David Levin of the Chromium development community

    CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer

    CVE-2012-3602 : miaubiz

    CVE-2012-3603 : Apple Product Security

    CVE-2012-3604 : Skylined of the Google Chrome Security Team

    CVE-2012-3605 : Cris Neckar of the Google Chrome Security team

    CVE-2012-3608 : Skylined of the Google Chrome Security Team

    CVE-2012-3609 : Skylined of the Google Chrome Security Team

    CVE-2012-3610 : Skylined of the Google Chrome Security Team

    CVE-2012-3611 : Apple Product Security

    CVE-2012-3612 : Skylined of the Google Chrome Security Team

    CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3614 : Yong Li of Research In Motion, Inc.

    CVE-2012-3615 : Stephen Chenney of the Chromium development community

    CVE-2012-3617 : Apple Product Security

    CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3624 : Skylined of the Google Chrome Security Team

    CVE-2012-3625 : Skylined of Google Chrome Security Team

    CVE-2012-3626 : Apple Product Security

    CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team

    CVE-2012-3628 : Apple Product Security

    CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3640 : miaubiz

    CVE-2012-3641 : Slawomir Blazek

    CVE-2012-3642 : miaubiz

    CVE-2012-3644 : miaubiz

    CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3647 : Skylined of the Google Chrome Security Team

    CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team

    CVE-2012-3652 : Martin Barbella of Google Chrome Security Team

    CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3655 : Skylined of the Google Chrome Security Team

    CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3658 : Apple

    CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3661 : Apple Product Security

    CVE-2012-3663 : Skylined of Google Chrome Security Team

    CVE-2012-3664 : Thomas Sepez of the Chromium development community

    CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer

    CVE-2012-3666 : Apple

    CVE-2012-3667 : Trevor Squires of propaneapp.com

    CVE-2012-3668 : Apple Product Security

    CVE-2012-3669 : Apple Product Security

    CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis

    CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team

    CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team

    CVE-2012-3674 : Skylined of Google Chrome Security Team

    CVE-2012-3676 : Julien Chaffraix of the Chromium development community

    CVE-2012-3677 : Apple

    CVE-2012-3678 : Apple Product Security

    CVE-2012-3679 : Chris Leary of Mozilla

    CVE-2012-3680 : Skylined of Google Chrome Security Team

    CVE-2012-3681 : Apple

    CVE-2012-3682 : Adam Barth of the Google Chrome Security Team

    CVE-2012-3683 : wushi of team509 working with iDefense VCP

    CVE-2012-3684 : kuzzcc

    CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)

    CVE-2012-3703 : Apple Product Security

    CVE-2012-3704 : Skylined of the Google Chrome Security Team

    CVE-2012-3706 : Apple Product Security

    CVE-2012-3708 : Apple

    CVE-2012-3710 : James Robinson of Google

    CVE-2012-3747 : David Bloom of Cue

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site disclosure of information

    Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking.

    CVE-ID

    CVE-2012-3691 : Apple

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A malicious website may be able to replace the contents of an iframe on another site

    Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking.

    CVE-ID

    CVE-2011-3067 : Sergey Glazunov

  • WebKit

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: Visiting a maliciously crafted website may lead to a cross-site disclosure of information

    Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking.

    CVE-ID

    CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory

  • WebKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Look-alike characters in a URL could be used to masquerade a website

    Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look-alike characters are rendered in Punycode in the address bar.

    CVE-ID

    CVE-2012-3693 : Matt Cooley of Symantec

  • WebKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

    Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs.

    CVE-ID

    CVE-2012-3695 : Masato Kinugawa

  • WebKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to HTTP request splitting

    Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization.

    CVE-ID

    CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team

  • WebKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: A maliciously crafted website may be able to spoof the value in the URL bar

    Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking.

    CVE-ID

    CVE-2011-2845 : Jordi Chancel

  • WebKit

    Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents

    Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization.

    CVE-ID

    CVE-2012-3650 : Apple

 

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.
Last Modified: Sep 19, 2012
Helpful?
Yes
No
  • Last Modified: Sep 19, 2012
  • Article: HT5503
  • Views:

    11088
  • Rating:
    • 100.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked