About the security content of iOS 9.1
This document describes the security content of iOS 9.1.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
iOS 9.1
Accelerate Framework
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking.
CVE-ID
CVE-2015-5940 : Apple
Bom
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata.
CVE-ID
CVE-2015-7006 : Mark Dowd at Azimuth Security
CFNetwork
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to cookies being overwritten
Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7023 : Marvin Scholz and Michael Lutonsky; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC
configd
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to elevate privileges
Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.
CVE-ID
CVE-2015-7015 : PanguTeam
CoreGraphics
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5925 : Apple
CVE-2015-5926 : Apple
CoreText
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team
Disk Images
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6995 : Ian Beer of Google Project Zero
FontParser
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-5927 : Apple
CVE-2015-5942
CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative
CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team
GasGauge
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6979 : PanguTeam
Grand Central Dispatch
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted package may lead to arbitrary code execution
Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6989 : Apple
Graphics Driver
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Executing a malicious application may result in arbitrary code execution within the kernel
Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team
ImageIO
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation.
CVE-ID
CVE-2015-5935 : Apple
CVE-2015-5936 : Apple
CVE-2015-5937 : Apple
CVE-2015-5939 : Apple
IOAcceleratorFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6996 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6974 : Luca Todesco (@qwertyoruiop)
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able to execute arbitrary code
Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization.
CVE-ID
CVE-2015-6988 : The Brainy Code Scanner (m00nbsd)
Kernel
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation.
CVE-ID
CVE-2015-6994 : Mark Mentovai of Google Inc.
mDNSResponder
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in DNS data parsing. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-7987 : Alexandre Helie
mDNSResponder
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A local application may be able to cause a denial of service
Description: A null pointer dereference issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7988 : Alexandre Helie
Notification Center
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Phone and Messages notifications may appear on the lock screen even when disabled
Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management.
CVE-ID
CVE-2015-7000 : William Redwood of Hampton School
OpenGL
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5924 : Apple
Security
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation.
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to overwrite arbitrary files
Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors.
CVE-ID
CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team
Security
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to make a revoked certificate appear valid
Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time.
CVE-ID
CVE-2015-6999 : Apple
Security
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag.
CVE-ID
CVE-2015-6997 : Apple
Telephony
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to leak sensitive user information
Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries.
CVE-ID
CVE-2015-7022 : Andreas Kurtz of NESO Security Labs
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5928 : Apple
CVE-2015-5929 : Apple
CVE-2015-5930 : Apple
CVE-2015-6981
CVE-2015-6982
CVE-2015-7002 : Apple
CVE-2015-7005 : Apple
CVE-2015-7012 : Apple
CVE-2015-7014
CVE-2015-7104 : Apple
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.