About the security content of iOS 7.1.2
This document describes the security content of iOS 7.1.2.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see Apple Security Updates.
iOS 7.1.2
Certificate Trust Policy
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT5012.
CoreGraphics
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted XBM file may lead to an unexpected application termination or arbitrary code execution
Description: An unbounded stack allocation issue existed in the handling of XBM files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1354 : Dima Kovalenko of codedigging.com
Kernel
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An application could cause the device to unexpectedly restart
Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through additional validation of IOKit API arguments.
CVE-ID
CVE-2014-1355 : cunzhang from Adlab of Venustech
launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A heap buffer overflow existed in launchd's handling of IPC messages. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1356 : Ian Beer of Google Project Zero
launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A heap buffer overflow existed in launchd's handling of log messages. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1357 : Ian Beer of Google Project Zero
launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An integer overflow existed in launchd. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1358 : Ian Beer of Google Project Zero
launchd
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An integer underflow existed in launchd. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1359 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker possessing an iOS device could potentially bypass Activation Lock
Description: Devices were performing incomplete checks during device activation, which made it possible for malicious individuals to partially bypass Activation Lock. This issue was addressed through additional client-side verification of data received from activation servers.
CVE-ID
CVE-2014-1360
Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in possession of a device may exceed the maximum number of failed passcode attempts
Description: In some circumstances, the failed passcode attempt limit was not enforced. This issue was addressed through additional enforcement of this limit.
CVE-ID
CVE-2014-1352 : mblsec
Lock Screen
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may be able to access the application that was in the foreground prior to locking
Description: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.
CVE-ID
CVE-2014-1353
Mail
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Mail attachments can be extracted from an iPhone 4
Description: Data protection was not enabled for mail attachments, allowing them to be read by an attacker with physical access to the device. This issue was addressed by changing the encryption class of mail attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Safari
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in Safari's handling of invalid URLs. This issue was addressed through improved memory handling.
CVE-ID
CVE-2014-1349 : Reno Robert and Dhanesh Kizhakkinan
Settings
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to disable Find My iPhone without entering an iCloud password
Description: A state management issue existed in the handling of the Find My iPhone state. This issue was addressed through improved handling of Find My iPhone state.
CVE-ID
CVE-2014-1350
Secure Transport
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Two bytes of uninitialized memory could be disclosed to a remote attacker
Description: An uninitialized memory access issue existed in the handling of DTLS messages in a TLS connection. This issue was addressed by only accepting DTLS messages in a DTLS connection.
CVE-ID
CVE-2014-1361 : Thijs Alkemade of The Adium Project
Siri
Available for: iPhone 4S and later, iPod touch (5th generation) and later, iPad (3rd generation) and later
Impact: A person with physical access to the phone may be able to view all contacts
Description: If a Siri request might refer to one of several contacts, Siri displays a list of possible choices and the option 'More...' for a complete contact list. When used at the lock screen, Siri did not require the passcode before viewing the complete contact list. This issue was addressed by requiring the passcode.
CVE-ID
CVE-2014-1351 : Sherif Hashim
WebKit
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-2875 : miaubiz
CVE-2013-2927 : cloudfuzzer
CVE-2014-1323 : banty
CVE-2014-1325 : Apple
CVE-2014-1326 : Apple
CVE-2014-1327 : Google Chrome Security Team, Apple
CVE-2014-1329 : Google Chrome Security Team
CVE-2014-1330 : Google Chrome Security Team
CVE-2014-1331 : cloudfuzzer
CVE-2014-1333 : Google Chrome Security Team
CVE-2014-1334 : Apple
CVE-2014-1335 : Google Chrome Security Team
CVE-2014-1336 : Apple
CVE-2014-1337 : Apple
CVE-2014-1338 : Google Chrome Security Team
CVE-2014-1339 : Atte Kettunen of OUSPG
CVE-2014-1341 : Google Chrome Security Team
CVE-2014-1342 : Apple
CVE-2014-1343 : Google Chrome Security Team
CVE-2014-1362 : Apple, miaubiz
CVE-2014-1363 : Apple
CVE-2014-1364 : Apple
CVE-2014-1365 : Apple, Google Chrome Security Team
CVE-2014-1366 : Apple
CVE-2014-1367 : Apple
CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics
CVE-2014-1731 : an anonymous member of the Blink development community
WebKit
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check
Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding.
CVE-ID
CVE-2014-1346 : Erling Ellingsen of Facebook
WebKit
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof its domain name in the address bar
Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs.
CVE-ID
CVE-2014-1345 : Erling Ellingsen of Facebook
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.