About the security content of iOS 9.1

This document describes the security content of iOS 9.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other security updates, see Apple security updates.

iOS 9.1

  • Accelerate Framework

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking.

    CVE-ID

    CVE-2015-5940 : Apple

  • Bom

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

    Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata.

    CVE-ID

    CVE-2015-7006 : Mark Dowd at Azimuth Security

  • CFNetwork

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to cookies being overwritten

    Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing.

    CVE-ID

    CVE-2015-7023 : Marvin Scholz and Michael Lutonsky; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC

  • configd

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to elevate privileges

    Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.

    CVE-ID

    CVE-2015-7015 : PanguTeam

  • CoreGraphics

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-5925 : Apple

    CVE-2015-5926 : Apple

  • CoreText

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team

  • Disk Images

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6995 : Ian Beer of Google Project Zero

  • FontParser

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-5927 : Apple

    CVE-2015-5942

    CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative

    CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team

  • GasGauge

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6979 : PanguTeam

  • Grand Central Dispatch

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Processing a maliciously crafted package may lead to arbitrary code execution

    Description: A memory corruption issue existed when handling dispatch calls. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6989 : Apple

  • Graphics Driver

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Executing a malicious application may result in arbitrary code execution within the kernel

    Description: A type confusion issue existed in AppleVXD393. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6986 : Proteas of Qihoo 360 Nirvan Team

  • ImageIO

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Viewing a maliciously crafted image file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues was addressed through improved metadata validation.

    CVE-ID

    CVE-2015-5935 : Apple

    CVE-2015-5936 : Apple

    CVE-2015-5937 : Apple

    CVE-2015-5939 : Apple

  • IOAcceleratorFamily

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6996 : Ian Beer of Google Project Zero

  • IOHIDFamily

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6974 : Luca Todesco (@qwertyoruiop)

  • Kernel

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A local application may be able to cause a denial of service

    Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-7004 : Sergi Alvarez (pancake) of NowSecure Research Team

  • Kernel

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: An attacker with a privileged network position may be able to execute arbitrary code

    Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization.

    CVE-ID

    CVE-2015-6988 : The Brainy Code Scanner (m00nbsd)

  • Kernel

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A local application may be able to cause a denial of service

    Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation.

    CVE-ID

    CVE-2015-6994 : Mark Mentovai of Google Inc.

  • mDNSResponder

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in DNS data parsing. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-7987 : Alexandre Helie

  • mDNSResponder

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A local application may be able to cause a denial of service

    Description: A null pointer dereference issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-7988 : Alexandre Helie

  • Notification Center

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Phone and Messages notifications may appear on the lock screen even when disabled

    Description: When "Show on Lock Screen" was turned off for Phone or Messages, configuration changes were not immediately applied. This issue was addressed through improved state management.

    CVE-ID

    CVE-2015-7000 : William Redwood of Hampton School

  • OpenGL

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5924 : Apple

  • Security

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation.

    CVE-ID

    CVE-2015-7059 : David Keeler of Mozilla

    CVE-2015-7060 : Tyson Smith of Mozilla

    CVE-2015-7061 : Ryan Sleevi of Google

  • Security

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to overwrite arbitrary files

    Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors.

    CVE-ID

    CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team

  • Security

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: An attacker may be able to make a revoked certificate appear valid

    Description: A validation issue existed in the OCSP client. This issue was addressed by checking the OCSP certificate's expiration time.

    CVE-ID

    CVE-2015-6999 : Apple

  • Security

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails

    Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag.

    CVE-ID

    CVE-2015-6997 : Apple

  • Telephony

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: A malicious application may be able to leak sensitive user information

    Description: An issue existed in the authorization checks for querying phone call status. This issue was addressed through additional authorization state queries.

    CVE-ID

    CVE-2015-7022 : Andreas Kurtz of NESO Security Labs

  • WebKit

    Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-5928 : Apple

    CVE-2015-5929 : Apple

    CVE-2015-5930 : Apple

    CVE-2015-6981

    CVE-2015-6982

    CVE-2015-7002 : Apple

    CVE-2015-7005 : Apple

    CVE-2015-7012 : Apple

    CVE-2015-7014

    CVE-2015-7104 : Apple

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: