Monthly Archives: April 2015

Apple

APPLE-SA-2015-04-08-3 iOS 8.3

From: Apple Product Security
Reply to list


APPLE-SA-2015-04-08-3 iOS 8.3

iOS 8.3 is now available and addresses the following:

AppleKeyStore
Available for:  iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact:  A malicious application may be able to guess the user's
passcode [...]
Apple

APPLE-SA-2015-04-08-4 Apple TV 7.2

From: Apple Product Security
Reply to list

APPLE-SA-2015-04-08-4 Apple TV 7.2

Apple TV 7.2 is now available and addresses the following:

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A validation issue existed in IOKit objects used by an
audio driver. This issue was addressed through improved validation of
metadata.
CVE-ID
CVE-2015-1086

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  An application using NSXMLParser may be misused to disclose
information
Description:  An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2015-1092 : Ikuya Fukumoto

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to determine kernel
memory layout
Description:  An issue existed in IOAcceleratorFamily that led to the
disclosure of kernel memory content. This issue was addressed by
removing unneeded code.
CVE-ID
CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious HID device may be able to cause arbitrary code
execution
Description:  A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1095 : Andrew Church

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to determine kernel
memory layout
Description:  An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to determine kernel
memory layout
Description:  An issue existed in MobileFrameBuffer that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security
Research Team

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to cause a system denial
of service
Description:  A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may escalate privileges using a
compromised service intended to run with reduced privileges
Description:  setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to cause unexpected
system termination or read kernel memory
Description:  A out of bounds memory access issue existed in the
kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  An attacker with a privileged network position may be able
to cause a denial of service
Description:  A state inconsistency existed in the processing of TCP
headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  An attacker with a privileged network position may be able
to redirect user traffic to arbitrary hosts
Description:  ICMP redirects were enabled by default on iOS. This
issue was addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A remote attacker may be able to bypass network filters
Description:  The system would treat some IPv6 packets from remote
network interfaces as local packets. The issue was addressed by
rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  A remote attacker may be able to cause a denial of service
Description:  A state inconsistency issue existed in the handling of
TCP out of band data. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  Processing a maliciously crafted configuration profile may
lead to unexpected application termination
Description:  A memory corruption issue existed in the handling of
configuration profiles. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of
FireEye, Inc.

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  Unnecessary information may be sent to external servers when
downloading podcast assets
Description:  When downloading assets for podcast a user was
subscribed to, unique identifiers were sent to external servers. This
issue was resolved by removing these identifiers.
CVE-ID
CVE-2015-1110 : Alex Selivanov

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  Hardware identifiers may be accessible by third-party apps
Description:  An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the sandbox
profile.
CVE-ID
CVE-2015-1114

Apple TV
Available for:  Apple TV 3rd generation and later
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-1068 : Apple
CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2015-1070 : Apple
CVE-2015-1071 : Apple
CVE-2015-1072
CVE-2015-1073 : Apple
CVE-2015-1074 : Apple
CVE-2015-1076
CVE-2015-1077 : Apple
CVE-2015-1078 : Apple
CVE-2015-1079 : Apple
CVE-2015-1080 : Apple
CVE-2015-1081 : Apple
CVE-2015-1082 : Apple
CVE-2015-1083 : Apple
CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung
Electronics
CVE-2015-1120 : Apple
CVE-2015-1121 : Apple
CVE-2015-1122 : Apple
CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc.
CVE-2015-1124 : Apple

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".

To check the current version of software, select
"Settings -> General -> About".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222iQIcBAEBCgAGBQJVJHMgAAoJEBcWfLTuOo7tjVUP/3e7Bo8L4f4+EFs7jkhKVzP5
6LxAuhAtXu+476K1iDKOwa0gyLu8ftp95Af0rgUHjqmNGgsrAYZPgG8Q3HzS/RpK
1JyShFHNIF87sqVGYfVpRthO10yRAQxNmJ/6zGTRU/Djwb/FBZyrMcbG0SMZ47KX
CerNerPwiI7dzKWWNHgvmj9ydJU9bSyI5bgweQ565BLKs0Lar8aqj6A/iV1Ekltn
A33LSrgMTgK+pjUl1CwQLZ05x9YPpCGXsA55u3MApfL2ZdoOk0VBpi/e56JrSq1J
BioCyTJn+DwDY+FjGg5vCjeGJGq4zQ/2SsLQwKLiK6Fje68LutNtrqPtNApWabh3
j876IiLpih2ZMV4KgqvCrkkMI2fkXlVOMLKUhI+UHJ4aWJTNprRwLbaJ7boQ9TCy
MJ9B39iPJtyZWtorXBUc0RC2N1HLj5ONZut6FtRkIoiMTaGe6ejbvM39BWC+1sgW
PsAYkvrEKzTcSdC6yY1RI2bufBD9SgtMD8f6y/q912uHf55poPSR9SV1iV5Tzftz
UPvxGTLlmcXzU52nlSZNYEp4U9Nh02ltUYhs6MptoVvHf4MZW9TaIj9YpBNdVMvb
vjB3UoPyAAb4GUqqVK6l5c6wlCyoCRg6Z86a99bW7PKBUP5C0LEzqwbZIMCkrX3i
iPMObURhCq+xIYRUTKXE
=ktgNThis email sent to email@hidden




 Prev by Date:
APPLE-SA-2015-04-08-3 iOS 8.3

 Previous by thread:
APPLE-SA-2015-04-08-3 iOS 8.3

 Index(es):

 Date 
 Thread 













    Home 
    Archives 
    Terms/Conditions 
    Contact 
    RSS 
    Lists 
    About 






 Visit the Apple Store online or at retail locations. 
1-800-MY-APPLE 
 Contact Apple | Terms of Use | Privacy Policy 
 Copyright © 2011 Apple Inc. All rights reserved.
Avast

10 Spring Cleaning Tips to Combat Grime

After a long winter, it’s time to throw open the windows and let the fresh air in. But first, you need to do a good Spring Cleaning to wash away the grime that has accumulated. Here’s our favorite tips that go beyond the ordinary vacuum and dust routine. Choose the ones you want to do, and don’t forget that your mobile devices can use a good cleaning too (see tip #10)!

house cleaning service

Spring cleaning is not only for your house. You can clean grime from your mobile devices too!

 

Starting from the top down:

  1. 1. Dim light fixtures and dull lamps.  See the gleam again from your light fixtures. Get a soft microfiber cloth or duster and wipe away dust from ceiling lights, fans, and table lamps. I even use a vacuum attachment on lamp shades.
  2. 2. Greasy window treatments. Dirt, dust, grease, and bacteria collect on draperies, blinds, verticals, and shades. It is recommended to have your fabric window treatments dry-cleaned every 5-7 years. For metal or plastic blinds, you can take them down and wash them with dishwashing soap in a bucket of water or a solution of half water, half vinegar. Clean wooden blinds with a soft dry cloth wear a pair of cotton gloves or old socks and wipe the slats down.
  3. 3. Dusty bookshelves. A dusty old library sounds like a romantic notion, but it’s not good in your own home.Working from the top down, remove books and decorative objects from one shelf at a time, dust and return. Maybe you’ll find some old books that are ready to donate while you’re at it.

You walk by it every day:

  1. 4. Grimy doors, knobs, and handles. Grubby hands and jumping dogs can make your doors pretty awful looking, but because you are walking in and out, you don’t even see the grime. Give knobs and handles a quick wipe down with your favorite cleaner and some paper towels. Make your front door welcoming again by cleaning it inside and out with warm, soapy water. Dry it with a soft cloth.

How does that get there?!

  1. 5. Crumby kitchen drawers. I can’t ever figure out how the crumbs get in there; but spring cleaning is a good time to remove everything, wipe out the drawers and return only the items you still use.
  2. 6. Upholstered furniture. After a season of snuggling on the sofa with the dog and a good movie, stick your hand between the cushion and you’ll find old popcorn and plenty of dirt, sticks and leaves. I even found a dead lizard! Get out the vacuum attachments and vacuum upholstered furniture, including under and between cushions. Fluff and rotate cushions and pillows.
  3. 7. Underneath the rugs. You’ll be surprised what’s under there, so move the furniture off the rug and vacuum underneath. You may want to take your rug outside and give it a good old-fashioned beating too.
  4. 8. Underneath beds and behind furniture. Dust bunnies as big as the cat are hidden away, so make an extra effort to get the vacuum way up under there. Allergy sufferers have enough to deal with when the pollen comes, so help them out by minimizing dust.

You will feel cleaner, too. Trust me.

  1. 9. Scummy shower and tub walls.  Soap scum builds up after a season of long, hot showers. Choose your favorite cleaning product and leave it on for at least 10 minutes before scrubbing down the tiles.

This is the easiest one!

  1. 10. Spring Clean your Mobile Devices. We may not be great at washing windows and cleaning floors, but we know how to Spring Clean you Android device! Over time, unnecessary data, system caches, gallery thumbnails, installation files, and residual files can accumulate on your smartphone and tablet. You can regain performance and speed when you clean away all the grime with our free app, Avast GrimeFighter Safe Clean for Android.  Install Avast GrimeFighter free from Google Play.
Avast GrimeFighter for Android is a free app.

Install for Free!