APPLE-SA-2015-08-13-1

APPLE-SA-2015-08-13-3

76342

1033274

https://support.apple.com/kb/HT205030

https://support.apple.com/kb/HT205033

The remote host is running a version of iOS that is prior to version 8.4.1 and the following components contain vulnerabilities :

 - Air Traffic 
 - AppleFileConduit 
 - Backup 
 - bootp 
 - CFPreferences 
 - Certificate UI 
 - CloudKit 
 - Code Signing 
 - CoreMedia Playback 
 - CoreText 
 - DiskImages 
 - FontParser 
 - IOHIDFamily 
 - IOKit 
 - ImageIO 
 - Kernel 
 - Libc 
 - Libinfo 
 - libpthread 
 - libxml2 
 - libxpc 
 - Location Framework 
 - MSVDX Driver 
 - MobileInstallation 
 - Office Viewer 
 - QL Office 
 - Safari 
 - Sandbox_profiles 
 - UIKit WebView 
 - Web 
 - WebKit

Versions of Safari prior to 6.2.8 / 7.1.8 / 8.0.8 are reportedly affected by the following vulnerabilities :

 - An unspecified flaw exists that allows an attacker to spoof UI elements by using crafted web pages. (CVE-2015-3729)
 - Multiple memory corruption flaws exist in WebKit due to improper validation of user-supplied input. An attacker can exploit these, by using a crafted web page, to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)
 - A security policy bypass vulnerability exists in WebKit related to handling Content Security Policy report requests. An attacker can exploit this to bypass the HTTP Strict Transport Security policy. (CVE-2015-3750)
 - A security policy bypass vulnerability exists in WebKit that allows websites to use video controls to load images nested in object elements in violation of Content Security Policy directives. (CVE-2015-3751)
 - An information disclosure vulnerability exists in WebKit related to how cookies are added to Content Security Policy report requests, which results in cookies being exposed to cross-origin requests. Also, cookies set during regular browsing are sent during private browsing. (CVE-2015-3752)
 - An information disclosure vulnerability exists in the WebKit Canvas component when images are called using URLs that redirect to a data:image resource. An attacker, using a malicious website, can exploit this to disclose image data cross-origin. (CVE-2015-3753)
 - An information disclosure vulnerability exists in WebKit page loading where the caching of HTTP authentication credentials entered in private browsing mode were carried over into regular browsing, resulting in a user's private browsing history being exposed. (CVE-2015-3754)
 - A flaw in the WebKit process model allows a malicious website to display an arbitrary URL, which can allow user interface spoofing. (CVE-2015-3755)

The version of Apple Safari installed on the remote Mac OS X host is prior to 6.2.8 / 7.1.8 / 8.0.8. It is, therefore, affected by the following vulnerabilities :

  - An unspecified flaw exists that allows an attacker to     spoof UI elements by using crafted web pages.
    (CVE-2015-3729)

  - Multiple memory corruption flaws exist in WebKit due     to improper validation of user-supplied input. An     attacker can exploit these, by using a crafted web page,     to execute arbitrary code. (CVE-2015-3730, CVE-2015-3731     CVE-2015-3732, CVE-2015-3733, CVE-2015-3734,     CVE-2015-3735, CVE-2015-3736, CVE-2015-3737,     CVE-2015-3738, CVE-2015-3739, CVE-2015-3740,     CVE-2015-3741, CVE-2015-3742, CVE-2015-3743,     CVE-2015-3744, CVE-2015-3745, CVE-2015-3746,     CVE-2015-3747, CVE-2015-3748, CVE-2015-3749)

  - A security policy bypass vulnerability exists in WebKit     related to handling Content Security Policy report     requests. An attacker can exploit this to bypass the     HTTP Strict Transport Security policy. (CVE-2015-3750)

  - A security policy bypass vulnerability exists in WebKit     that allows websites to use video controls to load     images nested in object elements in violation of Content     Security Policy directives. (CVE-2015-3751)

  - An information disclosure vulnerability exists in WebKit     related to how cookies are added to Content Security     Policy report requests, which results in cookies being     exposed to cross-origin requests. Also, cookies set     during regular browsing are sent during private     browsing. (CVE-2015-3752)

  - An information disclosure vulnerability exists in the     WebKit Canvas component when images are called using     URLs that redirect to a data:image resource. An     attacker, using a malicious website, can exploit this to     disclose image data cross-origin. (CVE-2015-3753)

  - An information disclosure vulnerability exists in WebKit     page loading where the caching of HTTP authentication     credentials entered in private browsing mode were carried     over into regular browsing, resulting in a user's private     browsing history being exposed. (CVE-2015-3754)

  - A flaw in the WebKit process model allows a malicious     website to display an arbitrary URL, which can allow     user interface spoofing. (CVE-2015-3755)

The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-006. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - CoreText
  - FontParser
  - Libinfo
  - libxml2
  - OpenSSL
  - perl
  - PostgreSQL
  - QL Office
  - Quartz Composer Framework
  - QuickTime 7
  - SceneKit

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The mobile device is running a version of iOS prior to version 8.4.1.
It is, therefore, affected by vulnerabilities in the following components :

  - Air Traffic
  - AppleFileConduit
  - Backup
  - bootp
  - CFPreferences
  - Certificate UI
  - CloudKit
  - Code Signing
  - CoreMedia Playback
  - CoreText
  - DiskImages
  - FontParser
  - IOHIDFamily
  - IOKit
  - ImageIO
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - Location Framework
  - MSVDX Driver
  - MobileInstallation
  - Office Viewer
  - QL Office
  - Safari
  - Sandbox_profiles
  - UIKit WebView
  - Web
  - WebKit

ID	Name	Product	Family	Severity
8978	Apple iOS < 8.4.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	critical
8949	Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
85446	Mac OS X : Apple Safari < 6.2.8 / 7.1.8 / 8.0.8 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
85409	Mac OS X Multiple Vulnerabilities (Security Update 2015-006)	Nessus	MacOS X Local Security Checks	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
85407	Apple iOS < 8.4.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2015-3729

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins