Multiple buffer overflows in iCloud Keychain in Apple iOS prior to 8.2 and Apple OS X up to and including 10.10.2 allow man-in-the-middle malicious users to execute arbitrary code by modifying the client-server data stream during keychain recovery.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
||
apple iphone os |
Turns out those bugs weren't quite squished
Apple has released a follow-up to last week's security update after finding a pair of flaws that are still vulnerable on patched systems. The Cupertino giant said that the 2015-003 update would address two flaws; a man-in-the-middle vulnerability and type confusion error in OS X Yosemite (10.10.2). Both of the flaws, CVE-2015-1065 and CVE-2015-1061, were listed in last week's security update, but were not effectively patched, forcing Apple to put out another fix. The CVE-2015-1065 issue was disc...
Remote-code exec in iOS, OS X iCloud, plus FREAK fix
While everyone was losing their mind over expensive watches, Apple sneaked out security fixes for iOS phones and tablets, and OS X computers. Both the OS X Security Update 2015-002 and iOS 8.2 address critical flaws. Leading the charge is a patch to squish the FREAK bug in the two operating systems' SSL/TLS code. Disclosed last week by researchers, the flaw allows an eavesdropper to intercept connections to HTTPS websites and downgrade the strength of the encryption, allowing miscreants to crack...