Enterprise Mobility Report 04/2015

Transkript

Enterprise Mobility Report 04/2015
Creation date:
4.5.2015
Author:
Vlastimil Turzík
Enterprise Mobility Report
April 2015
Content
Content ....................................................................................................................... 2
Introduction ................................................................................................................. 3
iOS ............................................................................................................................. 3
Vulnerability ............................................................................................................ 3
In iOS 8.3 Apple has corrected another jailbreak vulnerability ............................ 3
Critical HTTPS bug may open 25,000 iOS apps to eavesdropping attacks ......... 3
Security Flaw Lets Attackers Crash Any iPhone or iPad Within Wi-Fi Range ..... 4
Apple Systems Vulnerable to Bug ....................................................................... 4
About the security content of iOS 8.3 .................................................................. 5
Versions: 8.3 ......................................................................................................... 19
Android ..................................................................................................................... 19
Vulnerability .......................................................................................................... 19
Privilege Escalation Vulnerability affects Billions of Android Devices ................ 19
Wi-Fi Software Vulnerability Could Affect Android, Windows, Linux .................. 20
AirDroid vulnerability would let attackers take over Android phones ................. 20
Samsung Galaxy S5 vulnerability leaves fingerprint ID exposed ....................... 20
Versions ................................................................................................................ 21
Blackberry................................................................................................................. 21
Vulnerability .......................................................................................................... 21
Versions ................................................................................................................ 21
Windows Phone........................................................................................................ 21
Vulnerability .......................................................................................................... 21
Versions ................................................................................................................ 21
MobileIron ................................................................................................................. 21
Vulnerability .......................................................................................................... 21
System4u s.r.o.
Křížová 18, 603 00, Brno
Czech Republic
Tel.: +420 543 210 522
E-mail: [email protected]
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
Zapsaná v obchodním rejstříku u Krajského
soudu v Brně, oddíl C, vložka 47320.
2
April 2015
Introduction
This is the public version of System4u's Enterprise Mobility report. You can find here news
about security of iOS, Android, Blackberry and Windows Phone operating systems. We cover
also EMM solution MobileIron in this report, others EMM solutions will come in the future.
Full version of report is issued for our customers and subcsribers. You can find there not only
the news about security, but also interesting articles, links from the enterprise mobility world
and recommendations to mitigate the vulnerabilities.
iOS
Vulnerability
In iOS 8.3 Apple has corrected another jailbreak
vulnerability
Source: http://www.unlockpwd.com
Apple has released updates for the operating system iOS 8.3 , which along with the
implementation of numerous improvements, fixes several security issues. In
particular, according to the authoritative iOS-hacker MuscleNerd, the firmware
eliminated 39 holes, one of which affects the vulnerability exploited jailbreak tool
TaiG.
The flaw, which received identifier CVE-2015-1087, allows you to use the backup
system to gain access to restricted areas of the file system.
Critical HTTPS bug may open 25,000 iOS apps to
eavesdropping attacks
Source: http://arstechnica.com
At least 25,000 iOS apps available in Apple's App Store contain a critical vulnerability
that may completely cripple HTTPS protections designed to prevent man-in-themiddle attacks that steal or modify sensitive data, security researchers warned.
Any app that uses a version of AFNetworking prior to the just-released 2.5.3 may
expose data that's trivial for hackers to monitor or modify, even when it's protected by
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
3
April 2015
the secure sockets layer (SSL) protocol. The vulnerability can be exploited by using
any valid SSL certificate for any domain name, as long as the digital credential was
issued by a browser-trusted certificate authority (CA).
Security Flaw Lets Attackers Crash Any iPhone or iPad
Within Wi-Fi Range
Source: http://gizmodo.com/
At the RSA security conference in San Francisco, researchers from security firm
Skycure presented ‘No iOS Zone’, a vulnerability that would let attackers crash any
iOS device within range of a WiFi hotspot — whether you deliberately connect or not.
The vulnerability takes advantage of a bug in iOS 8: namely, that by manipulating
SSL certificates sent to iOS devices over a network — certificates used in virtually
every app, and in iOS itself — the researchers could make iOS devices crash, in the
worst-case scenario putting them into a constant boot-loop.
Apple Systems Vulnerable to Bug
Source: http://www.itsecurityx.com/
Kaspersky Lab has released information on a vulnerability, dubbed “Darwin Nuke,”
discovered by its security researchers in the kernel of Darwin – an open-source
component of Apple’s OS X and iOS operating systems. This vulnerability leaves OS
X 10.10 and iOS 8 devices exposed to remotely activated denial-of-service attacks
that can damage the user’s device and impact any enterprise network to which it is
connected.
According to Kaspersky’s SecureList Blog, the vulnerability is connected with the
processing of an IP packet that has a specific size and invalid IP options, enabling
attackers to cause a denial of service on devices with 64-bit processors and OS X
v10.10 or iOS v8 or lower versions installed.
This means that attackers can send just one incorrect network packet to the victim,
and the victim’s system will crash. The bug was discovered in December 2014 and
shared with Apple.
Apple confirms that the vulnerability CVE 2051-1105, has been fixed in its latest
software releases: OS X Yosemite v10.10.3 for Macintosh PCs; iOS v8.3 for Apple
mobile devices (iPhone, iPads); and the Apple TV v7.2 software update.
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
4
April 2015
About the security content of iOS 8.3
Source:https://support.apple.com/
This document describes the security content of iOS 8.3.
AppleKeyStore
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and
later
Impact: A malicious application may be able to guess the user's passcode
Description: iOS allowed access to an interface which allowed attempts to confirm
the user's passcode. This issue was addressed with improved entitlement checking.
CVE-ID
CVE-2015-1085
Audio Drivers
later
Impact: A malicious application may be able to execute arbitrary code with system
privileges
Description: A validation issue existed in IOKit objects used by an audio driver. This
issue was addressed through improved validation of metadata.
CVE-ID
CVE-2015-1086
Backup
later
Impact: An attacker may be able to use the backup system to access restricted areas
of the file system
Description: An issue existed in the relative path evaluation logic of the backup
system. This issues was addressed through improved path evaluation.
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
5
April 2015
CVE-ID
CVE-2015-1087 : TaiG Jailbreak Team
Certificate Trust Policy
later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates
may be viewed at https://support.apple.com/kb/HT204132
CFNetwork
later
Impact: Cookies belonging to one origin may be sent to another origin
Description: A cross-domain cookie issue existed in redirect handling. Cookies set in
a redirect response could be passed on to a redirect target belonging to another
origin. The issue was address through improved handling of redirects.
CVE-ID
CVE-2015-1089 : Niklas Keller (http://kelunik.com)
CFNetwork
later
Impact: A user may be unable to fully delete browsing history
Description: Clearing Safari's history did not clear saved HTTP Strict Transport
Security state. The issue was addressed through improved data deletion.
CVE-ID
CVE-2015-1090
CFNetwork Session
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
6
April 2015
later
Impact: Authentication credentials may be sent to a server on another origin
Description: A cross-domain HTTP request headers issue existed in redirect
handling. HTTP request headers sent in a redirect response could be passed on to
another origin. The issue was addressed through improved handling of redirects.
CVE-ID
CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL
later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: An input validation issue existed within URL processing. This issue was
addressed through improved URL validation.
CVE-ID
CVE-2015-1088
Foundation
later
Impact: An application using NSXMLParser may be misused to disclose information
Description: An XML External Entity issue existed in NSXMLParser's handling of
XML. This issue was addressed by not loading external entities across origins.
CVE-ID
CVE-2015-1092 : Ikuya Fukumoto
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
7
April 2015
FontParser
later
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the processing of font files.
These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-1093 : Marc Schoenefeld
IOAcceleratorFamily
later
Impact: A malicious application may be able to determine kernel memory layout
Description: An issue existed in IOAcceleratorFamily that led to the disclosure of
kernel memory content. This issue was addressed by removing unneeded code.
CVE-ID
CVE-2015-1094 : Cererdlong of Alibaba Mobile Security Team
IOHIDFamily
later
Impact: A malicious HID device may be able to cause arbitrary code execution
Description: A memory corruption issue existed in an IOHIDFamily API. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-1095 : Andrew Church
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
8
April 2015
IOHIDFamily
later
Description: An issue existed in IOHIDFamily that led to the disclosure of kernel
memory content. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive
IOMobileFramebuffer
later
Description: An issue existed in MobileFrameBuffer that led to the disclosure of
kernel memory content. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-1097 : Barak Gabai of the IBM X-Force Application Security Research
Team
iWork Viewer
later
Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution
Description: A memory corruption issue existed in the handling of iWork files. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1098 : Christopher Hickstein
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
9
April 2015
Kernel
later
Impact: A malicious application may be able to cause a system denial of service
Description: A race condition existed in the kernel's setreuid system call. This issue
was addressed through improved state management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel
later
Impact: A malicious application may escalate privileges using a compromised service
intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop privileges permanently.
This issue was addressed by correctly dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel
later
Impact: A malicious application may be able to cause unexpected system termination
or read kernel memory
Description: A out of bounds memory access issue existed in the kernel. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
10
April 2015
Kernel
later
Impact: A malicious application may be able to execute arbitrary code with system
privileges
Description: A memory corruption issue existed in the kernel. This issue was
addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
later
Impact: An attacker with a privileged network position may be able to cause a denial
of service
Description: A state inconsistency existed in the processing of TCP headers. This
issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel
later
Impact: An attacker with a privileged network position may be able to redirect user
traffic to arbitrary hosts
Description: ICMP redirects were enabled by default on iOS. This issue was
addressed by disabling ICMP redirects.
CVE-ID
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
11
April 2015
CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel
later
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote network
interfaces as local packets. The issue was addressed by rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel
later
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of TCP out of band
data. This issue was addressed through improved state management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io
Keyboards
later
Impact: QuickType could learn users' passcodes
Description: When using Bluetooth keyboards, QuickType could learn users'
passcodes. This issue was addressed by preventing QuickType from being displayed
on the lockscreen.
CVE-ID
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
12
April 2015
CVE-2015-1106 : Jarrod Dwenger, Steve Favorito, Paul Reedy of ConocoPhillips,
Pedro Tavares of Molecular Biophysics at UCIBIO/FCT/UNL, De Paul Sunny,
Christian Still of Evolve Media, Canada
libnetcore
later
Impact: Processing a maliciously crafted configuration profile may lead to unexpected
application termination
Description: A memory corruption issue existed in the handling of configuration
profiles. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye,
Inc.
Lock Screen
later
Impact: An attacker in possession of a device may prevent erasing the device after
failed passcode attempts
Description: In some circumstances, a device might not erase itself after failed
passcode attempts. This issue was addressed through additional enforcement of
erasure.
CVE-ID
CVE-2015-1107 : Brent Erickson, Stuart Ryan of University of Technology, Sydney
Lock Screen
later
Impact: An attacker in possession of a device may exceed the maximum number of
failed passcode attempts
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
13
April 2015
Description: In some circumstances, the failed passcode attempt limit was not
enforced. This issue was addressed through additional enforcement of this limit.
CVE-ID
CVE-2015-1108
NetworkExtension
later
Impact: An attacker in possession of a device may be able to recover VPN
credentials
Description: An issue existed in the handling of VPN configuration logs. This issue
was addressed by removing logging of credentials.
CVE-ID
CVE-2015-1109 : Josh Tway of IPVanish
Podcasts
later
Impact: Unnecessary information may be sent to external servers when downloading
podcast assets
Description: When downloading assets for podcast a user was subscribed to, unique
identifiers were sent to external servers. This issue was resolved by removing these
identifiers.
CVE-ID
CVE-2015-1110: Alex Selivanov
Safari
later
Impact: A user may be unable to fully delete browsing history
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
14
April 2015
Description: Clearing Safari's history did not clear "Recently closed tabs". The issue
was addressed through improved data deletion.
CVE-ID
CVE-2015-1111: Frode Moe of LastFriday.no
Safari
later
Impact: Users' browsing history may not be completely purged
Description: A state management issue existed in Safari that resulted in users'
browsing history not being purged from history.plist. This issue was addressed by
improved state management.
CVE-ID
CVE-2015-1112: William Breuer, The Netherlands
Sandbox Profiles
later
Impact: A malicious application may be able to access phone numbers or email
addresses of recent contacts
Description: An information disclosure issue existed in the third-party app sandbox.
This issue was addressed by improving the sandbox profile.
CVE-ID
CVE-2015-1113 : Andreas Kurtz of NESO Security Labs, Markus Troßbach of
Heilbronn University
Sandbox Profiles
later
Impact: Hardware identifiers may be accessible by third-party apps
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
15
April 2015
Description: An information disclosure issue existed in the third-party app sandbox.
This issue was addressed by improving the sandbox profile.
CVE-ID
CVE-2015-1114
Telephony
later
Impact: A malicious application may be able to access restricted telephony functions
Description: An access control issue existed in the telephony subsystem. Sandboxed
apps could access restricted telephony functions. This issue was addressed with
improved entitlement checking.
CVE-ID
CVE-2015-1115 : Andreas Kurtz of NESO Security Labs, Markus Troßbach of
Heilbronn University
UIKit View
later
Impact: Sensitive data may be exposed in application snapshots presented in the
Task Switcher
Description: An issue existed in UIKit, which did not blur application snapshots
containing sensitive data in the Task Switcher. This issue was addressed by correctly
blurring the snapshot.
CVE-ID
CVE-2015-1116: The mobile app team at HP Security Voltage, Aaron Rogers of
Mint.com, David Edwards of Tech4Tomorrow, David Zhang of Dropbox
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
16
April 2015
WebKit
later
Impact: Inconsistent user interface may prevent users from discerning a phishing
attack
Description: A user interface inconsistency existed in Safari that allowed an attacker
to misrepresent the URL. This issue was addressed through improved user interface
consistency checks.
CVE-ID
CVE-2015-1084 : Apple
WebKit
later
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit. These issues were
addressed through improved memory handling.
CVE-ID
CVE-2015-1068 : Apple
CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
CVE-2015-1070 : Apple
CVE-2015-1071 : Apple
CVE-2015-1072
CVE-2015-1073 : Apple
CVE-2015-1074 : Apple
CVE-2015-1076
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
17
April 2015
CVE-2015-1077 : Apple
CVE-2015-1078 : Apple
CVE-2015-1079 : Apple
CVE-2015-1080 : Apple
CVE-2015-1081 : Apple
CVE-2015-1082 : Apple
CVE-2015-1083 : Apple
CVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung Electronics
CVE-2015-1120 : Apple
CVE-2015-1121 : Apple
CVE-2015-1122 : Apple
CVE-2015-1123 : Randy Luecke and Anoop Menon of Google Inc.
CVE-2015-1124 : Apple
WebKit
later
Impact: Visiting a maliciously crafted website may lead to a user invoking a click on
another website
Description: An issue existed when handling touch events. A tap could propagate to
another website. The issue was addressed through improved event handling.
CVE-ID
CVE-2015-1125: Phillip Moon and Matt Weston of www.sandfield.co.nz
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
18
April 2015
WebKit
later
Impact: Visiting a maliciously crafted website may lead to resources of another origin
being accessed
Description: An issue existed in WebKit when handling credentials in FTP URLs. This
issue was address through improved decoding.
CVE-ID
CVE-2015-1126: Jouko Pynnonen of Klikki Oy
Versions: 8.3
Android
Vulnerability
Privilege Escalation Vulnerability affects Billions of
Android Devices
Source: http://www.dailytut.com
Newly found Privilege Escalation Vulnerability affects billions of android mobile
phones and tablets, except the devices that are running latest Android 5.0 Lollipop.
“Privilege Escalation is the act of exploiting a bug, design flaw or configuration in an
operating system to gain administrator or root access.” – Wikipedia. Security
Researcher named Jann Horn initially discovered this android security vulnerability
that could allow any attacker to bypass “Address Space Layout Randomization
(ASLR) defense and execute arbitrary code on the target device.
Any android device running below android 5.0 lollipop operating system is vulnerable
to this attack.
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
19
April 2015
Wi-Fi Software Vulnerability Could Affect Android,
Windows, Linux
Source: http://www.batblue.com
A vulnerability was found in a wireless network client code used by Android, Linux
and BSD Unix operating systems, and Windows Wi-Fi device drivers that could allow
attackers to crash devices or inject malicious software into the device via a malicious
peer-to-peer network name.
The vulnerability is similar to the Heartbleed vulnerability in that it does not properly
check the length of transmitted data, but goes beyond Heartbleed because it would
allow the attacker to write new data to memory.
AirDroid vulnerability would let attackers take over Android
phones
Source: http://www.scmagazine.com
A recently patched vulnerability found in Android's AirDroid application allowed
unauthorized access to a user's device.
AirDroid gives Android users complete control of their mobile device from a laptop or
desktop, but an attacker could take over that control by sending a malicious link to a
user. Once clicked from a computer logged into web.airdroid.com, the attacker could
control the Android device connected to the web interface. Any browser logged into
the portal is affected.
Samsung Galaxy S5 vulnerability leaves fingerprint ID
exposed
Source: http://thestack.com
A flaw has been discovered in the Samsung Galaxy S5, which made it possible for
hackers to take copies of fingerprints used to unlock the smartphone.
According to security research firm FireEye, the bug would have allowed hackers to
steal sensitive and personal data stored on the phone. The researchers suggested
that other phones running on the Android platform with Fingerprint ID systems may
also be at risk.
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
20
April 2015
Versions
Android 5.1 Lollipop
Nexus 6, 9, supported mobiles
Android 4.4.4 KitKat
all supported mobiles
Blackberry
Vulnerability
No vulnerabilities in this month.
Versions
Tmobile Czech
1)
2)
3)
4)
5)
6)
7)
8)
9)
OS 7.1.0.2807
OS 6.0.3159
OS 7.1.2814
OS 7.1.0.2839
OS 7.1.0.2814
OS 5.0.0.1168
OS 5.0.0.1748
OS 2.1.0.1917
OS 10.3.2
BlackBerry Bold 9900, 9810
Blackberry 9800, 9780, 9300
Blackberry 9790
Blackberry Curve 9720
Blackberry Curve 9320, 9360, 9320
Blackberry Curve 8520
Blackberry Bold 9000
BlackBerry PlayBook
Blackberry Passport, Porsche Design P´9983, Z30, Z10,
Windows Phone
Vulnerability
No vulnerabilities in this month.
Versions
Windows Phone 8.1
MobileIron
Vulnerability
No vulnerabilities in this month
System4u s.r.o.
Czech Republic
Tel.: +420 543 210 522
www.system4u.cz
IČ: 26945231, DIČ: CZ26945231
21

Enterprise Mobility Report 04/2015

Transkript

Podobné dokumenty

MCR-042/MCR-B142

Cybex 790T Treadmill - Coopal Engineering Fitness

GS-i980 Folio case

All in one. Play what you want to play - Pages - Home

Enjoy Rich, Beautiful Music Anywhere, Anytime You Like

High-grade Micro System in a Denon Hi

Mobility_report_07_2016_public

Life-Shot FHD300 PA

mobile first