Home / vulnerabilities Apple Security Advisory 2015-10-15-1
Posted on 16 October 2015
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and
iWork for iOS 2.6
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now
available which address the following:
Keynote, Pages, and Numbers
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted document may lead to
compromise of user information
Description: Multiple input validation issues existed in parsing a
maliciously crafted document. These issues were addressed through
improved input validation.
CVE-ID
CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.
CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)
Keynote, Pages, and Numbers
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted document may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in parsing a
maliciously crafted document. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-7033 : Felix Groebert of the Google Security Team
Pages
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted Pages document may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in parsing a
maliciously crafted Pages document. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-7034 : Felix Groebert of the Google Security Team
Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may
be obtained from the App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWIChpAAoJEBcWfLTuOo7tm6wP/A7VLym8s1mxvtZtkL6rlP9G
LDuDKD6Q+ukd4EU41unLvgJC3DrC5XmJKBySrReX7hLBbHMElCFOa971+GVZl4aE
9gbX3zJvNf9uIzP3VSpmYw1tIdZVXr275ypdG+Nlc1YBCpcdMD6ohD9dJD1zdG8l
ieuEvRFFUFGdgtIk5PO6YKHstYFkcQbbmt/uy61y3CglIDWyPOeJ7m6DWlCPYB3I
PtY82ust1XPpJT0WSH3sfLyhluoq89VFPmiZhwDnOUopWuLmNoLntoQFnbCnRNwd
5nGzjukKGe8eQQ5guZP8wo+t57Rz37povvDWOXxvuk2mjjr0+ejQpRk+c7/4aIkX
Uyz4nW4DGCEjXDA8/yT5HXWHb7m28WehV5fnUiNVkl0PltwLY5nlSk29sD2BMiT6
DY3KUXT6ppZxqVMm3HEzM3VQKD5kfiFJkzXx1QtOzx4mAyTUKqN98Ni7ijf/O7CI
xjyNOCBNcMRtqA0ySUncvMiCeRo1b7Y2hthqY6GtmRjKbq2D8ooZyiEHGv6E10g1
Hn46jPJWPKcOMudszPUc2/AIaj94+Xb7Esq3wUSkz5e7c068oxUFBZLjVDeH8P8i
/3AUN6OXLVoGCkQvdv0kvsmQDsTJqq3iUkBSDSzE5RD8GDYh+cyi+54ZFV7BKhCi
ikrC4CqPxEcf3lk6bXKi
=Zci4
-----END PGP SIGNATURE-----