lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <3D819549-CF9E-4609-963E-80C42B76B2B7@lists.apple.com>
Date: Tue, 26 May 2020 17:23:34 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: Apple Product Security via Security-announce
 <security-announce@...ts.apple.com>
Subject: [FD] APPLE-SA-2020-05-26-2 iOS 12.4.7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-05-26-2 iOS 12.4.7

iOS 12.4.7 addresses the following:

Mail
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9818: ZecOps.com

Mail
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch 6th generation
Impact: Processing a maliciously crafted mail message may lead to
heap corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9819: ZecOps.com

Wi-Fi
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3843: Ian Beer of Google Project Zero

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.4.7".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64

iQIcBAEDCAAGBQJezV7QAAoJEAc+Lhnt8tDNuPEQAJnAwO9sbgdfm+qVVOLipUKF
6Vxmy9609KqDujTnVhylCRKTsieK3sIuHo9UIdJ63A2MCO9SL4PamKH4z63GnZTF
Tx2DVv4UjfhiyqbbhOcCZVUUw80Z63L9nwcmtN8+VcFSCkOr3WHLTrTvd39HgaB7
Tehasa2NkN3E3c/Zmm2aQOIMrKmomMMF1eFn6eEMrlpSKNgqgzfo8QUhWEHiJsS/
RaFPRkZRKKmw+Y1MweCukqSi8bOzKNKBFahDmD7noHCtkHy0bFL85BFiist6cCX5
VxD3unfexYYmBwt466I++y49HVG6JrNyIsMEg6FayR8wrbewszDVh1YarHKwaZlI
JrZpmzJwTed1QGOoQ6TBiz1uMjkcc38ae0vkl/UV79c30mI2mdq1hj/FgnrXbF4C
HpoTDyDcN7bharGmVBWiPpZfaNGEZzjzg9ATn4oHnihMI2oNPJyiNsezNcczvOot
hqJlW4Z78L+VucXZsaRNDciilMBKpWRTxzIvfZwMiEOCPU5uy4T0ou78XH/x2xju
4rSAbG+R9mx8VB2G9CHODyyR0xIQ1y2NiqUBDpP6O3pehBHlMaa21q6k/gAe05a5
lO+NH75EI0/uQDfJSrCj2WbD9riuJsQToU+KY7QOXk2iotY+LC/79gGo2G9cYVAN
k7FzJH9C4lVimiOjFauD
=h/Qh
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ