In addition to releasing an update to its Sierra operating system, Apple issued updates for iOS, tvOS, and watchOS platforms to resolve 12 vulnerabilities that impact iPhone, iPad, iPod touch, Apple TV, and Apple Watch devices.
All 12 vulnerabilities have an impact on iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation and later, and all ended up addressed with the release of iOS 10.2 this week.
Affected components included Accessibility, Accounts, Find My iPhone, Graphics Driver, Image Capture, Local Authentication, Mail, Media Player, Profiles, and SpringBoard.
Tracked as CVE-2016-7626 and impacting Profiles, a memory corruption issue affected not only iOS devices, but also 4th generation Apple TV and all Apple Watch models. The vulnerability could allow an attacker to achieve arbitrary code execution if the user opened a maliciously crafted certificate on a vulnerable device.
For the attack to be successful, the attacker needs a specially crafted certificate that could lead to memory corruption of several processes. The file can be delivered to vulnerable devices through Mobile Safari or Mail app.
The bug was found by Maksymilian Arciemowicz (cxsecurity.com), who explains that the attacker would be able to control the overflow through the certificate length in OCSP field. Thus, they can trigger the crash of Profile, Preferences, or other unexpected behaviors.
While this was the only vulnerability addressed in tvOS 10.1, Apple attempted to make a fix in its watchOS 3.1.1, a bug tracked as CVE-2016-7651. However, it later appeared as if Apple pulled the fix back.
Issues impacting the iOS’ Accessibility could result in a nearby user overhearing spoken passwords (CVE-2016-7634), or in a person with physical access to the iOS device accessing photos and contacts from the lock screen (CVE-2016-7664). A state management issue in the handling of authentication information that resulted in an attacker with an unlocked device being able to disable Find My iPhone (CVE-2016-7638) was addressed as well.