Apple has released security updates to address several vulnerabilities in OS X, iOS and many others. The first vulnerability identified (CVE-2015-7015) is in configd – and enables a malicious application to elevate privileges and is also addressed in OS X El Capitan 10.11.1 and watchOS 2.0.1. The second vulnerability (CVE-2015-6979) is in GasGauge and it enables a malicious application to execute arbitrary code. Other issues fixed in iOS 9.1 include multiple memory corruption bugs in ImageIO that can lead to arbitrary code execution when viewing a maliciously crafted image file, vulnerabilities in OpenGL and WebKit that could lead to arbitrary code execution when visiting a maliciously crafted website, and a flaw in telephony that could enable a malicious application to leak sensitive user information. Some of the bugs affecting all aforementioned versions of Apple’s operating system include a memory corruption vulnerability in Accelerate Framework that could lead to arbitrary code execution upon visiting a maliciously crafted website, and flaws in CoreText and FontParser that could lead to arbitrary code execution when processing a maliciously crafted font file.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street