[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS
From: Apple Product Security <product-security-noreply () lists ! apple ! com>
Date: 2018-09-17 18:23:53
Message-ID: 9C0FD3A8-40FD-431D-BAB4-32E81D6F35AB () lists ! apple ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2018-9-17-5 Apple Support 2.4 for iOS
Apple Support 2.4 for iOS is now available and addresses the
following:
Analytics
Available for: iOS 11.0 and later
Impact: An attacker in a privileged network position may be able to
intercept analytics data sent to Apple
Description: Analytics data was sent using HTTP rather than HTTPS.
This was addressed by sending analytics data using HTTPS.
CVE-2018-4397: Yigit Can YILMAZ (@yilmazcanyigit)
Installation note:
Apple Support 2.4 for iOS may be obtained from the iOS App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf7w4ACgkQeC9tht7T
K3Fh+BAAladfEhMqU/fHmTtXsfcmTAATaSpZOq1UF9uJ/J5RwR7OXQSkutOnNwcG
Vb0075qtoi7nTJQX94X/8qYgMvAmIYvuC/2Z7g7j4B93Co2sh4DgEmSQ1bcY5poi
3Crdd319vzfeGZ3FwqKEi6zUr7iydUA5R/f4nt6mTo0c57BFVXLVwHKMCm1iTpgk
WMatvf6fIOsxL/Q3X4DDn3sJAuVcNQTUeQIDtEaA1VT9gOuJBf5BOLXQDgYc6D84
qLKQ1sAgbtxmRYrCnbZKAvcKqWn77nvhjfaVq4OnSnjkLxowE1TD3XRzHJrdk3GN
x2ojRh3GwL2Iw15AYc3qEhI9cpJmOMdaKhu6C5UWKerILVP8lS/ygTKARSSW0id0
EfKu08f1Xi23uFiaqpSI2UBhMr0v9D49744ylUVGRVIGunqUJ0Nj9FmYBBKNRv5T
4RLGj5NsD5l7bCBBpKNA/n37ivcAetFGXpaxpAV5GGi45ZhYPK94EdbJuzte12GB
vRgyoN+LsphipjZc4Dzhu8smerpL9cIUWbINvAHfLwMEOhquTbJ6t96dHIbGOzC0
XpYbzVmYrVdCBcOZz5F+XwfOzGBWC74/tnHONeQopU8zB03vqrAEt9jM26hVtkfe
ztAS/8YR0xRcqvkx0bd7EwadbqbeDY5X+9DfwzjextQNPJz/vGA=
=s2QM
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic