Apple has recently released Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 to fix multiple flaws in the Productivity Apps, mainly related to input validation issues that caused problems while parsing maliciously crafted documents.
Sadeghipour and Fehrenbach discovered a vulnerability that can be exploited by attackers using a specially crafted document that includes malicious XML data, Apple is aware of the possible exploitation of the flaw since July.
This particular attack is known as XML External Entity (XXE) attack, the attackers just need to send a specially crafted Pages, Keynote, or Numbers file to the targeted user.
According to the expert, an attacker can exploit the vulnerability by sending a specially crafted Apple Productivity Apps file to compromise the targeted user. When the victim opens the file, it triggers the execution of malicious code included in the XML data and it reaches an external XML file located on a host controlled by the attacker.
“An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.” states the OWASP organization about this specific kind of attack.
The Apple Productivity Apps were also affected by a memory corruption issue (CVE-2015-7033) reported by Felix Groebert of the Google Security Team.
An attacker can exploit the flaw using once again maliciously crafted documents that can crash applications opening them, or that can lead arbitrary code execution.
Groebert also reported a memory corruption flaw affecting the way Apple Pages parses maliciously crafted documents (CVE-2015-7034), the exploitation of the vulnerability can also result in application crashing or code execution.
Security Affairs – (Apple Productivity Apps, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.