APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and
iWork for iOS 2.6

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now
available which address the following:

Keynote, Pages, and Numbers
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted document may lead to
compromise of user information
Description: Multiple input validation issues existed in parsing a
maliciously crafted document. These issues were addressed through
improved input validation.
CVE-ID
CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.
CVE-2015-7032 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach
(@ITSecurityguard)

Keynote, Pages, and Numbers
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted document may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in parsing a
maliciously crafted document. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-7033 : Felix Groebert of the Google Security Team

Pages
Available for: OS X Yosemite v10.10.4 or later, iOS 8.4 or later
Impact: Opening a maliciously crafted Pages document may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in parsing a
maliciously crafted Pages document. This issue was addressed through
improved memory handling.
CVE-ID
CVE-2015-7034 : Felix Groebert of the Google Security Team

Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 may
be obtained from the App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/