Sign-up

ID

VAR-201704-0812


CVE

CVE-2017-2490


TITLE

plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts

Trust: 0.8

sources: JVNDB: JVNDB-2017-002338

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. iOS is a mobile operating system developed by Apple. Apple Corps first announced this system at the Macworld conference on January 9, 2007. It was originally designed for the iPhone and later applied to iPod touch, iPad, and Apple TV. tvOS is a system developed by Apple. Based on iOS, tvOS is an operating system designed for the fourth generation of Apple TV. MacOS is a set of operating systems running on Apple Macintosh computers. watchOS is a mobile operating system for the Apple Watch developed by Apple. It is based on the iOS operating system and has many similar features. The "Kernel" component of many Apple products has a denial of service vulnerability. Apple iOS, WatchOS, macOS and tvOS are prone to a memory corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. The following versions are affected: Versions prior to Apple iOS 10.3 Versions prior to Apple watchOS 3.2 Versions prior to Apple tvOS 10.2 Versions prior to Apple macOS 10.12.4

Trust: 2.52

sources: NVD: CVE-2017-2490 // JVNDB: JVNDB-2017-002338 // CNVD: CNVD-2017-05002 // BID: 97301 // VULHUB: VHN-110693

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:iphone osscope:lteversion:10.2.1

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:10.1.1

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:3.1.3

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.9

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2

Trust: 0.6

vendor:applemodel:macosscope:ltversion:10.12.4

Trust: 0.6

vendor:applemodel:iosscope:ltversion:10.3

Trust: 0.6

vendor:applemodel:watchosscope:ltversion:3.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:3.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:10.2

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3

Trust: 0.3

sources: CNVD: CNVD-2017-05002 // BID: 97301 // JVNDB: JVNDB-2017-002338 // NVD: CVE-2017-2490 // CNNVD: CNNVD-201704-115

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-2490
value: HIGH

Trust: 1.8

CNVD: CNVD-2017-05002
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-115
value: HIGH

Trust: 0.6

VULHUB: VHN-110693
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2017-2490
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-05002
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110693
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-2490
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-05002 // VULHUB: VHN-110693 // JVNDB: JVNDB-2017-002338 // NVD: CVE-2017-2490 // CNNVD: CNNVD-201704-115

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110693 // JVNDB: JVNDB-2017-002338 // NVD: CVE-2017-2490

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-115

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201704-115

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-2490

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-110693

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/ht201222
Trust: 0.8
title:HT207615url:https://support.apple.com/en-us/ht207615
Trust: 0.8
title:HT207617url:https://support.apple.com/en-us/ht207617
Trust: 0.8
title:HT207601url:https://support.apple.com/en-us/ht207601
Trust: 0.8
title:HT207602url:https://support.apple.com/en-us/ht207602
Trust: 0.8
title:HT207601url:https://support.apple.com/ja-jp/ht207601
Trust: 0.8
title:HT207602url:https://support.apple.com/ja-jp/ht207602
Trust: 0.8
title:HT207615url:https://support.apple.com/ja-jp/ht207615
Trust: 0.8
title:HT207617url:https://support.apple.com/ja-jp/ht207617
Trust: 0.8
title:Patch for Apple iOS / tvOS / macOS / watchOS Denial of Service Vulnerability (CNVD-2017-05002)url:https://www.cnvd.org.cn/patchinfo/show/92264
Trust: 0.6
title:Multiple Apple product Kernel Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69008
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05002 // 
            
            
            
            JVNDB: JVNDB-2017-002338 // 
            
            
            
            CNNVD: CNNVD-201704-115

EXTERNAL IDS
db:NVDid:CVE-2017-2490
Trust: 3.4
db:BIDid:97301
Trust: 2.6
db:EXPLOIT-DBid:41804
Trust: 1.7
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002338
Trust: 0.8
db:CNNVDid:CNNVD-201704-115
Trust: 0.7
db:CNVDid:CNVD-2017-05002
Trust: 0.6
db:PACKETSTORMid:141983
Trust: 0.1
db:SEEBUGid:SSVID-92884
Trust: 0.1
db:VULHUBid:VHN-110693
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05002 // 
            
            
            
            VULHUB: VHN-110693 // 
            
            
            
            BID: 97301 // 
            
            
            
            JVNDB: JVNDB-2017-002338 // 
            
            
            
            NVD: CVE-2017-2490 // 
            
            
            
            CNNVD: CNNVD-201704-115

REFERENCES
url:http://www.securityfocus.com/bid/97301
Trust: 1.7
url:https://support.apple.com/ht207601
Trust: 1.7
url:https://support.apple.com/ht207602
Trust: 1.7
url:https://support.apple.com/ht207615
Trust: 1.7
url:https://support.apple.com/ht207617
Trust: 1.7
url:https://www.exploit-db.com/exploits/41804/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-2490
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2490
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/ios/
Trust: 0.3
url:https://www.apple.com/osx/
Trust: 0.3
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/watchos-2/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05002 // 
            
            
            
            VULHUB: VHN-110693 // 
            
            
            
            BID: 97301 // 
            
            
            
            JVNDB: JVNDB-2017-002338 // 
            
            
            
            NVD: CVE-2017-2490 // 
            
            
            
            CNNVD: CNNVD-201704-115

CREDITS
Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC).
Trust: 0.3
sources:
            
            
            BID: 97301

SOURCES
db:CNVDid:CNVD-2017-05002
db:VULHUBid:VHN-110693
db:BIDid:97301
db:JVNDBid:JVNDB-2017-002338
db:NVDid:CVE-2017-2490
db:CNNVDid:CNNVD-201704-115

LAST UPDATE DATE
2023-12-18T11:24:09.185000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05002date:2017-04-21T00:00:00
db:VULHUBid:VHN-110693date:2019-03-08T00:00:00
db:BIDid:97301date:2017-04-04T00:03:00
db:JVNDBid:JVNDB-2017-002338date:2017-04-12T00:00:00
db:NVDid:CVE-2017-2490date:2019-03-08T16:06:33.217
db:CNNVDid:CNNVD-201704-115date:2019-03-13T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05002date:2017-04-21T00:00:00
db:VULHUBid:VHN-110693date:2017-04-02T00:00:00
db:BIDid:97301date:2017-04-01T00:00:00
db:JVNDBid:JVNDB-2017-002338date:2017-04-12T00:00:00
db:NVDid:CVE-2017-2490date:2017-04-02T01:59:04.077
db:CNNVDid:CNNVD-201704-115date:2017-04-07T00:00:00