Sign-up

ID

VAR-201707-1167


CVE

CVE-2017-7067


TITLE

Apple OS X Vulnerability in the kernel component that bypasses memory read restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2017-005767

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple OS X Vulnerabilities exist in the kernel component that prevent memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers

Trust: 1.98

sources: NVD: CVE-2017-7067 // JVNDB: JVNDB-2017-005767 // BID: 99882 // VULHUB: VHN-115270

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.6

Trust: 0.3

sources: BID: 99882 // JVNDB: JVNDB-2017-005767 // CNNVD: CNNVD-201707-946 // NVD: CVE-2017-7067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7067
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7067
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201707-946
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115270
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7067
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115270
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7067
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115270 // JVNDB: JVNDB-2017-005767 // CNNVD: CNNVD-201707-946 // NVD: CVE-2017-7067

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-115270 // JVNDB: JVNDB-2017-005767 // NVD: CVE-2017-7067

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201707-946

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201707-946

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005767

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207922url:https://support.apple.com/en-us/HT207922
Trust: 0.8
title:HT207922url:https://support.apple.com/ja-jp/HT207922
Trust: 0.8
title:Apple macOS Sierra Kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71888
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005767 // 
            
            
            
            CNNVD: CNNVD-201707-946

EXTERNAL IDS
db:NVDid:CVE-2017-7067
Trust: 2.8
db:BIDid:99882
Trust: 2.0
db:SECTRACKid:1038951
Trust: 1.7
db:JVNid:JVNVU91410779
Trust: 0.8
db:JVNDBid:JVNDB-2017-005767
Trust: 0.8
db:CNNVDid:CNNVD-201707-946
Trust: 0.7
db:VULHUBid:VHN-115270
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115270 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005767 // 
            
            
            
            CNNVD: CNNVD-201707-946 // 
            
            
            
            NVD: CVE-2017-7067

REFERENCES
url:http://www.securityfocus.com/bid/99882
Trust: 1.7
url:https://support.apple.com/ht207922
Trust: 1.7
url:http://www.securitytracker.com/id/1038951
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7067
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91410779/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7067
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-115270 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005767 // 
            
            
            
            CNNVD: CNNVD-201707-946 // 
            
            
            
            NVD: CVE-2017-7067

CREDITS
Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz, riusksk, chenqin of Ant-financial Light-Year Security Lab, HappilyCoded (ant4g0nist and r3dsm0k3), shrek_wzw of Qihoo 360 Nirvan Team, Min (Spark) Zheng of Alibaba Inc, Lufeng Li of Qihoo 360 Vulcan Te
Trust: 0.3
sources:
            
            
            BID: 99882

SOURCES
db:VULHUBid:VHN-115270
db:BIDid:99882
db:JVNDBid:JVNDB-2017-005767
db:CNNVDid:CNNVD-201707-946
db:NVDid:CVE-2017-7067

LAST UPDATE DATE
2025-04-20T20:05:55.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115270date:2019-10-03T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005767date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-946date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7067date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115270date:2017-07-20T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005767date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-946date:2017-07-24T00:00:00
db:NVDid:CVE-2017-7067date:2017-07-20T16:29:02.487