Sign-up

ID

VAR-201707-1189


CVE

CVE-2017-7031


TITLE

Apple OS X of Foundation Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-005756

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. Foundation is one of the base layer components that defines Objective-C classes. A memory corruption vulnerability exists in the Foundation components of Apple macOS Sierra prior to 10.12.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-2 macOS 10.12.6 macOS 10.12.6 is now available and addresses the following: afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7033: riusksk (ae3aY=) of Tencent Security Platform Department AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team Audio Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7050: Min (Spark) Zheng of Alibaba Inc. CVE-2017-7054: Lufeng Li of Qihoo 360 Vulcan Team, Alex Plaskett of MWR InfoSecurity Contacts Available for: macOS Sierra 10.12.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia) CoreAudio Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved bounds checking. CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team curl Available for: macOS Sierra 10.12.5 Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to version 7.54.0. CVE-2016-9586 CVE-2016-9594 CVE-2017-2629 CVE-2017-7468 Foundation Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7014: Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz CVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab (eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team CVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team Intel Graphics Driver Available for: macOS Sierra 10.12.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team CVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team IOUSBFamily Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7022: an anonymous researcher CVE-2017-7024: an anonymous researcher Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7023: an anonymous researcher Kernel Available for: macOS Sierra 10.12.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7025: an anonymous researcher CVE-2017-7027: an anonymous researcher CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team Kernel Available for: macOS Sierra 10.12.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7026: an anonymous researcher Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7028: an anonymous researcher CVE-2017-7029: an anonymous researcher CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team kext tools Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team libarchive Available for: macOS Sierra 10.12.5 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-7068: found by OSS-Fuzz libxml2 Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7047: Ian Beer of Google Project Zero Wi-Fi Available for: macOS Sierra 10.12.5 Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence Additional recognition curl We would like to acknowledge Dave Murdock of Tangerine Element for their assistance. Installation note: macOS 10.12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGe3QP/2EYqCofq3zbIdr8qyzqkFea S7TLjRwnRulKBO4/Cj4Qfkc5wp8g4gd6qs0SjpfHIMw5XWwwGSxtljQ+zPhd8Zie AtwDPcjNpNKzcdgs1guEUwkv9gLgDbS6xbCUEnld00lURTAWxtMEP3Ue5chaJMn7 GpYQx8ZDZ15D8cjbtvIYHjmhTEutiqWB0EAcEvuM3ov54oC7qlu7vpXzevcLw9j6 YwZZJz2MSIlhpQh466qBr1Eay+EdTF69D0F18Jlpx9M+QejpHBLy08vk3UypXkqs Jjf/FmqrSuSZrPwU+WOYaps6AvZ+pDMnJIBuWDw1BaI5hrx3KA8eyGSlzedTM7DG r+myZHjIt4EOuSK6rOyZnmTLJM7/gWOm4CpPPbyDNd10nJm5oDWuZnqMlBcC4X/8 99ks/lXKbxtwTVL4AHDb0+rKJ2N9Try5togURREkAC5cI/97+zKzQ9Qobu4iC8MN Yo9dwDDP77vxANrGAUbEJSAWBR+tkLJw1jIJhIXeb/Hhayw4J02qo6RzO9bMotcx RhsNAr3ZN/REBBzinUR13o605W7I3ktRZlc1K8aVQqj4doRLCUAw0TJXs2/4pkKI hdueKoFsS66nbgoThU6VmAkyPfYubvJuDEaZ5wzS1CZOHZSr2Hy5//YfY9UhRcBu RN8FF9CraIvShvn0urgd =wnAu -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2017-7031 // JVNDB: JVNDB-2017-005756 // BID: 99882 // VULHUB: VHN-115234 // PACKETSTORM: 143432

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.5

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0030

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.6

Trust: 0.3

sources: BID: 99882 // JVNDB: JVNDB-2017-005756 // CNNVD: CNNVD-201707-979 // NVD: CVE-2017-7031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7031
value: HIGH

Trust: 1.0

NVD: CVE-2017-7031
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-979
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115234
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7031
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115234
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7031
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115234 // JVNDB: JVNDB-2017-005756 // CNNVD: CNNVD-201707-979 // NVD: CVE-2017-7031

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115234 // JVNDB: JVNDB-2017-005756 // NVD: CVE-2017-7031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-979

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201707-979

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005756

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207922url:https://support.apple.com/en-us/HT207922
Trust: 0.8
title:HT207922url:https://support.apple.com/ja-jp/HT207922
Trust: 0.8
title:Apple macOS Sierra Foundation Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71921
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005756 // 
            
            
            
            CNNVD: CNNVD-201707-979

EXTERNAL IDS
db:NVDid:CVE-2017-7031
Trust: 2.9
db:BIDid:99882
Trust: 1.4
db:SECTRACKid:1038951
Trust: 1.1
db:JVNid:JVNVU91410779
Trust: 0.8
db:JVNDBid:JVNDB-2017-005756
Trust: 0.8
db:CNNVDid:CNNVD-201707-979
Trust: 0.7
db:VULHUBid:VHN-115234
Trust: 0.1
db:PACKETSTORMid:143432
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115234 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005756 // 
            
            
            
            PACKETSTORM: 143432 // 
            
            
            
            CNNVD: CNNVD-201707-979 // 
            
            
            
            NVD: CVE-2017-7031

REFERENCES
url:https://support.apple.com/ht207922
Trust: 1.7
url:http://www.securityfocus.com/bid/99882
Trust: 1.1
url:http://www.securitytracker.com/id/1038951
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7031
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7031
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91410779/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2016-9586
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7009
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7025
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7028
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7035
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7029
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7024
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7036
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-9594
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7017
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7044
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7022
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2629
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7016
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7008
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7032
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7047
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7033
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7010
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7026
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7021
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7023
Trust: 0.1
url:https://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7045
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7027
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7013
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7015
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115234 // 
            
            
            
            BID: 99882 // 
            
            
            
            JVNDB: JVNDB-2017-005756 // 
            
            
            
            PACKETSTORM: 143432 // 
            
            
            
            CNNVD: CNNVD-201707-979 // 
            
            
            
            NVD: CVE-2017-7031

CREDITS
Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz, riusksk, chenqin of Ant-financial Light-Year Security Lab, HappilyCoded (ant4g0nist and r3dsm0k3), shrek_wzw of Qihoo 360 Nirvan Team, Min (Spark) Zheng of Alibaba Inc, Lufeng Li of Qihoo 360 Vulcan Te
Trust: 0.3
sources:
            
            
            BID: 99882

SOURCES
db:VULHUBid:VHN-115234
db:BIDid:99882
db:JVNDBid:JVNDB-2017-005756
db:PACKETSTORMid:143432
db:CNNVDid:CNNVD-201707-979
db:NVDid:CVE-2017-7031

LAST UPDATE DATE
2025-04-20T22:14:43.568000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115234date:2017-07-24T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005756date:2017-08-04T00:00:00
db:CNNVDid:CNNVD-201707-979date:2017-07-21T00:00:00
db:NVDid:CVE-2017-7031date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115234date:2017-07-20T00:00:00
db:BIDid:99882date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005756date:2017-08-04T00:00:00
db:PACKETSTORMid:143432date:2017-07-20T18:32:22
db:CNNVDid:CNNVD-201707-979date:2017-07-21T00:00:00
db:NVDid:CVE-2017-7031date:2017-07-20T16:29:01.143