Details of VAR-201710-1387

ID

VAR-201710-1387

CVE

CVE-2017-7140

TITLE

Apple iOS of Keyboard Suggestions Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-009364

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions. Apple iOS is prone to multiple security vulnerabilities. Versions prior to Apple iOS 11 are vulnerable

Trust: 1.98

sources: NVD: CVE-2017-7140 // JVNDB: JVNDB-2017-009364 // BID: 101000 // VULHUB: VHN-115343

AFFECTED PRODUCTS

vendor:	apple	model:	iphone os	scope:	lte	version:	10.3.3	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.3	Trust: 0.6
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad air	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	11	Trust: 0.3

sources: BID: 101000 // JVNDB: JVNDB-2017-009364 // CNNVD: CNNVD-201703-973 // NVD: CVE-2017-7140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7140
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7140
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201703-973
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115343
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7140
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115343
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7140
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115343 // JVNDB: JVNDB-2017-009364 // CNNVD: CNNVD-201703-973 // NVD: CVE-2017-7140

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-115343 // JVNDB: JVNDB-2017-009364 // NVD: CVE-2017-7140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-973

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-973

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009364

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/en-us/HT208112	Trust: 0.8
title:	HT208112	url:	https://support.apple.com/ja-jp/HT208112	Trust: 0.8

sources: JVNDB: JVNDB-2017-009364

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7140	Trust: 2.8
db:	BID	id:	101000	Trust: 1.4
db:	JVN	id:	JVNVU99806334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009364	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-973	Trust: 0.6
db:	VULHUB	id:	VHN-115343	Trust: 0.1

sources: VULHUB: VHN-115343 // BID: 101000 // JVNDB: JVNDB-2017-009364 // CNNVD: CNNVD-201703-973 // NVD: CVE-2017-7140

REFERENCES

url:	https://support.apple.com/ht208112	Trust: 1.7
url:	http://www.securityfocus.com/bid/101000	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7140	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99806334/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7140	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://lists.apple.com/archives/security-announce/2017/sep/msg00009.html	Trust: 0.3

sources: VULHUB: VHN-115343 // BID: 101000 // JVNDB: JVNDB-2017-009364 // CNNVD: CNNVD-201703-973 // NVD: CVE-2017-7140

CREDITS

Anonymous researcher,Dominik Conrads of Federal Office for Information Security,Elvis (@elvisimprsntr).

Trust: 0.3

sources: BID: 101000

SOURCES

db:	VULHUB	id:	VHN-115343
db:	BID	id:	101000
db:	JVNDB	id:	JVNDB-2017-009364
db:	CNNVD	id:	CNNVD-201703-973
db:	NVD	id:	CVE-2017-7140

LAST UPDATE DATE

2025-04-20T22:02:17.650000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115343	date:	2017-10-26T00:00:00
db:	BID	id:	101000	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009364	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-973	date:	2017-10-24T00:00:00
db:	NVD	id:	CVE-2017-7140	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115343	date:	2017-10-23T00:00:00
db:	BID	id:	101000	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009364	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201703-973	date:	2017-03-23T00:00:00
db:	NVD	id:	CVE-2017-7140	date:	2017-10-23T01:29:13.847