Details of VAR-201710-1392

ID

VAR-201710-1392

CVE

CVE-2017-7079

TITLE

Apple iTunes of Data Sync In the component iOS Backup access vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009334

DESCRIPTION

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. Apple iTunes is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Versions prior to Apple iTunes 12.7 are vulnerable. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. CVE-2017-7079: Pi Delta Entry added September 25, 2017 Installation note: iTunes 12.7 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZyUQgAAoJEIOj74w0bLRGnGsQAJop+zlod9UQSlJfdRxJ01ki GJfR8gw9GWDLvc3JY4XULXJfED23KH7OK4OeiR1/NXdc/yR4fJWGph11p9Lb9Lez QCbLl63aM4leC3M1yBberlaLQ6kNwk/Wo5TlllhrJLddy3OP3Otfah5A9BWg/d6J e27wiYtjW3Su0GjomrV7T40dD37VUc4ugJTH50pa93/RDQnXs2oTjqI7ofkuuYoj OB/03oDSlZgZO4YfyZVlKQ73uNA0zHKW6HI+ykLEJqFBKHxBKhCAaPYL29F4kOkl AE17dyZr1910x8PIaThWhej/LxLeTBgbxtTs4pvr2Sl3K/vMtNoHg6kvmHBeuacj d/IOLwrFaVq6ZjPoqsEupkbrpJeNUvXcGl05QAwgrAZBlXV79Uz2PAE885G78wuD R2aWsOFVv2uFaQLvy5J8hxSahqGpA0EuzWu8Miq9k2toz19kvOL3LC16pJ5uUZEs 5MmiZwEVs785JhWUFU22Ecmd5pYi+AGVXI+DnBdkhKZWDU45RCbKhOoD1EtAPXSO op8Rxs0XQD1AJNgTvBBgW/W+kf32OTJFImwT5jT4IKaljaovM0HtpDbDcUscRZYr 1zkSoqAbrZ3+Lq+3HdYvX8WVNHaUoRPnCgznp5GlDxRvc/jyE65Pr1BBRq9Xu2LJ k6rrKA4qvyBDvMBUPusT =l/hz -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2017-7079 // JVNDB: JVNDB-2017-009334 // BID: 100983 // VULHUB: VHN-115282 // PACKETSTORM: 144372

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lte	version:	12.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	12.6.2	Trust: 0.9
vendor:	apple	model:	itunes	scope:	lt	version:	12.7 (os x yosemite 10.10.5 or later )	Trust: 0.8
vendor:	esignal	model:	esignal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.4.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.8	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.72	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.2.20	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.5.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	12.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0.0.163	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	11.0	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1.7	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	itunes	scope:	ne	version:	12.7	Trust: 0.3

sources: BID: 100983 // JVNDB: JVNDB-2017-009334 // CNNVD: CNNVD-201709-1377 // NVD: CVE-2017-7079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7079
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7079
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-1377
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115282
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7079
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115282
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7079
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-115282 // JVNDB: JVNDB-2017-009334 // CNNVD: CNNVD-201709-1377 // NVD: CVE-2017-7079

PROBLEMTYPE DATA

problemtype:	CWE-552	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-115282 // JVNDB: JVNDB-2017-009334 // NVD: CVE-2017-7079

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-1377

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201709-1377

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009334

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208140	url:	https://support.apple.com/en-us/HT208140	Trust: 0.8
title:	HT208140	url:	https://support.apple.com/ja-jp/HT208140	Trust: 0.8
title:	Apple iTunes Data Sync Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75236	Trust: 0.6

sources: JVNDB: JVNDB-2017-009334 // CNNVD: CNNVD-201709-1377

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7079	Trust: 2.9
db:	BID	id:	100983	Trust: 2.0
db:	JVN	id:	JVNVU99806334	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009334	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1377	Trust: 0.7
db:	PACKETSTORM	id:	144372	Trust: 0.2
db:	VULHUB	id:	VHN-115282	Trust: 0.1

sources: VULHUB: VHN-115282 // BID: 100983 // JVNDB: JVNDB-2017-009334 // PACKETSTORM: 144372 // CNNVD: CNNVD-201709-1377 // NVD: CVE-2017-7079

REFERENCES

url:	http://www.securityfocus.com/bid/100983	Trust: 1.7
url:	https://support.apple.com/ht208140	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7079	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7079	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99806334/index.html	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	https://lists.apple.com/archives/security-announce/2017/sep/msg00011.html	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://www.apple.com/itunes/download/	Trust: 0.1

sources: VULHUB: VHN-115282 // BID: 100983 // JVNDB: JVNDB-2017-009334 // PACKETSTORM: 144372 // CNNVD: CNNVD-201709-1377 // NVD: CVE-2017-7079

CREDITS

Pi Delta

Trust: 0.9

sources: BID: 100983 // CNNVD: CNNVD-201709-1377

SOURCES

db:	VULHUB	id:	VHN-115282
db:	BID	id:	100983
db:	JVNDB	id:	JVNDB-2017-009334
db:	PACKETSTORM	id:	144372
db:	CNNVD	id:	CNNVD-201709-1377
db:	NVD	id:	CVE-2017-7079

LAST UPDATE DATE

2025-04-20T21:35:44.624000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115282	date:	2019-10-03T00:00:00
db:	BID	id:	100983	date:	2017-09-26T09:00:00
db:	JVNDB	id:	JVNDB-2017-009334	date:	2017-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201709-1377	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7079	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115282	date:	2017-10-23T00:00:00
db:	BID	id:	100983	date:	2017-09-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-009334	date:	2017-11-09T00:00:00
db:	PACKETSTORM	id:	144372	date:	2017-09-28T00:26:21
db:	CNNVD	id:	CNNVD-201709-1377	date:	2017-09-25T00:00:00
db:	NVD	id:	CVE-2017-7079	date:	2017-10-23T01:29:11.580