Details of VAR-201712-0278

ID

VAR-201712-0278

CVE

CVE-2017-13848

TITLE

Apple macOS of IOKit Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2017-011432

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. IOKit is one of the components that read system information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address the following: apache Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory Description: Multiple issues were addressed by updating to version 2.4.28. CVE-2017-9798 curl Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. CVE-2017-1000254: Max Dymond Directory Utility Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872 Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13883: an anonymous researcher Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13878: Ian Beer of Google Project Zero Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-13875: Ian Beer of Google Project Zero IOAcceleratorFamily Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr) IOKit Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-13848: Alex Plaskett of MWR InfoSecurity CVE-2017-13858: an anonymous researcher IOKit Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13876: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero Mail Available for: macOS High Sierra 10.13.1 Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13871: an anonymous researcher Mail Drafts Available for: macOS High Sierra 10.13.1 Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH OpenSSL Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. CVE-2017-3735: found by OSS-Fuzz Screen Sharing Server Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6 Impact: A user with screen sharing access may be able to access any file readable by root Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling. CVE-2017-13826: Trevor Jacques of Toronto Installation note: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7 Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp 4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj 5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+ ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs= =2VBd -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2017-13848 // JVNDB: JVNDB-2017-011432 // BID: 102099 // VULHUB: VHN-104511 // PACKETSTORM: 145270

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.2	Trust: 0.6
vendor:	apple	model:	macos	scope:	eq	version:	10.13.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.13	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.13.2	Trust: 0.3

sources: BID: 102099 // JVNDB: JVNDB-2017-011432 // CNNVD: CNNVD-201712-914 // NVD: CVE-2017-13848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13848
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-13848
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201712-914
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-104511
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-13848
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-104511
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13848
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104511 // JVNDB: JVNDB-2017-011432 // CNNVD: CNNVD-201712-914 // NVD: CVE-2017-13848

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-104511 // JVNDB: JVNDB-2017-011432 // NVD: CVE-2017-13848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-914

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-914

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011432

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208331	url:	https://support.apple.com/en-us/HT208331	Trust: 0.8
title:	HT208331	url:	https://support.apple.com/ja-jp/HT208331	Trust: 0.8
title:	Apple macOS High Sierra IOKit Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77343	Trust: 0.6

sources: JVNDB: JVNDB-2017-011432 // CNNVD: CNNVD-201712-914

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13848	Trust: 2.9
db:	BID	id:	102099	Trust: 1.4
db:	SECTRACK	id:	1039966	Trust: 1.1
db:	JVN	id:	JVNVU98418454	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011432	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-914	Trust: 0.7
db:	VULHUB	id:	VHN-104511	Trust: 0.1
db:	PACKETSTORM	id:	145270	Trust: 0.1

sources: VULHUB: VHN-104511 // BID: 102099 // JVNDB: JVNDB-2017-011432 // PACKETSTORM: 145270 // CNNVD: CNNVD-201712-914 // NVD: CVE-2017-13848

REFERENCES

url:	https://support.apple.com/ht208331	Trust: 1.7
url:	http://www.securityfocus.com/bid/102099	Trust: 1.1
url:	http://www.securitytracker.com/id/1039966	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13848	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13848	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98418454/index.html	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	https://support.apple.com/en-in/ht208331	Trust: 0.3
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3735	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13860	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13875	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13878	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13867	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13855	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13858	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13868	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13872	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9798	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13844	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13833	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000254	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13847	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13883	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13871	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13876	Trust: 0.1

sources: VULHUB: VHN-104511 // BID: 102099 // JVNDB: JVNDB-2017-011432 // PACKETSTORM: 145270 // CNNVD: CNNVD-201712-914 // NVD: CVE-2017-13848

CREDITS

Ian Beer of Google Project Zero, HyungSeok Han, and anonymous researcher.

Trust: 0.3

sources: BID: 102099

SOURCES

db:	VULHUB	id:	VHN-104511
db:	BID	id:	102099
db:	JVNDB	id:	JVNDB-2017-011432
db:	PACKETSTORM	id:	145270
db:	CNNVD	id:	CNNVD-201712-914
db:	NVD	id:	CVE-2017-13848

LAST UPDATE DATE

2025-04-20T21:17:54.064000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104511	date:	2017-12-28T00:00:00
db:	BID	id:	102099	date:	2017-12-19T22:01:00
db:	JVNDB	id:	JVNDB-2017-011432	date:	2018-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201712-914	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-13848	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104511	date:	2017-12-25T00:00:00
db:	BID	id:	102099	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-011432	date:	2018-01-16T00:00:00
db:	PACKETSTORM	id:	145270	date:	2017-12-08T10:11:11
db:	CNNVD	id:	CNNVD-201712-914	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-13848	date:	2017-12-25T21:29:13.903