Sign-up

ID

VAR-201804-1044


CVE

CVE-2017-7171


TITLE

(Pwn2Own) Apple iOS backboardd Untrusted Pointer Dereference Privilege Escalation Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-147 // ZDI: ZDI-18-156

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CoreAnimation" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the backboardd service. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to execute code under the context of root. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreAnimation is one of the animation processing API components. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2

Trust: 2.97

sources: NVD: CVE-2017-7171 // JVNDB: JVNDB-2017-013158 // ZDI: ZDI-18-147 // ZDI: ZDI-18-156 // VULHUB: VHN-115374

AFFECTED PRODUCTS

vendor:applemodel:iosscope: - version: -

Trust: 1.4

vendor:applemodel:iphone osscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.2

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:4.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.1

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:4.3.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.0.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:4.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:3.2.3

Trust: 0.6

sources: ZDI: ZDI-18-147 // ZDI: ZDI-18-156 // JVNDB: JVNDB-2017-013158 // CNNVD: CNNVD-201703-821 // NVD: CVE-2017-7171

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-7171
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2017-7171
value: HIGH

Trust: 1.0

NVD: CVE-2017-7171
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201703-821
value: HIGH

Trust: 0.6

VULHUB: VHN-115374
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7171
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2017-7171
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

VULHUB: VHN-115374
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7171
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-18-147 // ZDI: ZDI-18-156 // VULHUB: VHN-115374 // JVNDB: JVNDB-2017-013158 // CNNVD: CNNVD-201703-821 // NVD: CVE-2017-7171

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115374 // JVNDB: JVNDB-2017-013158 // NVD: CVE-2017-7171

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201703-821

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201703-821

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013158

PATCH
title:HT208334url:https://support.apple.com/en-us/HT208334
Trust: 2.2
title:HT208325url:https://support.apple.com/en-us/HT208325
Trust: 0.8
title:HT208327url:https://support.apple.com/en-us/HT208327
Trust: 0.8
title:HT208331url:https://support.apple.com/en-us/HT208331
Trust: 0.8
title:HT208325url:https://support.apple.com/ja-jp/HT208325
Trust: 0.8
title:HT208327url:https://support.apple.com/ja-jp/HT208327
Trust: 0.8
title:HT208331url:https://support.apple.com/ja-jp/HT208331
Trust: 0.8
title:HT208334url:https://support.apple.com/ja-jp/HT208334
Trust: 0.8
title:Multiple Apple product CoreAnimation Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90623
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-147 // 
            
            
            
            ZDI: ZDI-18-156 // 
            
            
            
            JVNDB: JVNDB-2017-013158 // 
            
            
            
            CNNVD: CNNVD-201703-821

EXTERNAL IDS
db:NVDid:CVE-2017-7171
Trust: 3.9
db:JVNid:JVNVU98418454
Trust: 0.8
db:JVNDBid:JVNDB-2017-013158
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5341
Trust: 0.7
db:ZDIid:ZDI-18-147
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5367
Trust: 0.7
db:ZDIid:ZDI-18-156
Trust: 0.7
db:CNNVDid:CNNVD-201703-821
Trust: 0.7
db:VULHUBid:VHN-115374
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-147 // 
            
            
            
            ZDI: ZDI-18-156 // 
            
            
            
            VULHUB: VHN-115374 // 
            
            
            
            JVNDB: JVNDB-2017-013158 // 
            
            
            
            CNNVD: CNNVD-201703-821 // 
            
            
            
            NVD: CVE-2017-7171

REFERENCES
url:https://support.apple.com/ht208325
Trust: 1.7
url:https://support.apple.com/ht208327
Trust: 1.7
url:https://support.apple.com/ht208331
Trust: 1.7
url:https://support.apple.com/ht208334
Trust: 1.7
url:https://support.apple.com/en-us/ht208334
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7171
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98418454/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7171
Trust: 0.8
sources:
            
            
            ZDI: ZDI-18-147 // 
            
            
            
            ZDI: ZDI-18-156 // 
            
            
            
            VULHUB: VHN-115374 // 
            
            
            
            JVNDB: JVNDB-2017-013158 // 
            
            
            
            CNNVD: CNNVD-201703-821 // 
            
            
            
            NVD: CVE-2017-7171

CREDITS
Tencent Keen Security Lab
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-147

SOURCES
db:ZDIid:ZDI-18-147
db:ZDIid:ZDI-18-156
db:VULHUBid:VHN-115374
db:JVNDBid:JVNDB-2017-013158
db:CNNVDid:CNNVD-201703-821
db:NVDid:CVE-2017-7171

LAST UPDATE DATE
2024-11-23T20:05:34.467000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-147date:2018-02-07T00:00:00
db:ZDIid:ZDI-18-156date:2018-02-07T00:00:00
db:VULHUBid:VHN-115374date:2019-03-08T00:00:00
db:JVNDBid:JVNDB-2017-013158date:2018-06-04T00:00:00
db:CNNVDid:CNNVD-201703-821date:2019-03-13T00:00:00
db:NVDid:CVE-2017-7171date:2024-11-21T03:31:18.687

SOURCES RELEASE DATE
db:ZDIid:ZDI-18-147date:2018-02-07T00:00:00
db:ZDIid:ZDI-18-156date:2018-02-07T00:00:00
db:VULHUBid:VHN-115374date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2017-013158date:2018-06-04T00:00:00
db:CNNVDid:CNNVD-201703-821date:2017-03-20T00:00:00
db:NVDid:CVE-2017-7171date:2018-04-03T06:29:02.640