Sign-up

ID

VAR-201804-1052


CVE

CVE-2017-7002


TITLE

Apple iOS and macOS of SQLite Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-013148

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebSQL. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Both Apple iOS and macOS Sierra are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; macOS Sierra is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp. A memory corruption vulnerability exists in the SQLite component in Apple iOS versions prior to 10.3.2 and masOS Sierra versions prior to 10.12.5

Trust: 2.61

sources: NVD: CVE-2017-7002 // JVNDB: JVNDB-2017-013148 // ZDI: ZDI-17-369 // BID: 98773 // VULHUB: VHN-115205

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 1.4

vendor:applemodel:iphone osscope:ltversion:10.3.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.12.5

Trust: 1.0

vendor:applemodel:iosscope:ltversion:10.3.2 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

vendor:applemodel:mac os xscope:eqversion:10.7.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.11.3

Trust: 0.6

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:10.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.31

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:10.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.5

Trust: 0.3

vendor:applemodel:safariscope:neversion:10.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0020

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0020

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.28

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.8

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.30

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.10

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:7.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:8.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:6.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: ZDI: ZDI-17-369 // BID: 98773 // JVNDB: JVNDB-2017-013148 // CNNVD: CNNVD-201706-036 // NVD: CVE-2017-7002

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7002
value: HIGH

Trust: 1.0

NVD: CVE-2017-7002
value: HIGH

Trust: 0.8

ZDI: CVE-2017-7002
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201706-036
value: MEDIUM

Trust: 0.6

VULHUB: VHN-115205
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7002
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

VULHUB: VHN-115205
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7002
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-17-369 // VULHUB: VHN-115205 // JVNDB: JVNDB-2017-013148 // CNNVD: CNNVD-201706-036 // NVD: CVE-2017-7002

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115205 // JVNDB: JVNDB-2017-013148 // NVD: CVE-2017-7002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-036

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201706-036

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013148

PATCH
title:HT207798url:https://support.apple.com/en-us/HT207798
Trust: 1.5
title:HT207797url:https://support.apple.com/en-us/HT207797
Trust: 0.8
title:HT207798url:https://support.apple.com/ja-jp/HT207798
Trust: 0.8
title:HT207797url:https://support.apple.com/ja-jp/HT207797
Trust: 0.8
title:Apple iOS  and macOS Sierra SQLite Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70669
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-369 // 
            
            
            
            JVNDB: JVNDB-2017-013148 // 
            
            
            
            CNNVD: CNNVD-201706-036

EXTERNAL IDS
db:NVDid:CVE-2017-7002
Trust: 3.5
db:BIDid:98773
Trust: 2.0
db:ZDIid:ZDI-17-369
Trust: 1.0
db:JVNDBid:JVNDB-2017-013148
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4596
Trust: 0.7
db:CNNVDid:CNNVD-201706-036
Trust: 0.7
db:VULHUBid:VHN-115205
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-369 // 
            
            
            
            VULHUB: VHN-115205 // 
            
            
            
            BID: 98773 // 
            
            
            
            JVNDB: JVNDB-2017-013148 // 
            
            
            
            CNNVD: CNNVD-201706-036 // 
            
            
            
            NVD: CVE-2017-7002

REFERENCES
url:http://www.securityfocus.com/bid/98773
Trust: 1.7
url:https://support.apple.com/ht207797
Trust: 1.7
url:https://support.apple.com/ht207798
Trust: 1.7
url:https://support.apple.com/en-us/ht207798
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7002
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7002
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-us/ht207797
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-17-369/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-17-369 // 
            
            
            
            VULHUB: VHN-115205 // 
            
            
            
            BID: 98773 // 
            
            
            
            JVNDB: JVNDB-2017-013148 // 
            
            
            
            CNNVD: CNNVD-201706-036 // 
            
            
            
            NVD: CVE-2017-7002

CREDITS
Chaitin Security Research Lab working with Trend Micro's Zero Day Initiative.
Trust: 0.9
sources:
            
            
            BID: 98773 // 
            
            
            
            CNNVD: CNNVD-201706-036

SOURCES
db:ZDIid:ZDI-17-369
db:VULHUBid:VHN-115205
db:BIDid:98773
db:JVNDBid:JVNDB-2017-013148
db:CNNVDid:CNNVD-201706-036
db:NVDid:CVE-2017-7002

LAST UPDATE DATE
2024-11-23T22:22:06.702000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-369date:2017-05-30T00:00:00
db:VULHUBid:VHN-115205date:2018-04-27T00:00:00
db:BIDid:98773date:2017-05-30T00:00:00
db:JVNDBid:JVNDB-2017-013148date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201706-036date:2017-06-02T00:00:00
db:NVDid:CVE-2017-7002date:2024-11-21T03:30:57.163

SOURCES RELEASE DATE
db:ZDIid:ZDI-17-369date:2017-05-30T00:00:00
db:VULHUBid:VHN-115205date:2018-04-03T00:00:00
db:BIDid:98773date:2017-05-30T00:00:00
db:JVNDBid:JVNDB-2017-013148date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201706-036date:2017-05-30T00:00:00
db:NVDid:CVE-2017-7002date:2018-04-03T06:29:01.623