VARIoT IoT vulnerabilities database
| VAR-201712-0119 | CVE-2017-16725 | Xiongmai Technology IP Cameras and DVRs Stack Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible. Xiongmai Technology IP Camera and DVR Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Xiongmai IPCameraModule and DVR are products of XiongMai. XiongmaiIPCameraModule is an IP camera module product. The DVR is a hard disk recorder. Xiongmai IP Camera Module and DVR are prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely cause a denial-of-service condition
| VAR-201712-0248 | CVE-2017-3738 | OpenSSL Vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. This vulnerability CVE-2017-3736 , CVE-2017-3732 and CVE-2015-3193 Similar problem.It may be affected unspecified.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
OpenSSL Security Advisory [07 Dec 2017]
========================================
Read/write after SSL object in error state (CVE-2017-3737)
==========================================================
Severity: Moderate
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake then
OpenSSL would move into the error state and would immediately fail if you
attempted to continue the handshake. This works as designed for the explicit
handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),
however due to a bug it does not work correctly if SSL_read() or SSL_write() is
called directly. In that scenario, if the handshake fails then a fatal error
will be returned in the initial function call.
OpenSSL 1.0.2 users should upgrade to 1.0.2n
This issue was reported to OpenSSL on 10th November 2017 by David Benjamin
(Google). The fix was proposed by David Benjamin and implemented by Matt Caswell
of the OpenSSL development team.
OpenSSL 1.0.2 users should upgrade to 1.0.2n
This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
(Google). The issue was originally found via the OSS-Fuzz project.
Note
====
Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20171207.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
.
OpenSSL Security Advisory [27 Mar 2018]
========================================
Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
==========================================================================================
Severity: Moderate
Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this
is considered safe.
Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
========================================================
Severity: Moderate
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each byte.
This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the security
claims of the scheme. The module can only be compiled by the HP-UX assembler, so
that only HP-UX PA-RISC targets are affected. Solution:
The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).
After installing the updated packages, the httpd daemon will be restarted
automatically.
===========================================================================
Ubuntu Security Notice USN-3512-1
December 11, 2017
openssl vulnerabilities
===========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
David Benjamin discovered that OpenSSL did not correctly prevent
buggy applications that ignore handshake errors from subsequently calling
certain functions. While unlikely, a remote attacker could possibly
use this issue to recover private keys. (CVE-2017-3738)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libssl1.0.0 1.0.2g-1ubuntu13.3
Ubuntu 17.04:
libssl1.0.0 1.0.2g-1ubuntu11.4
Ubuntu 16.04 LTS:
libssl1.0.0 1.0.2g-1ubuntu4.10
After a standard system update you need to reboot your computer to make
all the necessary changes.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-17:12.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2017-12-09
Affects: All supported versions of FreeBSD.
Corrected: 2017-12-07 18:04:48 UTC (stable/11, 11.1-STABLE)
2017-12-09 03:44:26 UTC (releng/11.1, 11.1-RELEASE-p6)
2017-12-09 03:41:31 UTC (stable/10, 10.4-STABLE)
2017-12-09 03:45:23 UTC (releng/10.4, 10.4-RELEASE-p5)
2017-12-09 03:45:23 UTC (releng/10.3, 10.3-RELEASE-p26)
CVE Name: CVE-2017-3737, CVE-2017-3738
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) and Secure Sockets
Layer (SSL) protocols. It is also a full-strength general purpose
cryptography library.
II. Problem Description
Invoking SSL_read()/SSL_write() while in an error state causes data to be
passed without being decrypted/encrypted directly from the SSL/TLS record
layer.
In order to exploit this issue an application bug would have to be present
that resulted in a call to SSL_read()/SSL_write() being issued after having
already received a fatal error. [CVE-2017-3738] This bug only affects FreeBSD 11.x.
III. Impact
Applications with incorrect error handling may inappropriately pass
unencrypted data. [CVE-2017-3737]
Mishandling of carry propagation will produce incorrect output, and make it
easier for a remote attacker to obtain sensitive private-key information. [CVE-2017-3738]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Restart all daemons that use the library, or reboot the system.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all daemons that use the library, or reboot the system.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.x]
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-10.patch.asc
# gpg --verify openssl-10.patch.asc
[FreeBSD 11.x]
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch
# fetch https://security.FreeBSD.org/patches/SA-17:12/openssl-11.patch.asc
# gpg --verify openssl-11.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r326721
releng/10.3/ r326723
releng/10.4/ r326723
stable/11/ r326663
releng/11.1/ r326722
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.openssl.org/news/secadv/20171207.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlorX9pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
aucRig//XLyBjQb+uqZbCWBG9TuefOrdNFeGay5QjBMXRT6TsHel+lUQbAZuMoA7
p4Iammlir+krH9+D/iWPZqLVRhY29LMmI7eyCL9vgA0McRsoDI1bN0daJiAOypo4
AWjzslm+Z/8vLcs93fpi0Y26yf45CY8uzGVJBspGg1D9wPJ60bqKqimCPTYMBXtS
2ZecrF89Vg9u+U2dYmsoTryBNerPR+UWLMtO5DUUgDtcdAdINKjjcQt6i6A0XPr2
2d7fzVCN4k4eBqmOOi1YWL96uoYcfDOCmUWD4NYN3x6+1n/oHVpviYYi8CgXJNbU
1dsD6fPeAlqfBOi4e3tNKY2bwzq93/nJF9/RpzDz2JDlUxjHk2jc0EG64Dh3HSjK
hwzXhc43qWnfzTs6PRkgZRNQp+0NFEZZT8gEXEQ8mCnW+3qF0LgvQYHBFknGDYCi
EdZhnVN+DTHvaqLJpVrgE8TKt/qWCkdhsw1RRQblAovsC6CZZD3lYUS/o86jn2tp
WVjndsfmfNs2EFWeZsKcwYCb+bdQGXbhlxb8iSU7f+U+msau5ZF++0+6T/EXvuvq
hVOfwXJUD8xjO1ebZ+gtjn4HvRORLXqwi3zkoKJrSBOikK5ttlKyed445Q0cvuRk
UHpNB7+q57SrO/4syinjh9fozSVSf78tTZaI9YbTCuC3DRY5luI=
=/29R
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 RHEL 7 security update
Advisory ID: RHSA-2018:2185-01
Product: Red Hat JBoss Core Services
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2185
Issue date: 2018-07-12
CVE Names: CVE-2016-2182 CVE-2016-6302 CVE-2016-6306
CVE-2016-7055 CVE-2017-3731 CVE-2017-3732
CVE-2017-3736 CVE-2017-3737 CVE-2017-3738
====================================================================
1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this release as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
3. Description:
This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
This release upgrades OpenSSL to version 1.0.2.n
Security Fix(es):
* openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()
(CVE-2016-2182)
* openssl: Insufficient TLS session ticket HMAC length checks
(CVE-2016-6302)
* openssl: certificate message OOB reads (CVE-2016-6306)
* openssl: Carry propagating bug in Montgomery multiplication
(CVE-2016-7055)
* openssl: Truncated packet could crash via OOB read (CVE-2017-3731)
* openssl: BN_mod_exp may produce incorrect results on x86_64
(CVE-2017-3732)
* openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* openssl: Read/write after SSL object in error state (CVE-2017-3737)
* openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6306
and CVE-2016-7055. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360
Inc.) as the original reporter of CVE-2016-6306. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()
1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks
1377594 - CVE-2016-6306 openssl: certificate message OOB reads
1393929 - CVE-2016-7055 openssl: Carry propagating bug in Montgomery multiplication
1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read
1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64
1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64
1523504 - CVE-2017-3737 openssl: Read/write after SSL object in error state
1523510 - CVE-2017-3738 openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
6. JIRA issues fixed (https://issues.jboss.org/):
JBCS-373 - Errata for httpd 2.4.29 GA RHEL 7
7. Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source:
jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el7.src.rpm
jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el7.src.rpm
jbcs-httpd24-apr-1.6.3-14.jbcs.el7.src.rpm
jbcs-httpd24-apr-util-1.6.1-9.jbcs.el7.src.rpm
jbcs-httpd24-httpd-2.4.29-17.jbcs.el7.src.rpm
jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el7.src.rpm
jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el7.src.rpm
jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el7.src.rpm
jbcs-httpd24-mod_jk-1.2.43-1.redhat_1.jbcs.el7.src.rpm
jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el7.src.rpm
jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el7.src.rpm
jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el7.src.rpm
jbcs-httpd24-openssl-1.0.2n-11.jbcs.el7.src.rpm
noarch:
jbcs-httpd24-apache-commons-daemon-1.1.0-1.redhat_2.1.jbcs.el7.noarch.rpm
jbcs-httpd24-httpd-manual-2.4.29-17.jbcs.el7.noarch.rpm
ppc64:
jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el7.ppc64.rpm
jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-1.6.3-14.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_session-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el7.ppc64.rpm
jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el7.ppc64.rpm
jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el7.ppc64.rpm
jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-1.0.2n-11.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el7.ppc64.rpm
jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el7.ppc64.rpm
x86_64:
jbcs-httpd24-apache-commons-daemon-jsvc-1.1.0-1.redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.1.0-1.redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-1.6.3-14.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-debuginfo-1.6.3-14.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-devel-1.6.3-14.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-debuginfo-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-devel-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-ldap-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-mysql-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-nss-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-odbc-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-openssl-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-pgsql-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-apr-util-sqlite-1.6.1-9.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-debuginfo-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-devel-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-selinux-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-httpd-tools-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_auth_kerb-5.4-36.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_auth_kerb-debuginfo-5.4-36.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_bmx-0.9.6-17.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_bmx-debuginfo-0.9.6-17.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_cluster-native-1.3.8-1.Final_redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_cluster-native-debuginfo-1.3.8-1.Final_redhat_2.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_jk-ap24-1.2.43-1.redhat_1.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_jk-debuginfo-1.2.43-1.redhat_1.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_jk-manual-1.2.43-1.redhat_1.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_ldap-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_proxy_html-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_rt-2.4.1-19.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_rt-debuginfo-2.4.1-19.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_security-2.9.1-23.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_security-debuginfo-2.9.1-23.GA.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_session-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-mod_ssl-2.4.29-17.jbcs.el7.x86_64.rpm
jbcs-httpd24-nghttp2-1.29.0-8.jbcs.el7.x86_64.rpm
jbcs-httpd24-nghttp2-debuginfo-1.29.0-8.jbcs.el7.x86_64.rpm
jbcs-httpd24-nghttp2-devel-1.29.0-8.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-1.0.2n-11.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-debuginfo-1.0.2n-11.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-devel-1.0.2n-11.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-libs-1.0.2n-11.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-perl-1.0.2n-11.jbcs.el7.x86_64.rpm
jbcs-httpd24-openssl-static-1.0.2n-11.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
8. References:
https://access.redhat.com/security/cve/CVE-2016-2182
https://access.redhat.com/security/cve/CVE-2016-6302
https://access.redhat.com/security/cve/CVE-2016-6306
https://access.redhat.com/security/cve/CVE-2016-7055
https://access.redhat.com/security/cve/CVE-2017-3731
https://access.redhat.com/security/cve/CVE-2017-3732
https://access.redhat.com/security/cve/CVE-2017-3736
https://access.redhat.com/security/cve/CVE-2017-3737
https://access.redhat.com/security/cve/CVE-2017-3738
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/
9. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201712-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL: Multiple vulnerabilities
Date: December 14, 2017
Bugs: #629290, #636264, #640172
ID: 201712-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenSSL, the worst of which
may lead to a Denial of Service condition.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.2n >= 1.0.2n
Description
===========
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the referenced CVE identifiers for details.
Impact
======
A remote attacker could cause a Denial of Service condition, recover a
private key in unlikely circumstances, circumvent security restrictions
to perform unauthorized actions, or gain access to sensitive
information.
Resolution
==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2n"
References
==========
[ 1 ] CVE-2017-3735
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3735
[ 2 ] CVE-2017-3736
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3736
[ 3 ] CVE-2017-3737
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3737
[ 4 ] CVE-2017-3738
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3738
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201712-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--IrEhWFjxIJsFtqH1v1HHQsLm3nLmhNeP4--
| VAR-201712-0281 | CVE-2017-13858 | Apple macOS of IOKit Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. IOKit is one of the components that read system information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0282 | CVE-2017-13860 | Apple iOS and macOS of Mail Drafts Component e-mail content reading vulnerability |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks.
Versions prior to iOS 11.2 are vulnerable. Both Apple macOS High Sierra and iOS are products of Apple Inc. in the United States. Apple macOS High Sierra is a dedicated operating system developed for Mac computers. iOS is an operating system developed for mobile devices.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0278 | CVE-2017-13848 | Apple macOS of IOKit Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple macOS is prone to multiple security vulnerabilities. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. IOKit is one of the components that read system information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0275 | CVE-2017-13883 | Apple macOS of Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0273 | CVE-2017-13878 | Apple macOS of Intel Graphics Driver Vulnerability that bypasses memory read restrictions in components |
CVSS V2: 5.6 CVSS V3: 7.1 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash). Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0274 | CVE-2017-13879 | Apple iOS of IOMobileFrameBuffer Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks.
Versions prior to iOS 11.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. IOMobileFrameBuffer is one of the connection frames used for screenshots. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-13-6 Additional information for
APPLE-SA-2017-12-6-2 iOS 11.2
iOS 11.2 addresses the following:
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privilege
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13879: Apple
IOSurface
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
CVE-2017-13876: Ian Beer of Google Project Zero
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Incorrect certificate is used for encryption
Description: A S/MIME issue existed in the handling of encrypted
email. This issue was addressed through improved selection of the
encryption certificate.
CVE-2017-13874: an anonymous researcher
Mail Drafts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
Mail Message Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-2433: an anonymous researcher, an anonymous researcher, an
anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFkpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZl4BAA
mIM4eryXVEmYPSwJFEm6vobzCLahEng05NHE5Vm8eD94T/ZS1HCnkkWwD9KVQEMT
HvoZsEB+UZSQQ8VtR3zXDnRJTY1ajSC47CT5GPIZUFTpDb6QrprVEtsFqaqtO+G8
B2JpRL6OY4KRFiSQWPgjr0BaxC6oRc9LmgYByJLyQp5dNAlzhuUsGcK/Dd6NWQgH
0GOqHe/xLc4evNsJTfPKPzXTaH0BvBUOhtYJo9pof4xBxRQES4vNcJpR366eBP1z
zSmQwvB9+Hkcol2Cclt+p6pPHLgqFXbd+xDVOEE1aGdlC29cIF46kKu3PGwwMUTA
xSCrVGLWvwnoF5LhHKhhN3D1i35NmJcL1Fq7AF/na2POFrM3uyC8iRBKBwUeRyGG
GZwPwFvRzPVXW8iVVte0qgJ4PYEwbXvh8Ju5F1U7s0g2Fvqw9XIasQeK4Uf/lvsl
c9SsDQaePBbBDrskL77ZQviMW9H1p/o2KHbFNgnpJzqdTwj4eFMdp/3zmRPULFT4
jd8n0TRjI/oB7/5r89jQ+5rp3cX0Nupfq0Fvf5pl6A3t4YYUHHQGjJF6Rbgu2EPy
Pn+9WOt6mHhp/e5D5Z4lLCe2q+WeeWGI425UaJC60VTXy4mwKWDQpwGpSnSDkawE
Ja6XuvBRDwFQSQTbXG7vdIKPEtzHWpHY3YUHipa5XKU=
=ptgx
-----END PGP SIGNATURE-----
| VAR-201712-0271 | CVE-2017-13875 | Apple macOS of Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0277 | CVE-2017-13847 | Apple iOS and macOS of IOKit Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks.
Versions prior to iOS 11.2 are vulnerable. IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor. IOUserClient::clientClose is not a destructor and plays no role in the lifetime management of an IOKit object. It is perfectly possible to call ::clientClose (via io_service_close) in one thread and call an external method in another thread at the same time. IOTimeSyncClockManagerUserClient::clientClose drops references on a bunch of OSArrays causing them to be free'd, it also destroys the locks which are supposed to protect access to those arrays. This leads directly to multiple UaFs if you also call external methods which manipulate those arrays in other threads. For an exploit some care would be required to ensure correct interleaving such that the OSArray was destroyed and then used *before* the lock which is supposed to be protecting the array is also...
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0269 | CVE-2017-13871 | Apple macOS of Mail Vulnerability in components to read e-mail content in plain text |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. Apple macOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0270 | CVE-2017-13874 | Apple iOS of Mail Vulnerability bypassing encryption protection mechanism in component |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. Apple iOS is prone to multiple security vulnerabilities.
Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks.
Versions prior to iOS 11.2 are vulnerable. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability stems from the fact that the program uses the wrong certificate when encrypting. A remote attacker could exploit this vulnerability to obtain sensitive information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-13-6 Additional information for
APPLE-SA-2017-12-6-2 iOS 11.2
iOS 11.2 addresses the following:
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privilege
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13879: Apple
IOSurface
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
CVE-2017-13876: Ian Beer of Google Project Zero
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Incorrect certificate is used for encryption
Description: A S/MIME issue existed in the handling of encrypted
email. This issue was addressed through improved selection of the
encryption certificate.
CVE-2017-13874: an anonymous researcher
Mail Drafts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
Mail Message Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-2433: an anonymous researcher, an anonymous researcher, an
anonymous researcher
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFkpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZl4BAA
mIM4eryXVEmYPSwJFEm6vobzCLahEng05NHE5Vm8eD94T/ZS1HCnkkWwD9KVQEMT
HvoZsEB+UZSQQ8VtR3zXDnRJTY1ajSC47CT5GPIZUFTpDb6QrprVEtsFqaqtO+G8
B2JpRL6OY4KRFiSQWPgjr0BaxC6oRc9LmgYByJLyQp5dNAlzhuUsGcK/Dd6NWQgH
0GOqHe/xLc4evNsJTfPKPzXTaH0BvBUOhtYJo9pof4xBxRQES4vNcJpR366eBP1z
zSmQwvB9+Hkcol2Cclt+p6pPHLgqFXbd+xDVOEE1aGdlC29cIF46kKu3PGwwMUTA
xSCrVGLWvwnoF5LhHKhhN3D1i35NmJcL1Fq7AF/na2POFrM3uyC8iRBKBwUeRyGG
GZwPwFvRzPVXW8iVVte0qgJ4PYEwbXvh8Ju5F1U7s0g2Fvqw9XIasQeK4Uf/lvsl
c9SsDQaePBbBDrskL77ZQviMW9H1p/o2KHbFNgnpJzqdTwj4eFMdp/3zmRPULFT4
jd8n0TRjI/oB7/5r89jQ+5rp3cX0Nupfq0Fvf5pl6A3t4YYUHHQGjJF6Rbgu2EPy
Pn+9WOt6mHhp/e5D5Z4lLCe2q+WeeWGI425UaJC60VTXy4mwKWDQpwGpSnSDkawE
Ja6XuvBRDwFQSQTbXG7vdIKPEtzHWpHY3YUHipa5XKU=
=ptgx
-----END PGP SIGNATURE-----
| VAR-201803-0207 | CVE-2017-17329 | Huawei ViewPoint 8660 Resource management vulnerability |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory. Huawei ViewPoint 8660 Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiViewPoint8660 is a multipoint control unit for a conference TV system from China's Huawei company. Mutiple Huawei Products are prone to local denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition
| VAR-201712-0279 | CVE-2017-13855 | plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code with kernel or system privileges, gain sensitive information and or cause a denial-of-service condition. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2, macOS High Sierra prior to 10.13.2, tvOS prior to 11.2, watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0272 | CVE-2017-13876 | plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0266 | CVE-2017-13868 | plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. plural Apple A vulnerability exists in the product kernel component that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code with kernel or system privileges, gain sensitive information and or cause a denial-of-service condition. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0267 | CVE-2017-13869 | plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. plural Apple A vulnerability exists in the product kernel component that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code with kernel or system privileges, gain sensitive information and or cause a denial-of-service condition. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0265 | CVE-2017-13867 | plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0263 | CVE-2017-13865 | plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. plural Apple A vulnerability exists in the product kernel component that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to execute arbitrary code with kernel or system privileges, gain sensitive information and or cause a denial-of-service condition. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13872
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----
| VAR-201712-0261 | CVE-2017-13862 | plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.2; macOS High Sierra prior to 10.13.2; tvOS prior to 11.2; watchOS prior to 4.2.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017
Wi-Fi
Available for: iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus,
iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2,
iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2,
and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016)
and later in iOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11.2". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:
apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in the disclosure of process memory
Description: Multiple issues were addressed by updating to
version 2.4.28.
CVE-2017-9798
curl
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Malicious FTP servers may be able to cause the client to read
out-of-bounds memory
Description: An out-of-bounds read issue existed in the FTP PWD
response parsing. This issue was addressed with improved bounds
checking.
CVE-2017-1000254: Max Dymond
Directory Utility
Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1
Not impacted: macOS Sierra 10.12.6 and earlier
Impact: An attacker may be able to bypass administrator
authentication without supplying the administrator's password
Description: A logic error existed in the validation of credentials.
This was addressed with improved credential validation.
CVE-2017-13883: an anonymous researcher
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)
of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An input validation issue existed in the kernel. This
issue was addressed through improved input validation.
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858: an anonymous researcher
IOKit
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13876: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13867: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero
Mail
Available for: macOS High Sierra 10.13.1
Impact: A S/MIME encrypted email may be inadvertently sent
unencrypted if the receiver's S/MIME certificate is not installed
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13871: an anonymous researcher
Mail Drafts
Available for: macOS High Sierra 10.13.1
Impact: An attacker with a privileged network position may be able to
intercept mail
Description: An encryption issue existed with S/MIME credetials. The
issue was addressed with additional checks and user control.
CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read issue existed in
X.509 IPAddressFamily parsing. This issue was addressed with improved
bounds checking.
CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6
Impact: A user with screen sharing access may be able to access any
file readable by root
Description: A permissions issue existed in the handling of screen
sharing sessions. This issue was addressed with improved permissions
handling.
CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7
Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb
GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK
NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX
Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv
z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ
oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq
xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp
4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj
5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf
BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+
ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=
=2VBd
-----END PGP SIGNATURE-----