VARIoT IoT vulnerabilities database
| VAR-201705-3990 | CVE-2017-6986 | Apple macOS of iBooks Component vulnerable to sandbox escape attacks |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers
| VAR-201705-3989 | CVE-2017-6985 | Apple macOS of NVIDIA Graphics driver component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers
| VAR-201705-3991 | CVE-2017-6987 | plural Apple Vulnerability in the kernel component of the product that bypasses memory read restrictions |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. plural Apple A vulnerability exists in the product kernel component that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS, macOS Sierra, tvOS, and watchOS are all products of the US company Apple (Apple). Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2.
CVE-2017-2521: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-3 tvOS 10.2.1
tvOS 10.2.1 is now available and addresses the following:
AVEVideoEncoder
Available for: Apple TV (4th generation)
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
IOSurface
Available for: Apple TV (4th generation)
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
TextInput
Available for: Apple TV (4th generation)
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: Apple TV (4th generation)
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select
"Settings -> General -> About.a
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM
wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua
3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl
fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm
hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma
nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E
DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi
NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3
1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW
RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D
WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ
n4lw8wPv5laa5ARIQHP/
=94LN
-----END PGP SIGNATURE-----
| VAR-201705-3987 | CVE-2017-6983 | Apple iOS and OS X of SQLite Service disruption in components (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of WebSQL. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Apple iOS and macOS are prone to multiple security vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; macOS Sierra is a dedicated operating system developed for Mac computers. SQLite is one of the C-language-based open source embedded relational database management components developed by American software developer D.Richard Hipp
| VAR-201705-3986 | CVE-2017-6982 | Apple iOS Service disruption in other notification components (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. Apple OS X The notification component has a service disruption (DoS) There are vulnerabilities that are put into a state.Denial of service operations through a specially crafted application by an attacker (DoS) There is a possibility of being put into a state. Apple iOS is prone to security-bypass and denial-of-service vulnerabilities.
Attackers can exploit these issues to perform man-in-the-middle attacks and impersonate trusted servers or cause denial-of-service conditions. A rejection vulnerability exists in the Notifications component of Apple iOS prior to 10.3.2
| VAR-201705-3985 | CVE-2017-6981 | Apple iOS and OS X of iBooks Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks. Apple iOS and macOS are prone to multiple security vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; macOS Sierra is a dedicated operating system developed for Mac computers
| VAR-201705-3982 | CVE-2017-6978 | Apple OS X of Accessibility Framework Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-1 macOS 10.12.5
macOS 10.12.5 is now available and addresses the following:
802.1X
Available for: macOS Sierra 10.12.4
Impact: A malicious network with 802.1X authentication may be able to
capture user network credentials
Description: A certificate validation issue existed in EAP-TLS when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise
company
Accessibility Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6978: Ian Beer of Google Project Zero
CoreAnimation
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Processing maliciously crafted data may lead to arbitrary
code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-2527: Ian Beer of Google Project Zero
CoreAudio
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
DiskArbitration
Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6
Impact: An application may be able to gain system privileges
Description: A race condition was addressed with additional
filesystem restrictions.
CVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
HFS
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
iBooks
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of
Knownsec 404 Security Team
Intel Graphics Driver
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2503: sss and Axis of 360Nirvan team
IOGraphics
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
IOSurface
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2494: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-2509: Jann Horn of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2516: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
Multi-Touch
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
NVIDIA Graphics Drivers
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon
Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
Sandbox
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2512: Federico Bento of Faculty of Sciences, University of
Porto
Security
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: An access issue was addressed through additional sandbox
restrictions.
CVE-2017-2534: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend
Micro's Zero Day Initiative
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
Installation note:
macOS 10.12.5 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs
K2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW
IRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A
SzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO
4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf
ZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS
F7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA
rX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I
VZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX
t4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu
FKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq
EYP8FFm3hsrGF6D9D4Sl
=MYfD
-----END PGP SIGNATURE-----
| VAR-201705-3983 | CVE-2017-6979 | plural Apple Product IOSurface Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. IOSurface is one of the programming framework components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2.
CVE-2017-2521: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-3 tvOS 10.2.1
tvOS 10.2.1 is now available and addresses the following:
AVEVideoEncoder
Available for: Apple TV (4th generation)
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
IOSurface
Available for: Apple TV (4th generation)
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
TextInput
Available for: Apple TV (4th generation)
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: Apple TV (4th generation)
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select
"Settings -> General -> About.a
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM
wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua
3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl
fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm
hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma
nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E
DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi
NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3
1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW
RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D
WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ
n4lw8wPv5laa5ARIQHP/
=94LN
-----END PGP SIGNATURE-----
| VAR-201705-3981 | CVE-2017-6977 | Apple macOS of Speech Framework Component vulnerable to sandbox escape attacks |
CVSS V2: 6.8 CVSS V3: 8.6 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the speechsynthesisd service. The issue results from the lack of proper validation of a library prior to loading it. An attacker can leverage this vulnerability to escalate privileges under the context of the current service. Apple macOS is prone to multiple security vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. An attacker could exploit this vulnerability with the help of a specially crafted application to bypass the sandbox. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-1 macOS 10.12.5
macOS 10.12.5 is now available and addresses the following:
802.1X
Available for: macOS Sierra 10.12.4
Impact: A malicious network with 802.1X authentication may be able to
capture user network credentials
Description: A certificate validation issue existed in EAP-TLS when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise
company
Accessibility Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6978: Ian Beer of Google Project Zero
CoreAnimation
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Processing maliciously crafted data may lead to arbitrary
code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-2527: Ian Beer of Google Project Zero
CoreAudio
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
DiskArbitration
Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6
Impact: An application may be able to gain system privileges
Description: A race condition was addressed with additional
filesystem restrictions.
CVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
HFS
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
iBooks
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of
Knownsec 404 Security Team
Intel Graphics Driver
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2503: sss and Axis of 360Nirvan team
IOGraphics
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
IOSurface
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2494: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-2509: Jann Horn of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2516: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
Multi-Touch
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
NVIDIA Graphics Drivers
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon
Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
Sandbox
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2512: Federico Bento of Faculty of Sciences, University of
Porto
Security
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: An access issue was addressed through additional sandbox
restrictions.
CVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend
Micro's Zero Day Initiative
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
Installation note:
macOS 10.12.5 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs
K2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW
IRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A
SzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO
4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf
ZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS
F7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA
rX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I
VZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX
t4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu
FKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq
EYP8FFm3hsrGF6D9D4Sl
=MYfD
-----END PGP SIGNATURE-----
| VAR-201705-3988 | CVE-2017-6984 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to an unspecified memory-corruption vulnerability. Failed exploit attempts will likely cause denial-of-service conditions. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.3.2; Safari prior to 10.1.1; Windows-based iTunes prior to 12.6.1; tvOS prior to 10.2.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0004
------------------------------------------------------------------------
Date reported : May 25, 2017
Advisory ID : WSA-2017-0004
Advisory URL : https://webkitgtk.org/security/WSA-2017-0004.html
CVE identifiers : CVE-2017-2496, CVE-2017-2504, CVE-2017-2505,
CVE-2017-2506, CVE-2017-2508, CVE-2017-2510,
CVE-2017-2514, CVE-2017-2515, CVE-2017-2521,
CVE-2017-2525, CVE-2017-2526, CVE-2017-2528,
CVE-2017-2530, CVE-2017-2531, CVE-2017-2536,
CVE-2017-2539, CVE-2017-2544, CVE-2017-2547,
CVE-2017-2549, CVE-2017-6980, CVE-2017-6984.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Apple. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of WebKit Editor commands. This issue was
addressed with improved state management.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Zheng Huang of the Baidu Security Lab working with Trend
Microas Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of WebKit container nodes. This issue was
addressed with improved state management.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of pageshow events. This issue was addressed
with improved state management.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (tencent.com)
working with Trend Microas Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (tencent.com)
working with Trend Microas Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of WebKit cached frames. This issue was
addressed with improved state management.
Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to 360 Security (@mj0011sec) working with Trend Micro's Zero
Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero, Team Sniper (Keen Lab
and PC Mgr) working with Trend Micro's Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in frame loading. This issue was addressed with improved
state management.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
May 25, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-3 tvOS 10.2.1
tvOS 10.2.1 is now available and addresses the following:
AVEVideoEncoder
Available for: Apple TV (4th generation)
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select
"Settings -> General -> About.a
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM
wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua
3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl
fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm
hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma
nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E
DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi
NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3
1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW
RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D
WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ
n4lw8wPv5laa5ARIQHP/
=94LN
-----END PGP SIGNATURE-----
.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management
| VAR-201705-3984 | CVE-2017-6980 | plural Apple Used in products WebKit Vulnerable to arbitrary code execution |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Apple iOS , Safari ,and tvOS Used in etc. Webkit is prone to cross-site scripting and arbitrary-code execution vulnerabilities. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems; tvOS is a smart TV operating system. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.3.2; Safari prior to 10.1.1; tvOS prior to 10.2.1. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0004
------------------------------------------------------------------------
Date reported : May 25, 2017
Advisory ID : WSA-2017-0004
Advisory URL : https://webkitgtk.org/security/WSA-2017-0004.html
CVE identifiers : CVE-2017-2496, CVE-2017-2504, CVE-2017-2505,
CVE-2017-2506, CVE-2017-2508, CVE-2017-2510,
CVE-2017-2514, CVE-2017-2515, CVE-2017-2521,
CVE-2017-2525, CVE-2017-2526, CVE-2017-2528,
CVE-2017-2530, CVE-2017-2531, CVE-2017-2536,
CVE-2017-2539, CVE-2017-2544, CVE-2017-2547,
CVE-2017-2549, CVE-2017-6980, CVE-2017-6984.
Several vulnerabilities were discovered in WebKitGTK+.
Credit to Apple. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of WebKit Editor commands. This issue was
addressed with improved state management.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Zheng Huang of the Baidu Security Lab working with Trend
Microas Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of WebKit container nodes. This issue was
addressed with improved state management.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of pageshow events. This issue was addressed
with improved state management.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (tencent.com)
working with Trend Microas Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (tencent.com)
working with Trend Microas Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in the handling of WebKit cached frames. This issue was
addressed with improved state management.
Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to 360 Security (@mj0011sec) working with Trend Micro's Zero
Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero, Team Sniper (Keen Lab
and PC Mgr) working with Trend Micro's Zero Day Initiative. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting (UXSS). Description: A logic issue
existed in frame loading. This issue was addressed with improved
state management.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
Credit to lokihardt of Google Project Zero. Description: Multiple memory
corruption issues were addressed with improved memory handling.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: https://webkitgtk.org/security.html
The WebKitGTK+ team,
May 25, 2017
.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebKitGTK+: Multiple vulnerabilities
Date: June 07, 2017
Bugs: #543650, #573656, #577068, #608958, #614876, #619788
ID: 201706-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebKitGTK+, the worst of
which allows remote attackers to execute arbitrary code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.16.3 >= 2.16.3
Description
===========
Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.16.3:4"
References
==========
[ 1 ] CVE-2015-2330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330
[ 2 ] CVE-2015-7096
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096
[ 3 ] CVE-2015-7098
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098
[ 4 ] CVE-2016-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723
[ 5 ] CVE-2016-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724
[ 6 ] CVE-2016-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725
[ 7 ] CVE-2016-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726
[ 8 ] CVE-2016-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727
[ 9 ] CVE-2016-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728
[ 10 ] CVE-2016-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4692
[ 11 ] CVE-2016-4743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4743
[ 12 ] CVE-2016-7586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7586
[ 13 ] CVE-2016-7587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7587
[ 14 ] CVE-2016-7589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7589
[ 15 ] CVE-2016-7592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7592
[ 16 ] CVE-2016-7598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7598
[ 17 ] CVE-2016-7599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7599
[ 18 ] CVE-2016-7610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7610
[ 19 ] CVE-2016-7611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7611
[ 20 ] CVE-2016-7623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7623
[ 21 ] CVE-2016-7632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7632
[ 22 ] CVE-2016-7635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7635
[ 23 ] CVE-2016-7639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7639
[ 24 ] CVE-2016-7640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7640
[ 25 ] CVE-2016-7641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7641
[ 26 ] CVE-2016-7642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7642
[ 27 ] CVE-2016-7645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7645
[ 28 ] CVE-2016-7646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7646
[ 29 ] CVE-2016-7648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7648
[ 30 ] CVE-2016-7649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7649
[ 31 ] CVE-2016-7652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7652
[ 32 ] CVE-2016-7654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7654
[ 33 ] CVE-2016-7656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7656
[ 34 ] CVE-2016-9642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9642
[ 35 ] CVE-2016-9643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9643
[ 36 ] CVE-2017-2350
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2350
[ 37 ] CVE-2017-2354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2354
[ 38 ] CVE-2017-2355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2355
[ 39 ] CVE-2017-2356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2356
[ 40 ] CVE-2017-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2362
[ 41 ] CVE-2017-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2363
[ 42 ] CVE-2017-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2364
[ 43 ] CVE-2017-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2365
[ 44 ] CVE-2017-2366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2366
[ 45 ] CVE-2017-2367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2367
[ 46 ] CVE-2017-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2369
[ 47 ] CVE-2017-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2371
[ 48 ] CVE-2017-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2373
[ 49 ] CVE-2017-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2376
[ 50 ] CVE-2017-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2377
[ 51 ] CVE-2017-2386
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2386
[ 52 ] CVE-2017-2392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2392
[ 53 ] CVE-2017-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2394
[ 54 ] CVE-2017-2395
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2395
[ 55 ] CVE-2017-2396
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2396
[ 56 ] CVE-2017-2405
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2405
[ 57 ] CVE-2017-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2415
[ 58 ] CVE-2017-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2419
[ 59 ] CVE-2017-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2433
[ 60 ] CVE-2017-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2442
[ 61 ] CVE-2017-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2445
[ 62 ] CVE-2017-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2446
[ 63 ] CVE-2017-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2447
[ 64 ] CVE-2017-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2454
[ 65 ] CVE-2017-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2455
[ 66 ] CVE-2017-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2457
[ 67 ] CVE-2017-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2459
[ 68 ] CVE-2017-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2460
[ 69 ] CVE-2017-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2464
[ 70 ] CVE-2017-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2465
[ 71 ] CVE-2017-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2466
[ 72 ] CVE-2017-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2468
[ 73 ] CVE-2017-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2469
[ 74 ] CVE-2017-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2470
[ 75 ] CVE-2017-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2471
[ 76 ] CVE-2017-2475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2475
[ 77 ] CVE-2017-2476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2476
[ 78 ] CVE-2017-2481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2481
[ 79 ] CVE-2017-2496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2496
[ 80 ] CVE-2017-2504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2504
[ 81 ] CVE-2017-2505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2505
[ 82 ] CVE-2017-2506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2506
[ 83 ] CVE-2017-2508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2508
[ 84 ] CVE-2017-2510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2510
[ 85 ] CVE-2017-2514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2514
[ 86 ] CVE-2017-2515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2515
[ 87 ] CVE-2017-2521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2521
[ 88 ] CVE-2017-2525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2525
[ 89 ] CVE-2017-2526
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2526
[ 90 ] CVE-2017-2528
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2528
[ 91 ] CVE-2017-2530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2530
[ 92 ] CVE-2017-2531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2531
[ 93 ] CVE-2017-2536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2536
[ 94 ] CVE-2017-2539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2539
[ 95 ] CVE-2017-2544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2544
[ 96 ] CVE-2017-2547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2547
[ 97 ] CVE-2017-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2549
[ 98 ] CVE-2017-6980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6980
[ 99 ] CVE-2017-6984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6984
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201706-15
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--NcNxMnppmhackEL27c23XhPLDAAQ7GQcq--
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-3 tvOS 10.2.1
tvOS 10.2.1 is now available and addresses the following:
AVEVideoEncoder
Available for: Apple TV (4th generation)
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
SQLite
Available for: Apple TV (4th generation)
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: Apple TV (4th generation)
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select
"Settings -> General -> About.a
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM
wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua
3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl
fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm
hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma
nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E
DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi
NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3
1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW
RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D
WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ
n4lw8wPv5laa5ARIQHP/
=94LN
-----END PGP SIGNATURE-----
.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management
| VAR-201705-3385 | CVE-2017-2503 | Apple macOS of Intel Graphics Driver Component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-1 macOS 10.12.5
macOS 10.12.5 is now available and addresses the following:
802.1X
Available for: macOS Sierra 10.12.4
Impact: A malicious network with 802.1X authentication may be able to
capture user network credentials
Description: A certificate validation issue existed in EAP-TLS when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise
company
Accessibility Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6978: Ian Beer of Google Project Zero
CoreAnimation
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Processing maliciously crafted data may lead to arbitrary
code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-2527: Ian Beer of Google Project Zero
CoreAudio
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
DiskArbitration
Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6
Impact: An application may be able to gain system privileges
Description: A race condition was addressed with additional
filesystem restrictions.
CVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
HFS
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
iBooks
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of
Knownsec 404 Security Team
Intel Graphics Driver
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2503: sss and Axis of 360Nirvan team
IOGraphics
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
IOSurface
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2494: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-2509: Jann Horn of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2516: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
Multi-Touch
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
NVIDIA Graphics Drivers
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon
Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
Sandbox
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2512: Federico Bento of Faculty of Sciences, University of
Porto
Security
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: An access issue was addressed through additional sandbox
restrictions.
CVE-2017-2534: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend
Micro's Zero Day Initiative
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
Installation note:
macOS 10.12.5 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs
K2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW
IRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A
SzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO
4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf
ZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS
F7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA
rX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I
VZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX
t4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu
FKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq
EYP8FFm3hsrGF6D9D4Sl
=MYfD
-----END PGP SIGNATURE-----
| VAR-201705-3382 | CVE-2017-2500 | Safari of Safari Component address bar spoofing vulnerability |
CVSS V2: 4.3 CVSS V3: 4.7 Severity: MEDIUM |
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. These issues may allow a remote attacker to carry out phishing-style attacks.
Versions prior to Safari 10.1.1 are vulnerable. #### version: Safari <10.1.1 on macOS #### Description: When we visit an URL with a special port or an address which exists in DNS record but cannot access anymore(such as "http://www.apple.com:1234" or "http://access.apple.com") ,safari will try to connect this port,so during the loading time,spoofing will occur! PoC  ``` <script> function spoof(){ document.write("<title>Apple login</title><h1>Please input your Apple ID!!!But this is not apple.com!</h1>"); window.location.assign("http://www.apple.com:1234"); //or you can use the following JS code: //window.location.assign("http://access.apple.com"); } setInterval(spoof(),2000); setTimeout(function(){ prompt('Checking your appid password:'); },6000); </script> ``` #### Discloure Timeline * 2017/2/7 Provide vulnerability detail to APPLE via product-security@apple.com * 2017/4/26 Apple fix it in Safari 10.1.1 * 2017/5/12 CVE-2017-2500 assigned. #### CREDIT This vulnerability was discovered... -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-7 Safari 10.1.1
Safari 10.1.1 is now available and addresses the following:
Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-2500: Zhiyang Zeng and Yuyang Zhou of Tencent Security
Platform Department
CVE-2017-2511: Zhiyang Zeng of Tencent Security Platform Department
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.5
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Safari 10.1.1 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmMAAoJEIOj74w0bLRGxi0P/RqhFhUl2dpkTY8fSc/Wpzub
wuddiZwq3N6DDOioJuKYj0SfO0xazfb5IC2a+YOlQ7CwnorOw648O6PFTTLnTGun
fJwP+aIovFdL6h4NuyBRZJvSxXQSCdlV2gBcDCOdc0SmHGHjk87u0bjTvPY4P34z
Jfr0+Q0wNCAVgd/DQbreJFQzHaGieQ6heGRoFB/ag17f9DRyxmhCLxdn1XmKIXWV
/602XgwLnlpVBAFRDmNNSjkF4C2/qoUGyCQR1WrkwoN2L4wQ1mxxNKNBzlSH8AzY
RlV3UdnFJMrdddOkMc7GTgSwMWhyD84YrcpGuxL1ImIiyafZ7DCc3fZWUSgMIhE2
FwCBnga4qlqCzaNeZPpTfbufROHansUBy8FQds1IDm62nm4mw4IJeuortlrBtFLf
Zo/P4ftzTG8gihkcOhg1ew8KW8hi5WeH554zIYVMZA839bfWr7B9ebjw3Run0Uka
M7abLl4l1fvWluB+LHt5m65knnw6biNDs8gw5xkBLwDFU4zc3Z5Q/G/AiL9pe1Yz
wE5MUiECDy3WrVaCptkjXdvJiev+KjrQnHkd0ui56sS9MjrP+f2P1OZCfcqmlibJ
+U6YIErsplfR9FIaaf+ntlEV5f9BBeq0VHfQJfigwVD5bHUFBSr4ZHq9/9NEDoGu
Kh8ARPteimq+z9WoNkT/
=H1Pv
-----END PGP SIGNATURE-----
| VAR-201705-3381 | CVE-2017-2499 | plural Apple Used in products WebKit Web Inspector component vulnerable to arbitrary unsigned code execution |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory corruption) via a crafted app. Apple iOS , Safari ,and tvOS Used in etc. Webkit is prone to cross-site scripting and arbitrary-code execution vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials or execute arbitrary code within the context of the vulnerable application. in the United States. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. tvOS is a smart TV operating system. The following products and versions are affected: Apple iOS prior to 10.3.2; Safari prior to 10.1.1; tvOS prior to 10.2.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-2 iOS 10.3.2
iOS 10.3.2 is now available and addresses the following:
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander
(OxFEEDFACE), and Joseph Shenton of CoffeeBreakers
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling
of untrusted certificates. This issue was addressed through improved
user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej
klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy
7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy
REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3
1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5
yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB
ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U
xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b
SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV
HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb
P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G
ucaPHZqagilOIk1zNYk=
=26IY
-----END PGP SIGNATURE-----
| VAR-201705-3380 | CVE-2017-2498 | Apple iOS Vulnerabilities that prevent access restrictions in security components |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. Apple iOS is prone to security-bypass and denial-of-service vulnerabilities.
Attackers can exploit these issues to perform man-in-the-middle attacks and impersonate trusted servers or cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-2 iOS 10.3.2
iOS 10.3.2 is now available and addresses the following:
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander
(OxFEEDFACE), and Joseph Shenton of CoffeeBreakers
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling
of untrusted certificates. This issue was addressed through improved
user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej
klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy
7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy
REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3
1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5
yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB
ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U
xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b
SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV
HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb
P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G
ucaPHZqagilOIk1zNYk=
=26IY
-----END PGP SIGNATURE-----
| VAR-201705-3384 | CVE-2017-2502 | plural Apple Product CoreAudio Vulnerability that bypasses memory read restrictions in components |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. plural Apple Product CoreAudio A component contains a vulnerability that bypasses memory read restrictions.An attacker could bypass the memory read limit through a crafted application. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. CoreAudio is one of the core audio components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2.
CVE-2017-2521: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-2 iOS 10.3.2
iOS 10.3.2 is now available and addresses the following:
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander
(OxFEEDFACE), and Joseph Shenton of CoffeeBreakers
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling
of untrusted certificates. This issue was addressed through improved
user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej
klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy
7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy
REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3
1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5
yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB
ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U
xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b
SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV
HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb
P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G
ucaPHZqagilOIk1zNYk=
=26IY
-----END PGP SIGNATURE-----
| VAR-201705-3376 | CVE-2017-2494 | Apple macOS Kernel component vulnerable to arbitrary code execution in privileged context |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities.
An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. MacOS uses an insecure swap file
CVE-2017-2494
This came out of a discussion with Jann Horn this afternoon; credit is his.
It turns out that even with SIP enabled a regular root user can write to the swapfile under /private/var/vm/swapfile0.
That file is created on demand when the system starts to swap; if you can't see it increase system load.
Then as root (with SIP enabled) do:
cat /dev/urandom > /private/var/vm/swapfile0
We observed multiple interesting-looking kernel panics including in the swapfile decompression code and also the intel GPU driver doing something with GPU pages.
Found by: ianbeer
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-1 macOS 10.12.5
macOS 10.12.5 is now available and addresses the following:
802.1X
Available for: macOS Sierra 10.12.4
Impact: A malicious network with 802.1X authentication may be able to
capture user network credentials
Description: A certificate validation issue existed in EAP-TLS when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise
company
Accessibility Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6978: Ian Beer of Google Project Zero
CoreAnimation
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Processing maliciously crafted data may lead to arbitrary
code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-2527: Ian Beer of Google Project Zero
CoreAudio
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
DiskArbitration
Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6
Impact: An application may be able to gain system privileges
Description: A race condition was addressed with additional
filesystem restrictions.
CVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
HFS
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
iBooks
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of
Knownsec 404 Security Team
Intel Graphics Driver
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2503: sss and Axis of 360Nirvan team
IOGraphics
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
IOSurface
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2494: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-2509: Jann Horn of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2516: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
Multi-Touch
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
NVIDIA Graphics Drivers
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon
Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
Sandbox
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2512: Federico Bento of Faculty of Sciences, University of
Porto
Security
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to escape its sandbox
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: An access issue was addressed through additional sandbox
restrictions.
CVE-2017-2534: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend
Micro's Zero Day Initiative
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,
and OS X Yosemite v10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
Installation note:
macOS 10.12.5 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs
K2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW
IRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A
SzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO
4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf
ZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS
F7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA
rX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I
VZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX
t4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu
FKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq
EYP8FFm3hsrGF6D9D4Sl
=MYfD
-----END PGP SIGNATURE-----
| VAR-201705-3383 | CVE-2017-2501 | plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. iOS/MacOS kernel uaf due to bad locking in unix domain socket file descriptor externalization unp_externalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver and recreating a file which looks looks (to userspace) like the file the sender sent. Here's the relevant code: ``` for (i = 0; i < newfds; i++) { <----------- (a) #if CONFIG_MACF_SOCKET /* * If receive access is denied, don't pass along * and error message, just discard the descriptor. */ if (mac_file_check_receive(kauth_cred_get(), rp[i])) { proc_fdunlock(p); unp_discard(rp[i], p); fds[i] = 0; proc_fdlock(p); continue; } #endif if (fdalloc(p, 0, &f)) panic("unp_externalize:fdalloc"); fp = fileproc_alloc_init(NULL); if (fp == NULL) panic("unp_externalize: MALLOC_ZONE"); fp->f_iocount = 0; fp->f_fglob = rp[i]; if (fg_removeuipc_mark(rp[i])) fgl[i] = rp[i]; else fgl[i] = NULL; procfdtbl_releasefd(p, f, fp); fds[i] = f;...
CVE-2017-2521: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-2 iOS 10.3.2
iOS 10.3.2 is now available and addresses the following:
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander
(OxFEEDFACE), and Joseph Shenton of CoffeeBreakers
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling
of untrusted certificates. This issue was addressed through improved
user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej
klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy
7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy
REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3
1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5
yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB
ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U
xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b
SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV
HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb
P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G
ucaPHZqagilOIk1zNYk=
=26IY
-----END PGP SIGNATURE-----
| VAR-201705-3377 | CVE-2017-2495 | Apple iOS and Safari of Safari Service disruption in components (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu. Apple iOS and Safari are prone to multiple security vulnerabilities.
An attacker can exploit these issues to cause denial of service condition, perform unauthorized actions and execute arbitrary code. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-2 iOS 10.3.2
iOS 10.3.2 is now available and addresses the following:
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander
(OxFEEDFACE), and Joseph Shenton of CoffeeBreakers
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling
of untrusted certificates. This issue was addressed through improved
user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej
klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy
7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy
REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3
1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5
yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB
ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U
xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b
SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV
HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb
P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G
ucaPHZqagilOIk1zNYk=
=26IY
-----END PGP SIGNATURE-----
.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Safari 10.1.1 may be obtained from the Mac App Store
| VAR-201705-3379 | CVE-2017-2497 | Apple iOS and macOS of iBooks Any in the component URL Vulnerabilities accessed by |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. Apple iOS and macOS of iBooks Components include any URL There is a vulnerability that is accessed by.Via a crafted book by a remote attacker, arbitrary URL May be accessed. Apple iOS and macOS are prone to multiple security vulnerabilities.
An attacker can exploit these issues to perform unauthorized actions and execute arbitrary code with root privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; macOS Sierra is a dedicated operating system developed for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-05-15-2 iOS 10.3.2
iOS 10.3.2 is now available and addresses the following:
AVEVideoEncoder
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted book may open arbitrary websites
without user permission
Description: A URL handling issue was addressed through improved
state management.
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
root privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
IOSurface
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A denial of service issue was addressed through improved
memory handling.
CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander
(OxFEEDFACE), and Joseph Shenton of CoffeeBreakers
Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a maliciously crafted webpage may lead to an
application denial of service
Description: An issue in Safari's history menu was addressed through
improved memory handling.
CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.
Security
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Update to the certificate trust policy
Description: A certificate validation issue existed in the handling
of untrusted certificates. This issue was addressed through improved
user handling of trust acceptance.
CVE-2017-2498: Andrew Jerman
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A use after free issue was addressed through improved
memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working
with Trend Micro's Zero Day Initiative
TextInput
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing maliciously crafted data may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-2496: Apple
CVE-2017-2505: lokihardt of Google Project Zero
CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with
Trend Microas Zero Day Initiative
CVE-2017-2514: lokihardt of Google Project Zero
CVE-2017-2515: lokihardt of Google Project Zero
CVE-2017-2521: lokihardt of Google Project Zero
CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (
tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab
(tencent.com) working with Trend Microas Zero Day Initiative
CVE-2017-2530: Wei Yuan of Baidu Security Lab
CVE-2017-2531: lokihardt of Google Project Zero
CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's
Zero Day Initiative
CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's
Zero Day Initiative
CVE-2017-2547: lokihardt of Google Project Zero,
Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day
Initiative
CVE-2017-6980: lokihardt of Google Project Zero
CVE-2017-6984: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit Editor
commands. This issue was addressed with improved state management.
CVE-2017-2504: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit
container nodes. This issue was addressed with improved state
management.
CVE-2017-2508: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of pageshow
events. This issue was addressed with improved state management.
CVE-2017-2510: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of WebKit cached
frames. This issue was addressed with improved state management.
CVE-2017-2528: lokihardt of Google Project Zero
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues with addressed through
improved memory handling.
CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in frame loading. This issue was
addressed with improved state management.
CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute unsigned code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIbBAEBCgAGBQJZGd7rAAoJEIOj74w0bLRGS4kP+Lc6slIXsaBr4WUGGX9bn0ej
klXxesL3SNerIMYNK3HUnw/8bM3uhsxKcb8I1OC0lFw3xqtxCs2Mt7qDWOvZ8yvy
7eg55Pbx/YVQUV3fSCTRYsGclHFAVNvw7NxgXJEh27Jb+3pLleLzOlepMwhgstxy
REEhMVZrjkzQNEXU14r+o7YePowIezfs9pPBYyT/jQk3z5DH/kxIe9J8nP/4yHU3
1Ygvm/VwgXjdMVzR60WY72D/jahVePFK0gjR0omOsYc7KslOirkJ18arf7MI3iC5
yOVs6zvh17nPvQXJr5rbZivMfD5RWB+iTAFtdlT9vReEDgSjizxn/kiwWWeujOzB
ORZmk+BZ0NzSR07sMrINeWmqAhgxKT3D7eCslU/BcRtLoIEsFvje+HgUk7gxoA0U
xirgc0nKaB2eNrUxw7GFtV0pWq5fNwdZ2HWQvBL9e73up+XDi9TE/xylUzTGx50b
SJl/N491dvIE8BmDUTRlkkTE44SQcATppE76CoLj8y/ncva/Os5KgybZt0Hq0zAV
HA8yprCh35iTtqn3D4KyN85XJaLBuYn8nAmF0VQ6ixSekmc6e9RY1vqG7yFXTTkb
P9TPLHpbuPGeRenvm/WezkJCQJsUQ64UwT07evtXJfHLuWGCfF4pLIkvfSiVaI8G
ucaPHZqagilOIk1zNYk=
=26IY
-----END PGP SIGNATURE-----