ID CVE-2017-13786 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.
{"openvas": [{"lastseen": "2019-07-17T14:22:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13786", "CVE-2017-13800"], "description": "This host is running Apple Mac OS X and\n is prone to code execution and information disclosure vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-11-02T00:00:00", "id": "OPENVAS:1361412562310811962", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811962", "type": "openvas", "title": "Apple MacOSX Code Execution And Information Disclosure Vulnerabilities-HT208221", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Code Execution And Information Disclosure Vulnerabilities-HT208221\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811962\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-13786\", \"CVE-2017-13800\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-02 12:06:10 +0530 (Thu, 02 Nov 2017)\");\n script_name(\"Apple MacOSX Code Execution And Information Disclosure Vulnerabilities-HT208221\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to code execution and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An issue existed in the handling of DMA.\n\n - A memory corruption issue.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code with system privileges and also can recover unencrypted\n APFS file system data.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.13\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.13.1 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208221\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.13\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName && osVer == \"10.13\")\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.13.1\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T03:35:28", "description": "The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.1. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "edition": 28, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "macOS 10.13.x < 10.13.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13786", "CVE-2017-12986", "CVE-2017-13036", "CVE-2018-4390", "CVE-2017-13031", "CVE-2017-12896", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-13035", "CVE-2017-13689", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-13852", "CVE-2017-13022", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-13907", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13054", "CVE-2017-13800", "CVE-2017-13688", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2018-4391", "CVE-2017-12993", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13015", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-12999", "CVE-2017-12899", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-13047", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13033", "CVE-2017-13009", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-13023", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13801", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-13034"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_10_13_1.NASL", "href": "https://www.tenable.com/plugins/nessus/104378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104378);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13786\",\n \"CVE-2017-13799\",\n \"CVE-2017-13800\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13808\",\n \"CVE-2017-13811\",\n \"CVE-2017-13852\",\n \"CVE-2017-13907\",\n \"CVE-2017-7170\",\n \"CVE-2018-4390\",\n \"CVE-2018-4391\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101274,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS 10.13.x < 10.13.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.13.x\nprior to 10.13.1. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - APFS\n - curl\n - Dictionary Widget\n - Kernel\n - StreamingZip\n - tcpdump\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7170\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13.1\";\n\nif (version !~\"^10\\.13($|[^0-9])\")\n audit(AUDIT_OS_NOT, \"macOS 10.13.x\");\n\nif (ver_compare(ver:version, fix:'10.13.1', strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:42:00", "bulletinFamily": "software", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13786", "CVE-2017-13810", "CVE-2017-12986", "CVE-2017-13036", "CVE-2018-4390", "CVE-2017-13031", "CVE-2017-12896", "CVE-2016-2161", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-13840", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-13843", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13809", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-3167", "CVE-2017-13035", "CVE-2017-13823", "CVE-2017-13689", "CVE-2016-8743", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13822", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13852", "CVE-2017-13022", "CVE-2017-13846", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-7132", "CVE-2017-5969", "CVE-2017-13907", "CVE-2017-13908", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13054", "CVE-2017-13800", "CVE-2017-13688", "CVE-2017-9049", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-13813", "CVE-2017-13831", "CVE-2018-4391", "CVE-2017-12993", "CVE-2017-7376", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13833", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2016-4736", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13015", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-13838", "CVE-2017-13818", "CVE-2017-12999", "CVE-2017-12899", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2016-5387", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-9789", "CVE-2017-13047", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-7668", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13033", "CVE-2017-13817", "CVE-2017-13009", "CVE-2017-3169", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-7659", "CVE-2017-13023", "CVE-2017-7150", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13825", "CVE-2017-13801", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-7679", "CVE-2017-9050", "CVE-2017-13034"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nReleased October 31, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues were addressed by updating to version 2.4.27.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nCVE-2017-3167\n\nCVE-2017-3169\n\nCVE-2017-7659\n\nCVE-2017-7668\n\nCVE-2017-7679\n\nCVE-2017-9788\n\nCVE-2017-9789\n\nEntry updated November 14, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.\n\nCVE-2017-13786: Dmytro Oleksiuk\n\nEntry updated November 10, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\n**AppleScript**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry updated November 10, 2017\n\n**ATS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry updated January 22, 2019\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFString**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**CoreText**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\n**Dictionary Widget**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Searching pasted text in the Dictionary widget may lead to compromise of user information\n\nDescription: A validation issue existed which allowed local file access. This was addressed with input sanitization.\n\nCVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**file**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**Fonts**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**HFS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\n**Heimdal**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed with improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry updated January 22, 2019\n\n**HelpViewer**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry updated November 10, 2017\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry updated April 3, 2019\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed with improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry updated June 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nEntry updated November 16, 2018, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nEntry updated December 21, 2017\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2017-5969: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added November 16, 2018\n\n**Login Window**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: The screen lock may unexpectedly remain unlocked\n\nDescription: A state management issue was addressed with improved state validation.\n\nCVE-2017-13907: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Open Scripting Architecture**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\n**PCRE**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\n**Postfix**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated January 22, 2019\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\n**Sandbox**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry updated November 10, 2017\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2017-7170: Patrick Wardle of Synack\n\nEntry added January 11, 2018\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious application can extract keychain passwords\n\nDescription: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.\n\nCVE-2017-7150: Patrick Wardle of Synack\n\nEntry added November 17, 2017\n\n**SMB**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**StreamingZip**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**tcpdump**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to version 4.9.2.\n\nCVE-2017-11108\n\nCVE-2017-11541\n\nCVE-2017-11542\n\nCVE-2017-11543\n\nCVE-2017-12893\n\nCVE-2017-12894\n\nCVE-2017-12895\n\nCVE-2017-12896\n\nCVE-2017-12897\n\nCVE-2017-12898\n\nCVE-2017-12899\n\nCVE-2017-12900\n\nCVE-2017-12901\n\nCVE-2017-12902\n\nCVE-2017-12985\n\nCVE-2017-12986\n\nCVE-2017-12987\n\nCVE-2017-12988\n\nCVE-2017-12989\n\nCVE-2017-12990\n\nCVE-2017-12991\n\nCVE-2017-12992\n\nCVE-2017-12993\n\nCVE-2017-12994\n\nCVE-2017-12995\n\nCVE-2017-12996\n\nCVE-2017-12997\n\nCVE-2017-12998\n\nCVE-2017-12999\n\nCVE-2017-13000\n\nCVE-2017-13001\n\nCVE-2017-13002\n\nCVE-2017-13003\n\nCVE-2017-13004\n\nCVE-2017-13005\n\nCVE-2017-13006\n\nCVE-2017-13007\n\nCVE-2017-13008\n\nCVE-2017-13009\n\nCVE-2017-13010\n\nCVE-2017-13011\n\nCVE-2017-13012\n\nCVE-2017-13013\n\nCVE-2017-13014\n\nCVE-2017-13015\n\nCVE-2017-13016\n\nCVE-2017-13017\n\nCVE-2017-13018\n\nCVE-2017-13019\n\nCVE-2017-13020\n\nCVE-2017-13021\n\nCVE-2017-13022\n\nCVE-2017-13023\n\nCVE-2017-13024\n\nCVE-2017-13025\n\nCVE-2017-13026\n\nCVE-2017-13027\n\nCVE-2017-13028\n\nCVE-2017-13029\n\nCVE-2017-13030\n\nCVE-2017-13031\n\nCVE-2017-13032\n\nCVE-2017-13033\n\nCVE-2017-13034\n\nCVE-2017-13035\n\nCVE-2017-13036\n\nCVE-2017-13037\n\nCVE-2017-13038\n\nCVE-2017-13039\n\nCVE-2017-13040\n\nCVE-2017-13041\n\nCVE-2017-13042\n\nCVE-2017-13043\n\nCVE-2017-13044\n\nCVE-2017-13045\n\nCVE-2017-13046\n\nCVE-2017-13047\n\nCVE-2017-13048\n\nCVE-2017-13049\n\nCVE-2017-13050\n\nCVE-2017-13051\n\nCVE-2017-13052\n\nCVE-2017-13053\n\nCVE-2017-13054\n\nCVE-2017-13055\n\nCVE-2017-13687\n\nCVE-2017-13688\n\nCVE-2017-13689\n\nCVE-2017-13690\n\nCVE-2017-13725\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 2, "modified": "2019-04-03T09:42:09", "published": "2019-04-03T09:42:09", "id": "APPLE:HT208221", "href": "https://support.apple.com/kb/HT208221", "title": "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
