ID CVE-2017-13825 Type cve Reporter cve@mitre.org Modified 2017-11-27T18:02:00
Description
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.
{"openvas": [{"lastseen": "2019-07-17T14:22:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13810", "CVE-2016-2161", "CVE-2017-13840", "CVE-2017-13843", "CVE-2017-13809", "CVE-2017-3167", "CVE-2017-13823", "CVE-2016-8743", "CVE-2017-13822", "CVE-2017-13816", "CVE-2017-11103", "CVE-2017-13832", "CVE-2017-13846", "CVE-2017-7132", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13826", "CVE-2017-13808", "CVE-2017-13813", "CVE-2017-13831", "CVE-2017-13812", "CVE-2017-13824", "CVE-2016-4736", "CVE-2017-13828", "CVE-2017-13821", "CVE-2017-13830", "CVE-2017-13838", "CVE-2017-13818", "CVE-2016-8740", "CVE-2017-13841", "CVE-2017-9788", "CVE-2016-5387", "CVE-2017-9789", "CVE-2017-13782", "CVE-2017-7668", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-3169", "CVE-2017-7659", "CVE-2017-13825", "CVE-2017-13842", "CVE-2017-7679"], "description": "This host is running Apple Mac OS X and\n is prone to multiple code execution vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2017-07-20T00:00:00", "id": "OPENVAS:1361412562310811960", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811960", "type": "openvas", "title": "Apple MacOSX Multiple Code Execution Vulnerabilities HT208221", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Multiple Code Execution Vulnerabilities HT208221\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811960\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2017-13832\", \"CVE-2016-2161\", \"CVE-2016-5387\", \"CVE-2016-8740\",\n\t\t\"CVE-2016-8743\", \"CVE-2017-3167\", \"CVE-2017-3169\", \"CVE-2017-7659\",\n\t\t\"CVE-2017-7668\", \"CVE-2017-7679\", \"CVE-2017-9788\", \"CVE-2017-9789\",\n \"CVE-2017-13825\", \"CVE-2017-13809\", \"CVE-2017-13820\", \"CVE-2017-13821\",\n \"CVE-2017-13815\", \"CVE-2017-13828\", \"CVE-2017-13811\", \"CVE-2017-13830\",\n \"CVE-2017-11103\", \"CVE-2017-13819\", \"CVE-2017-13814\", \"CVE-2017-13831\",\n \"CVE-2017-13810\", \"CVE-2017-13817\", \"CVE-2017-13818\", \"CVE-2017-13836\",\n \"CVE-2017-13841\", \"CVE-2017-13840\", \"CVE-2017-13842\", \"CVE-2017-13782\",\n \"CVE-2017-13843\", \"CVE-2017-13813\", \"CVE-2017-13816\", \"CVE-2017-13812\",\n \"CVE-2016-4736\", \"CVE-2017-13824\", \"CVE-2017-13846\", \"CVE-2017-13826\",\n \"CVE-2017-13822\", \"CVE-2017-7132\", \"CVE-2017-13823\", \"CVE-2017-13808\",\n \"CVE-2017-13838\");\n script_bugtraq_id(95076, 91816, 94650, 95077, 99135, 99134, 99132, 99137, 99170,\n 99569, 99568, 99551, 93055, 101637);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-20 12:23:38 +0530 (Thu, 20 Jul 2017)\");\n script_name(\"Apple MacOSX Multiple Code Execution Vulnerabilities HT208221\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to multiple memory corruption\n issues in libxpc component.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code with system privileges.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.6 and 10.11.x through 10.11.6.\");\n\n script_tag(name:\"solution\", value:\"Apply appropriate security patch from the vendor.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT208221\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.1[12]\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.1[12]\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(osVer =~ \"^10\\.1[12]\")\n{\n if(version_in_range(version:osVer, test_version:\"10.11\", test_version2:\"10.11.5\") ||\n version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.11.6\" || osVer == \"10.12.6\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(osVer == \"10.11.6\" && version_is_less(version:buildVer, test_version:\"15G17023\") ||\n osVer == \"10.12.6\" && version_is_less(version:buildVer, test_version:\"16G1036\")){\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:44:17", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-9233", "CVE-2017-10989", "CVE-2017-13854", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2016-9063", "CVE-2017-13816", "CVE-2017-13832", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7083", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7086", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-13782", "CVE-2017-13814", "CVE-2017-13817", "CVE-2016-9841", "CVE-2017-7108", "CVE-2017-7127", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-13842", "CVE-2017-5130", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 4\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: All Apple Watch models\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**CFNetwork**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: All Apple Watch models\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CFString**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, uodated November 16, 2018\n\n**file**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: All Apple Watch models\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: an anonymous researcher\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: All Apple Watch models\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, an anonymous researcher, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: All Apple Watch models\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: All Apple Watch models\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**zlib**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n", "edition": 2, "modified": "2019-04-03T09:47:52", "published": "2019-04-03T09:47:52", "id": "APPLE:HT208115", "href": "https://support.apple.com/kb/HT208115", "title": "About the security content of watchOS 4 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:01", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-11122", "CVE-2017-9233", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7102", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-7120", "CVE-2017-13843", "CVE-2017-7117", "CVE-2017-11121", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-7099", "CVE-2017-13816", "CVE-2017-13832", "CVE-2017-7096", "CVE-2017-7090", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-7081", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7083", "CVE-2017-7093", "CVE-2017-11120", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-13828", "CVE-2017-7098", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7086", "CVE-2017-7095", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-13782", "CVE-2017-7100", "CVE-2017-7115", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-7091", "CVE-2016-9841", "CVE-2017-7108", "CVE-2017-7094", "CVE-2017-7127", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-13842", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 11\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**CFNetwork**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CoreAudio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**file**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: an anonymous researcher\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**Quick Look**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune, an anonymous researcher\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-11120: Gal Beniamini of Google Project Zero\n\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: Multiple race conditions were addressed through improved validation.\n\nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A attacker within range may be able to read restricted memory from the Wi-Fi chipset\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-11122: Gal Beniamini of Google Project Zero\n\nEntry added October 9, 2017\n\n**zlib**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n", "edition": 2, "modified": "2019-04-03T09:46:21", "published": "2019-04-03T09:46:21", "id": "APPLE:HT208113", "href": "https://support.apple.com/kb/HT208113", "title": "About the security content of tvOS 11 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:46", "bulletinFamily": "software", "cvelist": ["CVE-2017-13873", "CVE-2017-11122", "CVE-2017-13806", "CVE-2017-9233", "CVE-2017-13877", "CVE-2017-13863", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7102", "CVE-2016-9840", "CVE-2017-7075", "CVE-2017-13840", "CVE-2017-7120", "CVE-2017-7139", "CVE-2017-13843", "CVE-2017-7117", "CVE-2017-11121", "CVE-2017-7088", "CVE-2017-7085", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-7099", "CVE-2017-13816", "CVE-2017-11103", "CVE-2017-13832", "CVE-2017-7096", "CVE-2017-6211", "CVE-2017-7132", "CVE-2017-7090", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-7081", "CVE-2017-13836", "CVE-2017-1000373", "CVE-2017-7072", "CVE-2017-7083", "CVE-2017-7093", "CVE-2017-7078", "CVE-2017-11120", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7148", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-7116", "CVE-2017-13812", "CVE-2017-7089", "CVE-2018-4302", "CVE-2017-13829", "CVE-2017-7107", "CVE-2017-7131", "CVE-2017-13828", "CVE-2017-7098", "CVE-2017-13821", "CVE-2017-7142", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-7087", "CVE-2017-7092", "CVE-2017-7146", "CVE-2017-7145", "CVE-2017-13818", "CVE-2016-9843", "CVE-2017-13841", "CVE-2017-7103", "CVE-2017-7097", "CVE-2017-7133", "CVE-2017-7086", "CVE-2017-7095", "CVE-2017-7110", "CVE-2017-7105", "CVE-2017-7100", "CVE-2017-7115", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-7091", "CVE-2016-9841", "CVE-2017-7144", "CVE-2017-7108", "CVE-2017-7094", "CVE-2017-7127", "CVE-2017-7104", "CVE-2017-7109", "CVE-2017-7112", "CVE-2017-13825", "CVE-2017-7140", "CVE-2017-13842", "CVE-2017-7111", "CVE-2017-5130", "CVE-2017-7118", "CVE-2017-9050", "CVE-2017-7106"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 11\n\nReleased September 19, 2017\n\n**802.1X**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**APNs**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position could track a user\n\nDescription: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. \n\nCVE-2017-13863: FURIOUSMAC Team of United States Naval Academy\n\nEntry added December 21, 2017\n\n**Bluetooth**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to access restricted files\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.\n\nCVE-2017-7131: Dominik Conrads of Federal Office for Information Security, an anonymous researcher, Anand Kathapurkar of India, Elvis (@elvisimprsntr)\n\nEntry updated October 9, 2017\n\n**CFNetwork**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\nEntry added September 25, 2017\n\n**CFString**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\nEntry added September 25, 2017\n\n**CoreText**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**Exchange ActiveSync**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to erase a device during Exchange account setup\n\nDescription: A validation issue existed in AutoDiscover V1. This was addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is now supported.\n\nCVE-2017-7088: Ilya Nesterov, Maxim Goncharov\n\n**file**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry added October 31, 2017, updated October 18, 2018\n\n**Fonts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Heimdal**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry added September 25, 2017\n\n**HFS**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**iBooks**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7072: J\u0119drzej Krysztofiak\n\n**ImageIO**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nEntry added September 25, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**Keyboard Suggestions**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Keyboard autocorrect suggestions may reveal sensitive information\n\nDescription: The iOS keyboard was inadvertently caching sensitive information. This issue was addressed with improved heuristics.\n\nCVE-2017-7140: Agim Allkanjari of Stream in Motion Inc.\n\nEntry updated October 9, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\nEntry added September 25, 2017\n\n**libc**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\nEntry added September 25, 2017\n\n**libexpat**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\nEntry added September 25, 2017\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-7376: an anonymous researcher\n\nCVE-2017-5130: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**Location Framework**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read sensitive location information\n\nDescription: A permissions issue existed in the handling of the location variable. This was addressed with additional ownership checks.\n\nCVE-2017-7148: Igor Makarov from Moovit, Will McGinty and Shawnna Rodriguez of Bottle Rocket Studios\n\nEntry updated October 9, 2017\n\n**Mail Drafts**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 9, 2017\n\n**Mail MessageUI**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital\n\n**Messages**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-2017-7118: Kiki Jiang and Jason Tokoph\n\n**MobileBackup**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2017-7133: Don Sparks of HackediOS.com\n\n**Notes**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: The contents of locked notes sometimes appeared in search results. This issue was addressed through improved data cleanup.\n\nCVE-2017-7075: Richard Will of Marathon Oil Company\n\nEntry added November 10, 2017\n\n**Phone**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A screenshot of secure content may be taken when locking an iOS device\n\nDescription: A timing issue existed in the handling of locking. This issue was addressed by disabling screenshots while locking.\n\nCVE-2017-7139: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Device pairing records could be inadvertently installed on a device when a profile that disallows pairing is installed\n\nDescription: Pairings were not removed when a profile disallowing pairings was installed. This was addressed by removing pairings conflicting with the configuration profile.\n\nCVE-2017-13806: Rorie Hood of MWR InfoSecurity\n\nEntry added November 2, 2017\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Safari**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to learn information about the presence of other applications on the device.\n\nDescription: An application was able to determine the existence of files outside of its sandbox. This issue was addressed through additional sandbox checks.\n\nCVE-2017-13877: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune\n\nEntry added September 25, 2017\n\n**Security**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious app may be able to track users between installs\n\nDescription: A permission checking issue existed in the handling of an app's Keychain data. This issue was addressed with improved permission checking.\n\nCVE-2017-7146: an anonymous researcher\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\nEntry added September 25, 2017\n\n**SQLite**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\nEntry added September 25, 2017\n\n**Telephony**\n\nAvailable for: iPhone 5s and later, and Wi-Fi + Cellular models of iPad Air generation and later\n\nImpact: An attacker within range may be able to execute arbitrary code\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-6211: Matthew Spisak of ENDGAME (endgame.com)\n\nEntry added December 4, 2017\n\n**Time**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: \"Setting Time Zone\" may incorrectly indicate that it is using location\n\nDescription: A permissions issue existed in the process that handles time zone information. The issue was resolved by modifying permissions.\n\nCVE-2017-7145: Chris Lawrence\n\nEntry updated October 9, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-7081: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2017-7087: Apple\n\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team\n\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\n\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\n\nCVE-2017-7098: Felipe Freitas of Instituto Tecnol\u00f3gico de Aeron\u00e1utica\n\nCVE-2017-7099: Apple\n\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\n\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7104: likemeng of Baidu Secutity Lab\n\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University\n\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative\n\nCVE-2017-7117: lokihardt of Google Project Zero\n\nCVE-2017-7120: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security Lab\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management.\n\nCVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans Ros\u00e9n of Detectify\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes.\n\nCVE-2017-7090: Apple\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: Application Cache policy may be unexpectedly applied.\n\nCVE-2017-7109: avlidienbrunn\n\nEntry added September 25, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A malicious website may be able to track users in Safari private browsing mode\n\nDescription: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions.\n\nCVE-2017-7144: Mohammad Ghasemisharif of UIC\u2019s BITS Lab\n\nEntry updated October 9, 2017\n\n**WebKit Storage**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Website data may persist after a Safari Private browsing session\n\nDescription: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.\n\nCVE-2017-7142: Rich Shawn O\u2019Connell, an anonymous researcher, an anonymous researcher\n\nEntry added November 10, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-11120: Gal Beniamini of Google Project Zero\n\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nEntry added September 25, 2017\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7103: Gal Beniamini of Google Project Zero\n\nCVE-2017-7105: Gal Beniamini of Google Project Zero\n\nCVE-2017-7108: Gal Beniamini of Google Project Zero\n\nCVE-2017-7110: Gal Beniamini of Google Project Zero\n\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor\n\nDescription: Multiple race conditions were addressed through improved validation.\n\nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: A attacker within range may be able to read restricted memory from the Wi-Fi chipset\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-11122: Gal Beniamini of Google Project Zero\n\nEntry added October 2, 2017\n\n**zlib**\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\nEntry added September 25, 2017\n\n\n\n## Additional recognition \n\n**LaunchServices**\n\nWe would like to acknowledge Mark Zimmermann of EnBW Energie Baden-W\u00fcrttemberg AG for their assistance.\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**Webkit**\n\nWe would like to acknowledge xisigr of Tencent's Xuanwu Lab (tencent.com) for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n", "edition": 3, "modified": "2020-07-27T08:16:39", "published": "2020-07-27T08:16:39", "id": "APPLE:HT208112", "href": "https://support.apple.com/kb/HT208112", "title": "About the security content of iOS 11 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:15", "bulletinFamily": "software", "cvelist": ["CVE-2017-6459", "CVE-2017-7077", "CVE-2017-13810", "CVE-2017-13873", "CVE-2017-9233", "CVE-2016-2161", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7143", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2017-13809", "CVE-2017-7084", "CVE-2017-13823", "CVE-2016-8743", "CVE-2017-7138", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-13816", "CVE-2017-7126", "CVE-2017-13910", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13832", "CVE-2017-13846", "CVE-2017-7132", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-13908", "CVE-2017-13811", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2017-9049", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-6451", "CVE-2017-1000373", "CVE-2017-13827", "CVE-2017-7083", "CVE-2017-7121", "CVE-2017-7074", "CVE-2017-13808", "CVE-2017-7078", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-7376", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-6458", "CVE-2017-13890", "CVE-2017-13812", "CVE-2017-13824", "CVE-2018-4302", "CVE-2017-7141", "CVE-2016-4736", "CVE-2017-7119", "CVE-2017-13829", "CVE-2017-13851", "CVE-2017-13828", "CVE-2017-13839", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2016-9042", "CVE-2017-7125", "CVE-2017-6462", "CVE-2017-13838", "CVE-2017-6463", "CVE-2017-13818", "CVE-2016-9843", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-6452", "CVE-2016-5387", "CVE-2017-7086", "CVE-2017-7082", "CVE-2017-13835", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-13837", "CVE-2016-9841", "CVE-2017-7127", "CVE-2017-6464", "CVE-2017-13825", "CVE-2017-7124", "CVE-2017-7123", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-7122", "CVE-2017-13909", "CVE-2017-9050"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13\n\nReleased September 25, 2017\n\n**802.1X**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\n\nDescription: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.\n\nCVE-2017-13832: Doug Wussler of Florida State University\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**apache**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues existed in Apache. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry added October 31, 2017, updated December 14, 2018\n\n**Apple Account Settings**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may gain access to iCloud authentication tokens\n\nDescription: An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain.\n\nCVE-2017-13909: Andreas Nilsson\n\nEntry added October 18, 2018\n\n**AppleScript**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Application Firewall**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A previously denied application firewall setting may take effect after upgrading\n\nDescription: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades.\n\nCVE-2017-7084: an anonymous researcher\n\n**AppSandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7074: Daniel Jalkut of Red Sweater Software\n\n**ATS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\nEntry added October 31, 2017\n\n**Audio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry added October 31, 2017\n\n**Captive Network Assistant**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may unknowingly send a password unencrypted over the network\n\nDescription: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state.\n\nCVE-2017-7143: Matthew Green of Johns Hopkins University\n\nEntry updated October 3, 2017\n\n**CFNetwork**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFNetwork Proxies**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to cause a denial of service\n\nDescription: Multiple denial of service issues were addressed through improved memory handling.\n\nCVE-2017-7083: Abhinav Bansal of Zscaler Inc.\n\n**CFString**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**CoreAudio**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed by updating to Opus version 1.1.4.\n\nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro\n\n**CoreText**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**CoreTypes**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted webpage may result in the mounting of a disk image\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2017-13890: Apple, Theodor Ragnar Gislason of Syndis\n\nEntry added March 29, 2018\n\n**DesktopServices**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to observe unprotected user data\n\nDescription: A file access issue existed with certain home folder files. This was addressed with improved access restrictions.\n\nCVE-2017-13851: Henrique Correa de Amorim\n\nEntry added November 2, 2017, updated February 14, 2018\n\n**Directory Utility**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to determine the Apple ID of the owner of the computer\n\nDescription: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls.\n\nCVE-2017-7138: Daniel Kvak of Masaryk University\n\nEntry updated October 3, 2017\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.30.\n\nCVE-2017-7121: found by OSS-Fuzz\n\nCVE-2017-7122: found by OSS-Fuzz\n\nCVE-2017-7123: found by OSS-Fuzz\n\nCVE-2017-7124: found by OSS-Fuzz\n\nCVE-2017-7125: found by OSS-Fuzz\n\nCVE-2017-7126: found by OSS-Fuzz\n\n**file**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815\n\nEntry added October 31, 2017\n\n**Fonts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**fsck_msdos**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13835: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Heimdal**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\n**HelpViewer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**HFS**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\nEntry added October 31, 2017\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017, updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry added October 31, 2017, updated April 3, 2019\n\n**Installer**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to access the FileVault unlock key\n\nDescription: This issue was addressed by removing additional entitlements.\n\nCVE-2017-13837: Patrick Wardle of Synack\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**IOAcceleratorFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7077: Brandon Azad\n\n**IOFireWireFamily**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry added October 31, 2017, updated June 18, 2018\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\nEntry added October 31, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13854: shrek_wzw of Qihoo 360 Nirvan Team\n\nEntry added November 2, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry added November 10, 2017\n\n**Kernel**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access network activity information maintained by the operating system unrestricted. This issue was addressed by reducing the information available to third party applications.\n\nCVE-2017-13873: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 30, 2017\n\n**kext tools**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic error in kext loading was addressed with improved state handling.\n\nCVE-2017-13827: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nCVE-2017-13816: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry added October 31, 2017\n\n**libarchive**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: an anonymous researcher\n\nEntry added October 31, 2017\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A remote attacker may be able to cause a denial-of-service\n\nDescription: A resource exhaustion issue in glob() was addressed through an improved algorithm.\n\nCVE-2017-7086: Russ Cox of Google\n\n**libc**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-1000373\n\n**libexpat**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in expat\n\nDescription: Multiple issues were addressed by updating to version 2.2.1\n\nCVE-2016-9063\n\nCVE-2017-9233\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2018-4302: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**Mail**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: The sender of an email may be able to determine the IP address of the recipient\n\nDescription: Turning off \"Load remote content in messages\" did not apply to all mailboxes. This issue was addressed with improved setting propagation.\n\nCVE-2017-7141: John Whitehead of The New York Times\n\nEntry updated October 3, 2017\n\n**Mail Drafts**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An attacker with a privileged network position may be able to intercept mail contents\n\nDescription: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted.\n\nCVE-2017-7078: Petter Flink, Pierre ALBAR\u00c8DE from Marseille (France), an anonymous researcher\n\nEntry updated October 3, 2017\n\n**ntp**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in ntp\n\nDescription: Multiple issues were addressed by updating to version 4.2.8p10\n\nCVE-2017-6451: Cure53 \n\nCVE-2017-6452: Cure53 \n\nCVE-2017-6455: Cure53 \n\nCVE-2017-6458: Cure53 \n\nCVE-2017-6459: Cure53 \n\nCVE-2017-6460: Cure53 \n\nCVE-2017-6462: Cure53 \n\nCVE-2017-6463: Cure53 \n\nCVE-2017-6464: Cure53\n\nCVE-2016-9042: Matthew Van Gundy of Cisco\n\n**Open Scripting Architecture**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\nEntry added October 31, 2017\n\n**PCRE**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\nEntry added October 31, 2017\n\n**Postfix**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry added October 31, 2017, updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**Quick Look**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed through improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry added October 31, 2017\n\n**QuickTime**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\nEntry added October 31, 2017\n\n**Sandbox**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Screen Lock**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Application Firewall prompts may appear over Login Window\n\nDescription: A window management issue was addressed through improved state management.\n\nCVE-2017-7082: Tim Kingman\n\n**Security**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A revoked certificate may be trusted\n\nDescription: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation.\n\nCVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of B\u00e6rum kommune, an anonymous researcher, an anonymous researcher\n\n**SMB**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Spotlight may display results for files not belonging to the user\n\nDescription: An access issue existed in Spotlight. This issue was addressed through improved access restrictions.\n\nCVE-2017-13839: Ken Harris of the Free Robot Collective\n\nEntry added October 31, 2017, updated November 10, 2017\n\n**Spotlight**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to access restricted files\n\nDescription: An access issue was addressed with additional sandbox restrictions on applications.\n\nCVE-2017-13910\n\nEntry added October 18, 2018\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating to version 3.19.3.\n\nCVE-2017-10989: found by OSS-Fuzz\n\nCVE-2017-7128: found by OSS-Fuzz\n\nCVE-2017-7129: found by OSS-Fuzz\n\nCVE-2017-7130: found by OSS-Fuzz\n\n**SQLite**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-7127: an anonymous researcher\n\n**zlib**\n\nAvailable for: OS X Mountain Lion 10.8 and later\n\nImpact: Multiple issues in zlib\n\nDescription: Multiple issues were addressed by updating to version 1.2.11.\n\nCVE-2016-9840\n\nCVE-2016-9841\n\nCVE-2016-9842\n\nCVE-2016-9843\n\n\n\n## Additional recognition\n\n**Mail**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added February 6, 2020\n\n**Security**\n\nWe would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance.\n\n**NSWindow**\n\nWe would like to acknowledge Trent Apted of the Google Chrome team for their assistance.\n\n**WebKit Web Inspector**\n\nWe would like to acknowledge Ioan Biz\u0103u of Bloggify for their assistance.\n\n\n\n## macOS High Sierra 10.13 Supplemental Update\n\nNew downloads of macOS High Sierra 10.13 include the security content of the [macOS High Sierra 10.13 Supplemental Update](<https://support.apple.com/kb/HT208165>).\n", "edition": 2, "modified": "2020-02-06T07:51:09", "published": "2020-02-06T07:51:09", "id": "APPLE:HT208144", "href": "https://support.apple.com/kb/HT208144", "title": "About the security content of macOS High Sierra 10.13 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:00", "bulletinFamily": "software", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13786", "CVE-2017-13810", "CVE-2017-12986", "CVE-2017-13036", "CVE-2018-4390", "CVE-2017-13031", "CVE-2017-12896", "CVE-2016-2161", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-13840", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-13843", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13809", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-3167", "CVE-2017-13035", "CVE-2017-13823", "CVE-2017-13689", "CVE-2016-8743", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13822", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13852", "CVE-2017-13022", "CVE-2017-13846", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-7132", "CVE-2017-5969", "CVE-2017-13907", "CVE-2017-13908", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13054", "CVE-2017-13800", "CVE-2017-13688", "CVE-2017-9049", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-13813", "CVE-2017-13831", "CVE-2018-4391", "CVE-2017-12993", "CVE-2017-7376", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13833", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2016-4736", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13015", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-13838", "CVE-2017-13818", "CVE-2017-12999", "CVE-2017-12899", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2016-5387", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-9789", "CVE-2017-13047", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-7668", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13033", "CVE-2017-13817", "CVE-2017-13009", "CVE-2017-3169", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-7659", "CVE-2017-13023", "CVE-2017-7150", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13825", "CVE-2017-13801", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-7679", "CVE-2017-9050", "CVE-2017-13034"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan\n\nReleased October 31, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Apache\n\nDescription: Multiple issues were addressed by updating to version 2.4.27.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nCVE-2017-3167\n\nCVE-2017-3169\n\nCVE-2017-7659\n\nCVE-2017-7668\n\nCVE-2017-7679\n\nCVE-2017-9788\n\nCVE-2017-9789\n\nEntry updated November 14, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.\n\nCVE-2017-13786: Dmytro Oleksiuk\n\nEntry updated November 10, 2017\n\n**APFS**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum\n\n**AppleScript**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13809: bat0s\n\nEntry updated November 10, 2017\n\n**ATS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13820: John Villamil, Doyensec\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\nEntry updated January 22, 2019\n\n**CFNetwork**\n\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative \n\nCVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative\n\nEntry added November 10, 2017\n\n**CFString**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13821: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**CoreText**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-13825: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Uploading using TFTP to a maliciously crafted URL with libcurl may disclose application memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000100: Even Rouault, found by OSS-Fuzz\n\n**curl**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Processing a maliciously crafted URL with libcurl may cause unexpected application termination or read process memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2017-1000101: Brian Carpenter, Yongji Ouyang\n\n**Dictionary Widget**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Searching pasted text in the Dictionary widget may lead to compromise of user information\n\nDescription: A validation issue existed which allowed local file access. This was addressed with input sanitization.\n\nCVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**file**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Multiple issues in file\n\nDescription: Multiple issues were addressed by updating to version 5.31.\n\nCVE-2017-13815: found by OSS-Fuzz\n\nEntry updated October 18, 2018\n\n**Fonts**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Rendering untrusted text may lead to spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2017-13828: Leonard Grey and Robert Sesek of Google Chrome\n\nEntry updated November 10, 2017\n\n**fsck_msdos**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13811: V.E.O. (@VYSEa) of Mobile Advanced Threat Team of Trend Micro\n\nEntry updated November 2, 2017\n\n**HFS**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\n\n**Heimdal**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in a privileged network position may be able to impersonate a service\n\nDescription: A validation issue existed in the handling of the KDC-REP service name. This issue was addressed with improved validation.\n\nCVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams\n\nEntry updated January 22, 2019\n\n**HelpViewer**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A quarantined HTML file may execute arbitrary JavaScript cross-origin\n\nDescription: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file.\n\nCVE-2017-13819: Filippo Cavallarin of SecuriTeam Secure Disclosure\n\nEntry updated November 10, 2017\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13814: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated November 16, 2018\n\n**ImageIO**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-13831: Glen Carmichael\n\nEntry updated April 3, 2019\n\n**IOAcceleratorFamily**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13906\n\nEntry added October 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A permissions issue existed in kernel packet counters. This issue was addressed with improved permission validation.\n\nCVE-2017-13810: Zhiyun Qian of University of California, Riverside\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2017-13817: Maxime Villard (m00nbsd)\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13818: The UK's National Cyber Security Centre (NCSC)\n\nCVE-2017-13836: Vlad Tsyrklevich\n\nCVE-2017-13841: Vlad Tsyrklevich\n\nCVE-2017-13840: Vlad Tsyrklevich\n\nCVE-2017-13842: Vlad Tsyrklevich\n\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd.\n\nEntry updated June 18, 2018\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13843: an anonymous researcher, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing a malformed mach binary may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved validation.\n\nCVE-2017-13834: Maxime Villard (m00nbsd)\n\nEntry updated January 22, 2019\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13799: Lufeng Li of Qihoo 360 Vulcan Team\n\nEntry updated November 10, 2017\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: A malicious application may be able to learn information about the presence and operation of other applications on the device.\n\nDescription: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.\n\nCVE-2017-13852: Xiaokuan Zhang and Yinqian Zhang of The Ohio State University, Xueqiang Wang and XiaoFeng Wang of Indiana University Bloomington, and Xiaolong Bai of Tsinghua University\n\nEntry added November 10, 2017, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13813: found by OSS-Fuzz\n\nEntry updated November 16, 2018, updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation.\n\nCVE-2017-13812: found by OSS-Fuzz\n\nEntry updated January 22, 2019\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\n\nEntry updated December 21, 2017\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A null pointer dereference was addressed with improved validation.\n\nCVE-2017-5969: Gustavo Grieco\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: OS X El Capitan 10.11.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2017-5130: an anonymous researcher\n\nCVE-2017-7376: an anonymous researcher\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero\n\nEntry added October 18, 2018\n\n**libxml2**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore\n\nEntry added October 18, 2018\n\n**LinkPresentation**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2018-4390: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nCVE-2018-4391: Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter\n\nEntry added November 16, 2018\n\n**Login Window**\n\nAvailable for: macOS High Sierra 10.13\n\nImpact: The screen lock may unexpectedly remain unlocked\n\nDescription: A state management issue was addressed with improved state validation.\n\nCVE-2017-13907: an anonymous researcher\n\nEntry added October 18, 2018\n\n**Open Scripting Architecture**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13824: an anonymous researcher\n\n**PCRE**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.40.\n\nCVE-2017-13846\n\n**Postfix**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Multiple issues in Postfix\n\nDescription: Multiple issues were addressed by updating to version 3.2.2.\n\nCVE-2017-10140: an anonymous researcher\n\nEntry updated November 17, 2017\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13822: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\n**Quick Look**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory consumption issue was addressed with improved memory handling.\n\nCVE-2017-7132: Australian Cyber Security Centre \u2013 Australian Signals Directorate\n\nEntry updated January 22, 2019\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to read restricted memory\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2017-13823: Xiangkun Jia of Institute of Software Chinese Academy of Sciences\n\nEntry updated November 10, 2017\n\n**Remote Management**\n\nAvailable for: macOS Sierra 10.12.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13808: an anonymous researcher\n\n**Sandbox**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2017-13838: Alastair Houghton\n\nEntry updated November 10, 2017\n\n**Security**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2017-7170: Patrick Wardle of Synack\n\nEntry added January 11, 2018\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious application can extract keychain passwords\n\nDescription: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.\n\nCVE-2017-7150: Patrick Wardle of Synack\n\nEntry added November 17, 2017\n\n**SMB**\n\nAvailable for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6\n\nImpact: A local attacker may be able to execute non-executable text files via an SMB share\n\nDescription: An issue in handling file permissions was addressed with improved validation.\n\nCVE-2017-13908: an anonymous researcher\n\nEntry added October 18, 2018\n\n**StreamingZip**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: A malicious zip file may be able modify restricted areas of the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.\n\n**tcpdump**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6\n\nImpact: Multiple issues in tcpdump\n\nDescription: Multiple issues were addressed by updating to version 4.9.2.\n\nCVE-2017-11108\n\nCVE-2017-11541\n\nCVE-2017-11542\n\nCVE-2017-11543\n\nCVE-2017-12893\n\nCVE-2017-12894\n\nCVE-2017-12895\n\nCVE-2017-12896\n\nCVE-2017-12897\n\nCVE-2017-12898\n\nCVE-2017-12899\n\nCVE-2017-12900\n\nCVE-2017-12901\n\nCVE-2017-12902\n\nCVE-2017-12985\n\nCVE-2017-12986\n\nCVE-2017-12987\n\nCVE-2017-12988\n\nCVE-2017-12989\n\nCVE-2017-12990\n\nCVE-2017-12991\n\nCVE-2017-12992\n\nCVE-2017-12993\n\nCVE-2017-12994\n\nCVE-2017-12995\n\nCVE-2017-12996\n\nCVE-2017-12997\n\nCVE-2017-12998\n\nCVE-2017-12999\n\nCVE-2017-13000\n\nCVE-2017-13001\n\nCVE-2017-13002\n\nCVE-2017-13003\n\nCVE-2017-13004\n\nCVE-2017-13005\n\nCVE-2017-13006\n\nCVE-2017-13007\n\nCVE-2017-13008\n\nCVE-2017-13009\n\nCVE-2017-13010\n\nCVE-2017-13011\n\nCVE-2017-13012\n\nCVE-2017-13013\n\nCVE-2017-13014\n\nCVE-2017-13015\n\nCVE-2017-13016\n\nCVE-2017-13017\n\nCVE-2017-13018\n\nCVE-2017-13019\n\nCVE-2017-13020\n\nCVE-2017-13021\n\nCVE-2017-13022\n\nCVE-2017-13023\n\nCVE-2017-13024\n\nCVE-2017-13025\n\nCVE-2017-13026\n\nCVE-2017-13027\n\nCVE-2017-13028\n\nCVE-2017-13029\n\nCVE-2017-13030\n\nCVE-2017-13031\n\nCVE-2017-13032\n\nCVE-2017-13033\n\nCVE-2017-13034\n\nCVE-2017-13035\n\nCVE-2017-13036\n\nCVE-2017-13037\n\nCVE-2017-13038\n\nCVE-2017-13039\n\nCVE-2017-13040\n\nCVE-2017-13041\n\nCVE-2017-13042\n\nCVE-2017-13043\n\nCVE-2017-13044\n\nCVE-2017-13045\n\nCVE-2017-13046\n\nCVE-2017-13047\n\nCVE-2017-13048\n\nCVE-2017-13049\n\nCVE-2017-13050\n\nCVE-2017-13051\n\nCVE-2017-13052\n\nCVE-2017-13053\n\nCVE-2017-13054\n\nCVE-2017-13055\n\nCVE-2017-13687\n\nCVE-2017-13688\n\nCVE-2017-13689\n\nCVE-2017-13690\n\nCVE-2017-13725\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nCVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6\n\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)\n\nDescription: A logic issue existed in the handling of state transitions. This was addressed with improved state management.\n\nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven\n\nEntry updated November 3, 2017\n", "edition": 2, "modified": "2019-04-03T09:42:09", "published": "2019-04-03T09:42:09", "id": "APPLE:HT208221", "href": "https://support.apple.com/kb/HT208221", "title": "About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T03:20:23", "description": "The remote host is running a version of Mac OS X that is prior to\n10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is\nnot macOS 10.13. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - apache\n - AppSandbox\n - AppleScript\n - Application Firewall\n - ATS\n - Audio\n - CFNetwork\n - CFNetwork Proxies\n - CFString\n - Captive Network Assistant\n - CoreAudio\n - CoreText\n - DesktopServices\n - Directory Utility\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - IOFireWireFamily\n - ImageIO\n - Installer\n - Kernel\n - kext tools\n - libarchive\n - libc\n - libexpat\n - Mail\n - Mail Drafts\n - ntp\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - SQLite\n - Sandbox\n - Screen Lock\n - Security\n - Spotlight\n - WebKit\n - zlib\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-03T00:00:00", "title": "macOS < 10.13 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6459", "CVE-2017-7077", "CVE-2017-13810", "CVE-2017-13873", "CVE-2017-9233", "CVE-2016-2161", "CVE-2017-10989", "CVE-2017-13854", "CVE-2017-7143", "CVE-2016-9840", "CVE-2017-13840", "CVE-2017-13843", "CVE-2017-13809", "CVE-2017-7084", "CVE-2017-3167", "CVE-2017-13823", "CVE-2016-8743", "CVE-2017-7138", "CVE-2016-9063", "CVE-2017-13822", "CVE-2017-13816", "CVE-2017-7126", "CVE-2017-11103", "CVE-2017-13832", "CVE-2017-13846", "CVE-2017-7132", "CVE-2017-6455", "CVE-2017-6460", "CVE-2017-7149", "CVE-2017-13811", "CVE-2017-7130", "CVE-2017-7128", "CVE-2017-13815", "CVE-2016-9842", "CVE-2017-7114", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-6451", "CVE-2017-1000373", "CVE-2017-13827", "CVE-2017-7083", "CVE-2017-7121", "CVE-2017-7074", "CVE-2017-13808", "CVE-2017-7078", "CVE-2017-13813", "CVE-2017-7129", "CVE-2017-13831", "CVE-2017-0381", "CVE-2017-13833", "CVE-2017-7080", "CVE-2017-6458", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-7141", "CVE-2016-4736", "CVE-2017-7119", "CVE-2017-13829", "CVE-2017-13851", "CVE-2017-13828", "CVE-2017-13839", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13853", "CVE-2017-13830", "CVE-2016-9042", "CVE-2017-7125", "CVE-2017-6462", "CVE-2017-13838", "CVE-2017-6463", "CVE-2017-13818", "CVE-2016-9843", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-6452", "CVE-2016-5387", "CVE-2017-7086", "CVE-2017-7082", "CVE-2017-9789", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-7668", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13817", "CVE-2017-13837", "CVE-2016-9841", "CVE-2017-3169", "CVE-2017-7144", "CVE-2017-7127", "CVE-2017-7659", "CVE-2017-7150", "CVE-2017-6464", "CVE-2017-13825", "CVE-2017-7124", "CVE-2017-7123", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-7122", "CVE-2017-13850", "CVE-2017-7679"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_10_13.NASL", "href": "https://www.tenable.com/plugins/nessus/103598", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103598);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-4736\",\n \"CVE-2016-5387\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2016-9042\",\n \"CVE-2016-9063\",\n \"CVE-2016-9840\",\n \"CVE-2016-9841\",\n \"CVE-2016-9842\",\n \"CVE-2016-9843\",\n \"CVE-2017-0381\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-6451\",\n \"CVE-2017-6452\",\n \"CVE-2017-6455\",\n \"CVE-2017-6458\",\n \"CVE-2017-6459\",\n \"CVE-2017-6460\",\n \"CVE-2017-6462\",\n \"CVE-2017-6463\",\n \"CVE-2017-6464\",\n \"CVE-2017-7074\",\n \"CVE-2017-7077\",\n \"CVE-2017-7078\",\n \"CVE-2017-7080\",\n \"CVE-2017-7082\",\n \"CVE-2017-7083\",\n \"CVE-2017-7084\",\n \"CVE-2017-7086\",\n \"CVE-2017-7114\",\n \"CVE-2017-7119\",\n \"CVE-2017-7121\",\n \"CVE-2017-7122\",\n \"CVE-2017-7123\",\n \"CVE-2017-7124\",\n \"CVE-2017-7125\",\n \"CVE-2017-7126\",\n \"CVE-2017-7127\",\n \"CVE-2017-7128\",\n \"CVE-2017-7129\",\n \"CVE-2017-7130\",\n \"CVE-2017-7132\",\n \"CVE-2017-7138\",\n \"CVE-2017-7141\",\n \"CVE-2017-7143\",\n \"CVE-2017-7144\",\n \"CVE-2017-7149\",\n \"CVE-2017-7150\",\n \"CVE-2017-7659\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9233\",\n \"CVE-2017-9788\",\n \"CVE-2017-9789\",\n \"CVE-2017-10140\",\n \"CVE-2017-10989\",\n \"CVE-2017-11103\",\n \"CVE-2017-13782\",\n \"CVE-2017-13807\",\n \"CVE-2017-13808\",\n \"CVE-2017-13809\",\n \"CVE-2017-13810\",\n \"CVE-2017-13811\",\n \"CVE-2017-13812\",\n \"CVE-2017-13813\",\n \"CVE-2017-13814\",\n \"CVE-2017-13815\",\n \"CVE-2017-13816\",\n \"CVE-2017-13817\",\n \"CVE-2017-13818\",\n \"CVE-2017-13819\",\n \"CVE-2017-13820\",\n \"CVE-2017-13821\",\n \"CVE-2017-13822\",\n \"CVE-2017-13823\",\n \"CVE-2017-13824\",\n \"CVE-2017-13825\",\n \"CVE-2017-13827\",\n \"CVE-2017-13828\",\n \"CVE-2017-13829\",\n \"CVE-2017-13830\",\n \"CVE-2017-13831\",\n \"CVE-2017-13832\",\n \"CVE-2017-13833\",\n \"CVE-2017-13834\",\n \"CVE-2017-13836\",\n \"CVE-2017-13837\",\n \"CVE-2017-13838\",\n \"CVE-2017-13839\",\n \"CVE-2017-13840\",\n \"CVE-2017-13841\",\n \"CVE-2017-13842\",\n \"CVE-2017-13843\",\n \"CVE-2017-13846\",\n \"CVE-2017-13850\",\n \"CVE-2017-13851\",\n \"CVE-2017-13853\",\n \"CVE-2017-13854\",\n \"CVE-2017-13873\",\n \"CVE-2017-1000373\"\n );\n script_bugtraq_id(\n 91816,\n 93055,\n 94337,\n 94650,\n 95076,\n 95077,\n 95078,\n 95131,\n 95248,\n 97045,\n 97046,\n 97049,\n 97050,\n 97051,\n 97052,\n 97058,\n 97074,\n 97076,\n 97078,\n 97201,\n 99132,\n 99134,\n 99135,\n 99137,\n 99170,\n 99177,\n 99276,\n 99502,\n 99551,\n 99568,\n 99569,\n 100987,\n 100990,\n 100991,\n 100992,\n 100993,\n 100999,\n 102100\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-09-25-1\");\n\n script_name(english:\"macOS < 10.13 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X / macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is prior to\n10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is\nnot macOS 10.13. It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - apache\n - AppSandbox\n - AppleScript\n - Application Firewall\n - ATS\n - Audio\n - CFNetwork\n - CFNetwork Proxies\n - CFString\n - Captive Network Assistant\n - CoreAudio\n - CoreText\n - DesktopServices\n - Directory Utility\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - IOFireWireFamily\n - ImageIO\n - Installer\n - Kernel\n - kext tools\n - libarchive\n - libc\n - libexpat\n - Mail\n - Mail Drafts\n - ntp\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - SQLite\n - Sandbox\n - Screen Lock\n - Security\n - Spotlight\n - WebKit\n - zlib\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208165\");\n # https://lists.apple.com/archives/security-announce/2017/Sep/msg00005.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9cfca404\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.13 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = pregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (empty_or_null(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nfixed_version = \"10.13\";\n\n# Patches exist for 10.10.5, OS X Yosemite v10.11.6 and OS X El Capitan v10.12.6\n# https://support.apple.com/en-us/HT208221\n# Do NOT mark them as vuln\nif (\n # No 10.x patch below 10.10.5\n ver_compare(ver:version, fix:'10.10.5', strict:FALSE) == -1\n ||\n # No 10.11.x patch below 10.11.6\n (\n version =~\"^10\\.11($|[^0-9])\"\n &&\n ver_compare(ver:version, fix:'10.11.6', strict:FALSE) == -1\n )\n ||\n # No 10.12.x patch below 10.12.6\n (\n version =~\"^10\\.12($|[^0-9])\"\n &&\n ver_compare(ver:version, fix:'10.12.6', strict:FALSE) == -1\n )\n)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:25:54", "description": "The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - 802.1X\n - apache\n - AppleScript\n - ATS\n - Audio\n - CFString\n - CoreText\n - curl\n - Dictionary Widget\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - ImageIO\n - Kernel\n - libarchive\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - Sandbox\n - StreamingZip\n - tcpdump\n - Wi-Fi", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-11-03T00:00:00", "title": "macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-13008", "CVE-2017-13038", "CVE-2017-13040", "CVE-2017-12902", "CVE-2017-13810", "CVE-2017-12986", "CVE-2017-13036", "CVE-2017-13031", "CVE-2017-12896", "CVE-2016-2161", "CVE-2017-12893", "CVE-2017-13037", "CVE-2017-13053", "CVE-2017-13799", "CVE-2017-13840", "CVE-2017-12998", "CVE-2017-13080", "CVE-2017-13006", "CVE-2017-13843", "CVE-2017-11543", "CVE-2017-13049", "CVE-2017-13026", "CVE-2017-13809", "CVE-2017-13017", "CVE-2017-13687", "CVE-2017-12991", "CVE-2017-13016", "CVE-2017-12897", "CVE-2017-13051", "CVE-2017-13029", "CVE-2017-3167", "CVE-2017-13035", "CVE-2017-13823", "CVE-2017-13689", "CVE-2016-8743", "CVE-2017-13027", "CVE-2017-13010", "CVE-2017-12900", "CVE-2017-13822", "CVE-2017-13046", "CVE-2017-12901", "CVE-2017-11103", "CVE-2017-13906", "CVE-2017-13022", "CVE-2017-13846", "CVE-2017-13019", "CVE-2017-13043", "CVE-2017-7132", "CVE-2017-5969", "CVE-2017-13908", "CVE-2017-11108", "CVE-2017-13811", "CVE-2017-13815", "CVE-2017-13054", "CVE-2017-13688", "CVE-2017-9049", "CVE-2017-13050", "CVE-2017-12895", "CVE-2017-12997", "CVE-2017-13013", "CVE-2017-13048", "CVE-2017-12985", "CVE-2017-13820", "CVE-2017-13836", "CVE-2017-13078", "CVE-2017-12996", "CVE-2017-13690", "CVE-2017-13808", "CVE-2017-12992", "CVE-2017-13005", "CVE-2017-13014", "CVE-2017-13052", "CVE-2017-13813", "CVE-2017-13831", "CVE-2017-12993", "CVE-2017-7376", "CVE-2017-12990", "CVE-2017-13725", "CVE-2017-13024", "CVE-2017-13833", "CVE-2017-11542", "CVE-2017-13804", "CVE-2017-13812", "CVE-2017-13824", "CVE-2017-13028", "CVE-2017-1000101", "CVE-2016-4736", "CVE-2017-11541", "CVE-2017-13000", "CVE-2017-13041", "CVE-2017-13829", "CVE-2017-13828", "CVE-2017-13015", "CVE-2017-13821", "CVE-2017-13834", "CVE-2017-13830", "CVE-2017-12988", "CVE-2017-13018", "CVE-2017-13838", "CVE-2017-13818", "CVE-2017-12999", "CVE-2017-12899", "CVE-2016-8740", "CVE-2017-10140", "CVE-2017-13841", "CVE-2017-9788", "CVE-2017-13020", "CVE-2017-13032", "CVE-2017-13025", "CVE-2016-5387", "CVE-2017-13011", "CVE-2017-13042", "CVE-2017-1000100", "CVE-2017-13003", "CVE-2017-9789", "CVE-2017-13047", "CVE-2017-13782", "CVE-2017-13807", "CVE-2017-13012", "CVE-2017-7170", "CVE-2017-7668", "CVE-2017-13044", "CVE-2017-13004", "CVE-2017-13819", "CVE-2017-13814", "CVE-2017-13033", "CVE-2017-13817", "CVE-2017-13009", "CVE-2017-3169", "CVE-2017-13007", "CVE-2017-13055", "CVE-2017-13001", "CVE-2017-13077", "CVE-2017-12987", "CVE-2017-13030", "CVE-2017-7659", "CVE-2017-13023", "CVE-2017-7150", "CVE-2017-13002", "CVE-2017-13039", "CVE-2017-13825", "CVE-2017-13801", "CVE-2017-13842", "CVE-2016-0736", "CVE-2017-5130", "CVE-2017-12994", "CVE-2017-12995", "CVE-2017-12989", "CVE-2017-12894", "CVE-2017-13021", "CVE-2017-12898", "CVE-2017-13045", "CVE-2017-7679", "CVE-2017-9050", "CVE-2017-13034"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2017-004.NASL", "href": "https://www.tenable.com/plugins/nessus/104379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104379);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/06/19 15:17:43\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-4736\",\n \"CVE-2016-5387\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2017-1000100\",\n \"CVE-2017-1000101\",\n \"CVE-2017-10140\",\n \"CVE-2017-11103\",\n \"CVE-2017-11108\",\n \"CVE-2017-11541\",\n \"CVE-2017-11542\",\n \"CVE-2017-11543\",\n \"CVE-2017-12893\",\n \"CVE-2017-12894\",\n \"CVE-2017-12895\",\n \"CVE-2017-12896\",\n \"CVE-2017-12897\",\n \"CVE-2017-12898\",\n \"CVE-2017-12899\",\n \"CVE-2017-12900\",\n \"CVE-2017-12901\",\n \"CVE-2017-12902\",\n \"CVE-2017-12985\",\n \"CVE-2017-12986\",\n \"CVE-2017-12987\",\n \"CVE-2017-12988\",\n \"CVE-2017-12989\",\n \"CVE-2017-12990\",\n \"CVE-2017-12991\",\n \"CVE-2017-12992\",\n \"CVE-2017-12993\",\n \"CVE-2017-12994\",\n \"CVE-2017-12995\",\n \"CVE-2017-12996\",\n \"CVE-2017-12997\",\n \"CVE-2017-12998\",\n \"CVE-2017-12999\",\n \"CVE-2017-13000\",\n \"CVE-2017-13001\",\n \"CVE-2017-13002\",\n \"CVE-2017-13003\",\n \"CVE-2017-13004\",\n \"CVE-2017-13005\",\n \"CVE-2017-13006\",\n \"CVE-2017-13007\",\n \"CVE-2017-13008\",\n \"CVE-2017-13009\",\n \"CVE-2017-13010\",\n \"CVE-2017-13011\",\n \"CVE-2017-13012\",\n \"CVE-2017-13013\",\n \"CVE-2017-13014\",\n \"CVE-2017-13015\",\n \"CVE-2017-13016\",\n \"CVE-2017-13017\",\n \"CVE-2017-13018\",\n \"CVE-2017-13019\",\n \"CVE-2017-13020\",\n \"CVE-2017-13021\",\n \"CVE-2017-13022\",\n \"CVE-2017-13023\",\n \"CVE-2017-13024\",\n \"CVE-2017-13025\",\n \"CVE-2017-13026\",\n \"CVE-2017-13027\",\n \"CVE-2017-13028\",\n \"CVE-2017-13029\",\n \"CVE-2017-13030\",\n \"CVE-2017-13031\",\n \"CVE-2017-13032\",\n \"CVE-2017-13033\",\n \"CVE-2017-13034\",\n \"CVE-2017-13035\",\n \"CVE-2017-13036\",\n \"CVE-2017-13037\",\n \"CVE-2017-13038\",\n \"CVE-2017-13039\",\n \"CVE-2017-13040\",\n \"CVE-2017-13041\",\n \"CVE-2017-13042\",\n \"CVE-2017-13043\",\n \"CVE-2017-13044\",\n \"CVE-2017-13045\",\n \"CVE-2017-13046\",\n \"CVE-2017-13047\",\n \"CVE-2017-13048\",\n \"CVE-2017-13049\",\n \"CVE-2017-13050\",\n \"CVE-2017-13051\",\n \"CVE-2017-13052\",\n \"CVE-2017-13053\",\n \"CVE-2017-13054\",\n \"CVE-2017-13055\",\n \"CVE-2017-13077\",\n \"CVE-2017-13078\",\n \"CVE-2017-13080\",\n \"CVE-2017-13687\",\n \"CVE-2017-13688\",\n \"CVE-2017-13689\",\n \"CVE-2017-13690\",\n \"CVE-2017-13725\",\n \"CVE-2017-13782\",\n \"CVE-2017-13799\",\n \"CVE-2017-13801\",\n \"CVE-2017-13804\",\n \"CVE-2017-13807\",\n \"CVE-2017-13808\",\n \"CVE-2017-13809\",\n \"CVE-2017-13810\",\n \"CVE-2017-13811\",\n \"CVE-2017-13812\",\n \"CVE-2017-13813\",\n \"CVE-2017-13814\",\n \"CVE-2017-13815\",\n \"CVE-2017-13817\",\n \"CVE-2017-13818\",\n \"CVE-2017-13819\",\n \"CVE-2017-13820\",\n \"CVE-2017-13821\",\n \"CVE-2017-13822\",\n \"CVE-2017-13823\",\n \"CVE-2017-13824\",\n \"CVE-2017-13825\",\n \"CVE-2017-13828\",\n \"CVE-2017-13829\",\n \"CVE-2017-13830\",\n \"CVE-2017-13831\",\n \"CVE-2017-13833\",\n \"CVE-2017-13834\",\n \"CVE-2017-13836\",\n \"CVE-2017-13838\",\n \"CVE-2017-13840\",\n \"CVE-2017-13841\",\n \"CVE-2017-13842\",\n \"CVE-2017-13843\",\n \"CVE-2017-13846\",\n \"CVE-2017-13906\",\n \"CVE-2017-13908\",\n \"CVE-2017-3167\",\n \"CVE-2017-3169\",\n \"CVE-2017-5130\",\n \"CVE-2017-5969\",\n \"CVE-2017-7132\",\n \"CVE-2017-7150\",\n \"CVE-2017-7170\",\n \"CVE-2017-7376\",\n \"CVE-2017-7659\",\n \"CVE-2017-7668\",\n \"CVE-2017-7679\",\n \"CVE-2017-9049\",\n \"CVE-2017-9050\",\n \"CVE-2017-9788\",\n \"CVE-2017-9789\"\n );\n script_bugtraq_id(\n 100249,\n 100286,\n 100913,\n 100914,\n 101177,\n 101274,\n 101482,\n 102100,\n 91816,\n 93055,\n 94650,\n 95076,\n 95077,\n 95078,\n 96188,\n 98568,\n 98601,\n 98877,\n 99132,\n 99134,\n 99135,\n 99137,\n 99170,\n 99551,\n 99568,\n 99569,\n 99938,\n 99939,\n 99940,\n 99941\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-10-31-2\");\n script_xref(name:\"IAVA\", value:\"2017-A-0310\");\n\n script_name(english:\"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)\");\n script_summary(english:\"Checks for the presence of Security Update 2017-004.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS or Mac OS X security update that\nfixes multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is\nmissing a security update. It is therefore, affected by multiple\nvulnerabilities affecting the following components :\n\n - 802.1X\n - apache\n - AppleScript\n - ATS\n - Audio\n - CFString\n - CoreText\n - curl\n - Dictionary Widget\n - file\n - Fonts\n - fsck_msdos\n - HFS\n - Heimdal\n - HelpViewer\n - ImageIO\n - Kernel\n - libarchive\n - Open Scripting Architecture\n - PCRE\n - Postfix\n - Quick Look\n - QuickTime\n - Remote Management\n - Sandbox\n - StreamingZip\n - tcpdump\n - Wi-Fi\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208221\");\n # https://lists.apple.com/archives/security-announce/2017/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3881783e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2017-004 or later for 10.11.x or\nSecurity Update 2017-001 or later for 10.12.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7376\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nget_kb_item_or_exit(\"Host/local_checks_enabled\");\nos = get_kb_item_or_exit(\"Host/MacOSX/Version\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11\\.6|12\\.6)([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.11.6 or Mac OS X 10.12.6\");\n\nif (\"10.11.6\" >< os)\n patch = \"2017-004\";\nelse\n patch = \"2017-001\";\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = pgrep(\n pattern:\"^com\\.apple\\.pkg\\.update\\.(security\\.|os\\.SecUpd).*bom$\",\n string:packages\n);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = pregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}