Apple iOS < 10.3 Multiple Vulnerabilities


The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities : - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376) - An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389) - A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391) - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423) Additional flaws exist in the following components : - Carbon (CVE-2017-2379) - CoreGraphics (CVE-2017-2417) - DataAccess (CVE-2017-2414) - FontParser (CVE-2017-2406, CVE-2017-2407) - iCloud (CVE-2017-2397) - ImageIO (CVE-2017-2416) - iTunes Store (CVE-2017-2412) - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490) - libarchive (CVE-2017-2390) - Pasteboard (CVE-2017-2399) - Quick Look (CVE-2017-2404) - Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400) - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)