Lucene search

Tenable700034.PRM

HistoryMar 31, 2017 - 12:00 a.m.

Apple iOS < 10.3 Multiple Vulnerabilities

2017-03-3100:00:00

Tenable

www.tenable.com

JSON

The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities :

An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)
An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)
A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391)
A flaw exists in the ‘SecKeyRawVerify()’ function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)

Additional flaws exist in the following components :

Carbon (CVE-2017-2379)
CoreGraphics (CVE-2017-2417)
DataAccess (CVE-2017-2414)
FontParser (CVE-2017-2406, CVE-2017-2407)
iCloud (CVE-2017-2397)
ImageIO (CVE-2017-2416)
iTunes Store (CVE-2017-2412)
Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490)
libarchive (CVE-2017-2390)
Pasteboard (CVE-2017-2399)
Quick Look (CVE-2017-2404)
Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400)
Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)

Binary data 700034.prm

VendorProductVersionCPE
appleiphone_oscpe:/o:apple:iphone_os

Vendor	Product	Version	CPE
apple	iphone_os		cpe:/o:apple:iphone_os

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2367

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2376

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2378

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2379

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2384

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2386

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2389

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2390

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2391

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2393

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2394

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2395

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2396

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2397

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2398

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2399

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2400

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2401

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2404

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2405

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2406

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2407

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2412

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2414

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2415

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2416

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2417

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2419

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2423

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2424

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2428

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2430

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2432

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2433

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2434

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2435

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2439

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2440

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2441

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2442

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2444

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2445

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2446

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2447

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2448

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2450

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2451

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2452

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2453

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2454

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2455

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2456

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2457

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2458

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2459

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2460

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2461

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2462

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2464

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2465

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2466

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2467

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2468

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2469

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2470

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2471

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2472

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2473

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2474

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2475

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2476

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2478

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2481

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2482

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2483

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2484

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2485

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2486

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2487

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2490

support.apple.com/en-us/HT207600

support.apple.com/en-us/HT207601

support.apple.com/en-us/HT207602

support.apple.com/en-us/HT207617

threatpost.com/apple-fixes-223-vulnerabilities-across-macos-ios-safari/124599

JSON

Related for 700034.PRM