The version of Apple iOS running on the mobile device is prior to 10.3.3. It is, therefore, affected by multiple vulnerabilities :
A flaw exists in Safari due to inconsistent user interface behavior. An unauthenticated, remote attacker can exploit this, via a malicious website, to spoof the address bar. (CVE-2017-2517)
An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)
A denial of service vulnerability exists in the EventKitUI component that allows an unauthenticated, remote attacker to exhaust available resources, causing an application to terminate. (CVE-2017-7007)
A remote code execution vulnerability exists in the CoreAudio component due to improper validation of user-supplied input when handling movie files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted movie file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7008)
A memory corruption issue exists in the IOUSBFamily component due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-7009)
Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information.
(CVE-2017-7010, CVE-2017-7013)
A unspecified flaw exists in the Webkit component that allows an unauthenticated, remote attacker to spoof the address bar via a malicious website. (CVE-2017-7011)
Multiple memory corruption issues exist in the Webkit Web Inspector component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted web page, to corrupt memory, resulting in the execution of arbitrary code. (CVE-2017-7012)
Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)
A memory corruption issue exists in the ‘WebKit Page Loading’ component due to improper validation of input.
An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)
Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7022, CVE-2017-7024, CVE-2017-7026)
Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069)
Multiple unspecified flaws exist in the kernel due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory.
(CVE-2017-7028, CVE-2017-7029)
Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user’s browser session. (CVE-2017-7038, CVE-2017-7059)
A memory corruption issue exists in the libxpc component due to improper validation of input. A local attacker can exploit this issue, via a specifically crafted application, to cause a denial of service condition or the execution of arbitrary code with system privileges.
(CVE-2017-7047)
An information disclosure vulnerability exists due to the device displaying notifications on the lock screen even when disabled. A local attacker can exploit this to gain potentially sensitive information. (CVE-2017-7058)
A denial of service vulnerability exists in Safari printing when handling a specially crafted web page that results in creating an infinite number of print dialogs.
An unauthenticated, remote attacker can exploit this to cause a user to believe that the browser has locked up. (CVE-2017-7060)
A buffer overflow condition exists in the Contacts component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7062)
A denial of service vulnerability exists in the Messages component due to improper handling of memory. An unauthenticated, remote attacker can exploit this to consume excessive resources, resulting in an unexpected application termination. (CVE-2017-7063)
An unspecified memory initialization issue exists in Webkit. A local attacker can exploit this, via a specially crafted application, to disclose the contents of restricted memory. (CVE-2017-7064)
A buffer overflow condition exists in the libarchive component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7068)
A memory corruption issue exists in the Telephony component due to improper validation of user-supplied input. A man-in-the-middle attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-8248)
A memory corruption issue exists in the Broadcom BCM43xx family Wi-Fi Chips component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-9417)
Binary data apple_ios_1033_check.nbin
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417
support.apple.com/en-us/HT207923
www.zerodayinitiative.com/advisories/ZDI-17-489/