CERTFR-2017-AVI-229
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions antérieures à 3.2.3 | ||
| Apple | N/A | Yosemite sans le correctif de sécurité 2017-003 | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 6.2.2 | ||
| Apple | Safari | Safari versions antérieures à 10.1.2 | ||
| Apple | macOS | macOS Sierra verions antérieures à 10.12.6 | ||
| Apple | N/A | iTunes pour Windows versions antérieures à 12.6.2 | ||
| Apple | N/A | El Capitan sans le correctif de sécurité 2017-003 | ||
| Apple | N/A | tvOS versions antérieures à 10.2.2 | ||
| Apple | N/A | iOS versions antérieures à 10.3.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Yosemite sans le correctif de s\u00e9curit\u00e9 2017-003",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 10.1.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra verions ant\u00e9rieures \u00e0 10.12.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "El Capitan sans le correctif de s\u00e9curit\u00e9 2017-003",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 10.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7016",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7016"
},
{
"name": "CVE-2017-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7008"
},
{
"name": "CVE-2017-7037",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7037"
},
{
"name": "CVE-2017-7017",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7017"
},
{
"name": "CVE-2017-7011",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7011"
},
{
"name": "CVE-2017-7023",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7023"
},
{
"name": "CVE-2017-7056",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7056"
},
{
"name": "CVE-2017-2517",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2517"
},
{
"name": "CVE-2017-7029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7029"
},
{
"name": "CVE-2017-7054",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7054"
},
{
"name": "CVE-2017-7025",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7025"
},
{
"name": "CVE-2017-7021",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7021"
},
{
"name": "CVE-2017-7047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7047"
},
{
"name": "CVE-2017-7041",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7041"
},
{
"name": "CVE-2017-7069",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7069"
},
{
"name": "CVE-2017-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7064"
},
{
"name": "CVE-2016-9594",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9594"
},
{
"name": "CVE-2017-7067",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7067"
},
{
"name": "CVE-2017-7045",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7045"
},
{
"name": "CVE-2017-7015",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7015"
},
{
"name": "CVE-2017-7048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7048"
},
{
"name": "CVE-2017-8248",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8248"
},
{
"name": "CVE-2017-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7039"
},
{
"name": "CVE-2017-7043",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7043"
},
{
"name": "CVE-2017-7059",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7059"
},
{
"name": "CVE-2017-7024",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7024"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-7060",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7060"
},
{
"name": "CVE-2017-7031",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7031"
},
{
"name": "CVE-2017-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7036"
},
{
"name": "CVE-2017-7050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7050"
},
{
"name": "CVE-2017-7044",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7044"
},
{
"name": "CVE-2017-7068",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7068"
},
{
"name": "CVE-2017-7061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7061"
},
{
"name": "CVE-2017-7468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7468"
},
{
"name": "CVE-2017-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2629"
},
{
"name": "CVE-2017-7063",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7063"
},
{
"name": "CVE-2017-7026",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7026"
},
{
"name": "CVE-2017-7058",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7058"
},
{
"name": "CVE-2017-7009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7009"
},
{
"name": "CVE-2017-7010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7010"
},
{
"name": "CVE-2017-7055",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7055"
},
{
"name": "CVE-2017-7042",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7042"
},
{
"name": "CVE-2017-7040",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7040"
},
{
"name": "CVE-2017-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7053"
},
{
"name": "CVE-2017-7038",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7038"
},
{
"name": "CVE-2017-7020",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7020"
},
{
"name": "CVE-2017-7019",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7019"
},
{
"name": "CVE-2017-7027",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7027"
},
{
"name": "CVE-2017-7052",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7052"
},
{
"name": "CVE-2017-7046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7046"
},
{
"name": "CVE-2017-7007",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7007"
},
{
"name": "CVE-2017-7062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7062"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-7012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7012"
},
{
"name": "CVE-2017-7018",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7018"
},
{
"name": "CVE-2017-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7006"
},
{
"name": "CVE-2017-7014",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7014"
},
{
"name": "CVE-2017-7049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7049"
},
{
"name": "CVE-2017-7051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7051"
},
{
"name": "CVE-2017-7034",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7034"
},
{
"name": "CVE-2017-7013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7013"
},
{
"name": "CVE-2017-7022",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7022"
},
{
"name": "CVE-2017-7030",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7030"
},
{
"name": "CVE-2017-7028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7028"
},
{
"name": "CVE-2017-7033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7033"
},
{
"name": "CVE-2017-7032",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7032"
},
{
"name": "CVE-2017-7035",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7035"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-229",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207923 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207923"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207927 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT20797"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207925 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207925"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207924 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207924"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207928 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT20798"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207922 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207922"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT207921 du 19 juillet 2017",
"url": "https://support.apple.com/en-us/HT207921"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…