Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-13844 (GCVE-0-2017-13844)
Vulnerability from cvelistv5 – Published: 2017-11-13 03:00 – Updated: 2024-08-05 19:13
VLAI?
EPSS
Summary
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:40.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208222"
},
{
"name": "102099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102099"
},
{
"name": "1039703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208222"
},
{
"name": "102099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102099"
},
{
"name": "1039703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208222",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208222"
},
{
"name": "102099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102099"
},
{
"name": "1039703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2017-13844",
"datePublished": "2017-11-13T03:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:40.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1\", \"matchCriteriaId\": \"CC194892-4EE5-4F92-93CB-19FB6E0BE235\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \\\"Messages\\\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.1 se han visto afectadas. El problema afecta al componente \\\"Messages\\\". Permite que los atacantes pr\\u00f3ximos f\\u00edsicamente visualicen fotos arbitrarias mediante una acci\\u00f3n Reply With Message en el estado de bloqueo de pantalla.\"}]",
"id": "CVE-2017-13844",
"lastModified": "2024-11-21T03:11:47.293",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.4, \"baseSeverity\": \"LOW\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-11-13T03:29:02.367",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/102099\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039703\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT208222\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102099\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039703\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT208222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-13844\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-11-13T03:29:02.367\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \\\"Messages\\\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.1 se han visto afectadas. El problema afecta al componente \\\"Messages\\\". Permite que los atacantes pr\u00f3ximos f\u00edsicamente visualicen fotos arbitrarias mediante una acci\u00f3n Reply With Message en el estado de bloqueo de pantalla.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"CC194892-4EE5-4F92-93CB-19FB6E0BE235\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102099\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039703\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT208222\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT208222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CNVD-2017-34155
Vulnerability from cnvd - Published: 2017-11-15
VLAI Severity ?
Title
Apple iOS Messages照片访问漏洞
Description
Apple iOS是美国苹果(Apple)公司为移动设备所开发的一套操作系统。Messages是其中的一个用于发送的文本、照片和视频的应用程序组件。
Apple iOS 11.1之前的版本中的Messages组件存在照片访问漏洞。物理位置临近的攻击者可利用该漏洞从已锁定的屏幕上浏览任意照片。
Severity
低
Patch Name
Apple iOS Messages照片访问漏洞的补丁
Patch Description
Apple iOS是美国苹果(Apple)公司为移动设备所开发的一套操作系统。Messages是其中的一个用于发送的文本、照片和视频的应用程序组件。
Apple iOS 11.1之前的版本中的Messages组件存在照片访问漏洞。物理位置临近的攻击者可利用该漏洞从已锁定的屏幕上浏览任意照片。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://support.apple.com/zh-cn/HT208222
Reference
https://support.apple.com/en-us/HT208222
Impacted products
| Name | Apple IOS <11.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-13844"
}
},
"description": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Messages\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7684\u6587\u672c\u3001\u7167\u7247\u548c\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 11.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Messages\u7ec4\u4ef6\u5b58\u5728\u7167\u7247\u8bbf\u95ee\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u5df2\u9501\u5b9a\u7684\u5c4f\u5e55\u4e0a\u6d4f\u89c8\u4efb\u610f\u7167\u7247\u3002",
"discovererName": "iDeviceHelp INC \u7684 Miguel Alvarado",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT208222",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-34155",
"openTime": "2017-11-15",
"patchDescription": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Messages\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7684\u6587\u672c\u3001\u7167\u7247\u548c\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 11.1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Messages\u7ec4\u4ef6\u5b58\u5728\u7167\u7247\u8bbf\u95ee\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u5df2\u9501\u5b9a\u7684\u5c4f\u5e55\u4e0a\u6d4f\u89c8\u4efb\u610f\u7167\u7247\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apple iOS Messages\u7167\u7247\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple IOS \u003c11.1"
},
"referenceLink": "https://support.apple.com/en-us/HT208222",
"serverity": "\u4f4e",
"submitTime": "2017-11-01",
"title": "Apple iOS Messages\u7167\u7247\u8bbf\u95ee\u6f0f\u6d1e"
}
CERTFR-2017-AVI-385
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iOS versions antérieures à 11.1 | ||
| Apple | N/A | watchOS versions antérieures à 4.1 | ||
| Apple | macOS | macOS Sierra versions sans le correctif de sécurité 2017-001 | ||
| Apple | N/A | tvOS versions antérieures à 11.1 | ||
| Apple | macOS | macOS El Capitan sans le correctif de sécurité 2017-004 | ||
| Apple | N/A | iTunes versions antérieures à 12.7.1 sur Windows | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 7.1 | ||
| Apple | Safari | Safari versions antérieures à 11.0.1 | ||
| Apple | macOS | macOS High Sierra versions antérieures à 10.13.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions sans le correctif de s\u00e9curit\u00e9 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS El Capitan sans le correctif de s\u00e9curit\u00e9 2017-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.7.1 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13802",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13802"
},
{
"name": "CVE-2017-13818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13818"
},
{
"name": "CVE-2017-13052",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13052"
},
{
"name": "CVE-2017-12993",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12993"
},
{
"name": "CVE-2017-13018",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13018"
},
{
"name": "CVE-2017-13043",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13043"
},
{
"name": "CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"name": "CVE-2017-9789",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9789"
},
{
"name": "CVE-2017-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7659"
},
{
"name": "CVE-2016-4736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
},
{
"name": "CVE-2017-13050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13050"
},
{
"name": "CVE-2017-13816",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13816"
},
{
"name": "CVE-2017-13798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13798"
},
{
"name": "CVE-2017-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11108"
},
{
"name": "CVE-2017-13017",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13017"
},
{
"name": "CVE-2017-13831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13831"
},
{
"name": "CVE-2017-11543",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11543"
},
{
"name": "CVE-2017-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13790"
},
{
"name": "CVE-2017-13000",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13000"
},
{
"name": "CVE-2017-13807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13807"
},
{
"name": "CVE-2017-13843",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13843"
},
{
"name": "CVE-2017-13055",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13055"
},
{
"name": "CVE-2017-7668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
},
{
"name": "CVE-2017-13041",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13041"
},
{
"name": "CVE-2017-12902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12902"
},
{
"name": "CVE-2017-13834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13834"
},
{
"name": "CVE-2017-13007",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13007"
},
{
"name": "CVE-2017-13687",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13687"
},
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-12986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12986"
},
{
"name": "CVE-2017-13821",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13821"
},
{
"name": "CVE-2017-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13033"
},
{
"name": "CVE-2017-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13817"
},
{
"name": "CVE-2017-13799",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13799"
},
{
"name": "CVE-2017-12901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12901"
},
{
"name": "CVE-2017-13832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13832"
},
{
"name": "CVE-2017-13011",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13011"
},
{
"name": "CVE-2017-13046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13046"
},
{
"name": "CVE-2017-13840",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13840"
},
{
"name": "CVE-2017-12897",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12897"
},
{
"name": "CVE-2017-13809",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13809"
},
{
"name": "CVE-2017-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13822"
},
{
"name": "CVE-2017-7113",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7113"
},
{
"name": "CVE-2017-13800",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13800"
},
{
"name": "CVE-2017-13786",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13786"
},
{
"name": "CVE-2017-13003",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13003"
},
{
"name": "CVE-2017-13815",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13815"
},
{
"name": "CVE-2017-13013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13013"
},
{
"name": "CVE-2017-13001",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13001"
},
{
"name": "CVE-2017-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13009"
},
{
"name": "CVE-2017-1000101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
},
{
"name": "CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"name": "CVE-2017-13048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13048"
},
{
"name": "CVE-2017-13054",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13054"
},
{
"name": "CVE-2017-13038",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13038"
},
{
"name": "CVE-2017-13841",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13841"
},
{
"name": "CVE-2017-13010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13010"
},
{
"name": "CVE-2017-12990",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12990"
},
{
"name": "CVE-2017-13783",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13783"
},
{
"name": "CVE-2017-13047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13047"
},
{
"name": "CVE-2017-12991",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12991"
},
{
"name": "CVE-2017-13805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13805"
},
{
"name": "CVE-2017-13811",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13811"
},
{
"name": "CVE-2017-13849",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13849"
},
{
"name": "CVE-2017-13032",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13032"
},
{
"name": "CVE-2017-13801",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13801"
},
{
"name": "CVE-2017-13051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13051"
},
{
"name": "CVE-2017-13036",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13036"
},
{
"name": "CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"name": "CVE-2017-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13844"
},
{
"name": "CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"name": "CVE-2017-13795",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13795"
},
{
"name": "CVE-2017-13690",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13690"
},
{
"name": "CVE-2017-13838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13838"
},
{
"name": "CVE-2017-11542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11542"
},
{
"name": "CVE-2017-13842",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13842"
},
{
"name": "CVE-2017-12997",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12997"
},
{
"name": "CVE-2017-13045",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13045"
},
{
"name": "CVE-2017-13026",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13026"
},
{
"name": "CVE-2017-13785",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13785"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2017-13796",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13796"
},
{
"name": "CVE-2017-13782",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13782"
},
{
"name": "CVE-2017-13784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13784"
},
{
"name": "CVE-2017-13042",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13042"
},
{
"name": "CVE-2017-12992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12992"
},
{
"name": "CVE-2017-13027",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13027"
},
{
"name": "CVE-2017-13034",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13034"
},
{
"name": "CVE-2017-13794",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13794"
},
{
"name": "CVE-2017-13015",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13015"
},
{
"name": "CVE-2017-13725",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13725"
},
{
"name": "CVE-2017-13819",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13819"
},
{
"name": "CVE-2017-13044",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13044"
},
{
"name": "CVE-2017-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12900"
},
{
"name": "CVE-2017-12994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12994"
},
{
"name": "CVE-2017-12998",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12998"
},
{
"name": "CVE-2017-13029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13029"
},
{
"name": "CVE-2017-13037",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13037"
},
{
"name": "CVE-2017-13788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13788"
},
{
"name": "CVE-2017-7132",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7132"
},
{
"name": "CVE-2017-13810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13810"
},
{
"name": "CVE-2017-13039",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13039"
},
{
"name": "CVE-2017-13791",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13791"
},
{
"name": "CVE-2017-13023",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13023"
},
{
"name": "CVE-2017-13020",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13020"
},
{
"name": "CVE-2017-13021",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13021"
},
{
"name": "CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"name": "CVE-2017-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12896"
},
{
"name": "CVE-2017-13824",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13824"
},
{
"name": "CVE-2017-13049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13049"
},
{
"name": "CVE-2017-12999",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12999"
},
{
"name": "CVE-2017-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13836"
},
{
"name": "CVE-2017-13823",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13823"
},
{
"name": "CVE-2017-13846",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13846"
},
{
"name": "CVE-2017-12988",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12988"
},
{
"name": "CVE-2017-13789",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13789"
},
{
"name": "CVE-2017-12985",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12985"
},
{
"name": "CVE-2017-12899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12899"
},
{
"name": "CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"name": "CVE-2017-13014",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13014"
},
{
"name": "CVE-2017-12894",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12894"
},
{
"name": "CVE-2017-13804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13804"
},
{
"name": "CVE-2017-13024",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13024"
},
{
"name": "CVE-2017-13004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13004"
},
{
"name": "CVE-2017-12996",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12996"
},
{
"name": "CVE-2017-13830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13830"
},
{
"name": "CVE-2017-12893",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12893"
},
{
"name": "CVE-2017-13019",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13019"
},
{
"name": "CVE-2017-13030",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13030"
},
{
"name": "CVE-2017-13808",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13808"
},
{
"name": "CVE-2017-13813",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13813"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13053"
},
{
"name": "CVE-2017-13040",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13040"
},
{
"name": "CVE-2017-13689",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13689"
},
{
"name": "CVE-2017-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11103"
},
{
"name": "CVE-2017-13005",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13005"
},
{
"name": "CVE-2017-13793",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13793"
},
{
"name": "CVE-2017-13814",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13814"
},
{
"name": "CVE-2017-12987",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12987"
},
{
"name": "CVE-2017-13826",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13826"
},
{
"name": "CVE-2017-11541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11541"
},
{
"name": "CVE-2017-13025",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13025"
},
{
"name": "CVE-2017-13828",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13828"
},
{
"name": "CVE-2017-13688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13688"
},
{
"name": "CVE-2017-13820",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13820"
},
{
"name": "CVE-2017-12995",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12995"
},
{
"name": "CVE-2017-13792",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13792"
},
{
"name": "CVE-2017-13031",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13031"
},
{
"name": "CVE-2017-13028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13028"
},
{
"name": "CVE-2017-13825",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13825"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2017-13803",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13803"
},
{
"name": "CVE-2017-13006",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13006"
},
{
"name": "CVE-2017-12895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12895"
},
{
"name": "CVE-2017-13812",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13812"
},
{
"name": "CVE-2017-13022",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13022"
},
{
"name": "CVE-2017-13012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13012"
},
{
"name": "CVE-2017-13002",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13002"
},
{
"name": "CVE-2017-13035",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13035"
},
{
"name": "CVE-2017-12989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12989"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13016",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13016"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-12898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12898"
},
{
"name": "CVE-2017-13008",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13008"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-385",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208225 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208225"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208222 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208219 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208219"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208223 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208223"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208220 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208220"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208221 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208224 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208224"
}
]
}
CERTFR-2017-AVI-385
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | iOS versions antérieures à 11.1 | ||
| Apple | N/A | watchOS versions antérieures à 4.1 | ||
| Apple | macOS | macOS Sierra versions sans le correctif de sécurité 2017-001 | ||
| Apple | N/A | tvOS versions antérieures à 11.1 | ||
| Apple | macOS | macOS El Capitan sans le correctif de sécurité 2017-004 | ||
| Apple | N/A | iTunes versions antérieures à 12.7.1 sur Windows | ||
| Apple | N/A | iCloud pour Windows versions antérieures à 7.1 | ||
| Apple | Safari | Safari versions antérieures à 11.0.1 | ||
| Apple | macOS | macOS High Sierra versions antérieures à 10.13.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iOS versions ant\u00e9rieures \u00e0 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sierra versions sans le correctif de s\u00e9curit\u00e9 2017-001",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS El Capitan sans le correctif de s\u00e9curit\u00e9 2017-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes versions ant\u00e9rieures \u00e0 12.7.1 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 11.0.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13802",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13802"
},
{
"name": "CVE-2017-13818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13818"
},
{
"name": "CVE-2017-13052",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13052"
},
{
"name": "CVE-2017-12993",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12993"
},
{
"name": "CVE-2017-13018",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13018"
},
{
"name": "CVE-2017-13043",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13043"
},
{
"name": "CVE-2017-3169",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
},
{
"name": "CVE-2017-9789",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9789"
},
{
"name": "CVE-2017-7659",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7659"
},
{
"name": "CVE-2016-4736",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4736"
},
{
"name": "CVE-2017-13050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13050"
},
{
"name": "CVE-2017-13816",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13816"
},
{
"name": "CVE-2017-13798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13798"
},
{
"name": "CVE-2017-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11108"
},
{
"name": "CVE-2017-13017",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13017"
},
{
"name": "CVE-2017-13831",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13831"
},
{
"name": "CVE-2017-11543",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11543"
},
{
"name": "CVE-2017-13790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13790"
},
{
"name": "CVE-2017-13000",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13000"
},
{
"name": "CVE-2017-13807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13807"
},
{
"name": "CVE-2017-13843",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13843"
},
{
"name": "CVE-2017-13055",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13055"
},
{
"name": "CVE-2017-7668",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
},
{
"name": "CVE-2017-13041",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13041"
},
{
"name": "CVE-2017-12902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12902"
},
{
"name": "CVE-2017-13834",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13834"
},
{
"name": "CVE-2017-13007",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13007"
},
{
"name": "CVE-2017-13687",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13687"
},
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-12986",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12986"
},
{
"name": "CVE-2017-13821",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13821"
},
{
"name": "CVE-2017-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13033"
},
{
"name": "CVE-2017-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13817"
},
{
"name": "CVE-2017-13799",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13799"
},
{
"name": "CVE-2017-12901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12901"
},
{
"name": "CVE-2017-13832",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13832"
},
{
"name": "CVE-2017-13011",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13011"
},
{
"name": "CVE-2017-13046",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13046"
},
{
"name": "CVE-2017-13840",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13840"
},
{
"name": "CVE-2017-12897",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12897"
},
{
"name": "CVE-2017-13809",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13809"
},
{
"name": "CVE-2017-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13822"
},
{
"name": "CVE-2017-7113",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7113"
},
{
"name": "CVE-2017-13800",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13800"
},
{
"name": "CVE-2017-13786",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13786"
},
{
"name": "CVE-2017-13003",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13003"
},
{
"name": "CVE-2017-13815",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13815"
},
{
"name": "CVE-2017-13013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13013"
},
{
"name": "CVE-2017-13001",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13001"
},
{
"name": "CVE-2017-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13009"
},
{
"name": "CVE-2017-1000101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
},
{
"name": "CVE-2016-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8740"
},
{
"name": "CVE-2017-13048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13048"
},
{
"name": "CVE-2017-13054",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13054"
},
{
"name": "CVE-2017-13038",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13038"
},
{
"name": "CVE-2017-13841",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13841"
},
{
"name": "CVE-2017-13010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13010"
},
{
"name": "CVE-2017-12990",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12990"
},
{
"name": "CVE-2017-13783",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13783"
},
{
"name": "CVE-2017-13047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13047"
},
{
"name": "CVE-2017-12991",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12991"
},
{
"name": "CVE-2017-13805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13805"
},
{
"name": "CVE-2017-13811",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13811"
},
{
"name": "CVE-2017-13849",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13849"
},
{
"name": "CVE-2017-13032",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13032"
},
{
"name": "CVE-2017-13801",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13801"
},
{
"name": "CVE-2017-13051",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13051"
},
{
"name": "CVE-2017-13036",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13036"
},
{
"name": "CVE-2017-9788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
},
{
"name": "CVE-2017-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13844"
},
{
"name": "CVE-2016-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2161"
},
{
"name": "CVE-2017-13795",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13795"
},
{
"name": "CVE-2017-13690",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13690"
},
{
"name": "CVE-2017-13838",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13838"
},
{
"name": "CVE-2017-11542",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11542"
},
{
"name": "CVE-2017-13842",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13842"
},
{
"name": "CVE-2017-12997",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12997"
},
{
"name": "CVE-2017-13045",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13045"
},
{
"name": "CVE-2017-13026",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13026"
},
{
"name": "CVE-2017-13785",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13785"
},
{
"name": "CVE-2016-5387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5387"
},
{
"name": "CVE-2017-13796",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13796"
},
{
"name": "CVE-2017-13782",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13782"
},
{
"name": "CVE-2017-13784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13784"
},
{
"name": "CVE-2017-13042",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13042"
},
{
"name": "CVE-2017-12992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12992"
},
{
"name": "CVE-2017-13027",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13027"
},
{
"name": "CVE-2017-13034",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13034"
},
{
"name": "CVE-2017-13794",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13794"
},
{
"name": "CVE-2017-13015",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13015"
},
{
"name": "CVE-2017-13725",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13725"
},
{
"name": "CVE-2017-13819",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13819"
},
{
"name": "CVE-2017-13044",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13044"
},
{
"name": "CVE-2017-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12900"
},
{
"name": "CVE-2017-12994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12994"
},
{
"name": "CVE-2017-12998",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12998"
},
{
"name": "CVE-2017-13029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13029"
},
{
"name": "CVE-2017-13037",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13037"
},
{
"name": "CVE-2017-13788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13788"
},
{
"name": "CVE-2017-7132",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7132"
},
{
"name": "CVE-2017-13810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13810"
},
{
"name": "CVE-2017-13039",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13039"
},
{
"name": "CVE-2017-13791",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13791"
},
{
"name": "CVE-2017-13023",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13023"
},
{
"name": "CVE-2017-13020",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13020"
},
{
"name": "CVE-2017-13021",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13021"
},
{
"name": "CVE-2017-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
},
{
"name": "CVE-2017-12896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12896"
},
{
"name": "CVE-2017-13824",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13824"
},
{
"name": "CVE-2017-13049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13049"
},
{
"name": "CVE-2017-12999",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12999"
},
{
"name": "CVE-2017-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13836"
},
{
"name": "CVE-2017-13823",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13823"
},
{
"name": "CVE-2017-13846",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13846"
},
{
"name": "CVE-2017-12988",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12988"
},
{
"name": "CVE-2017-13789",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13789"
},
{
"name": "CVE-2017-12985",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12985"
},
{
"name": "CVE-2017-12899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12899"
},
{
"name": "CVE-2017-7679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
},
{
"name": "CVE-2017-13014",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13014"
},
{
"name": "CVE-2017-12894",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12894"
},
{
"name": "CVE-2017-13804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13804"
},
{
"name": "CVE-2017-13024",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13024"
},
{
"name": "CVE-2017-13004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13004"
},
{
"name": "CVE-2017-12996",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12996"
},
{
"name": "CVE-2017-13830",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13830"
},
{
"name": "CVE-2017-12893",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12893"
},
{
"name": "CVE-2017-13019",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13019"
},
{
"name": "CVE-2017-13030",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13030"
},
{
"name": "CVE-2017-13808",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13808"
},
{
"name": "CVE-2017-13813",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13813"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-13053",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13053"
},
{
"name": "CVE-2017-13040",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13040"
},
{
"name": "CVE-2017-13689",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13689"
},
{
"name": "CVE-2017-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11103"
},
{
"name": "CVE-2017-13005",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13005"
},
{
"name": "CVE-2017-13793",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13793"
},
{
"name": "CVE-2017-13814",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13814"
},
{
"name": "CVE-2017-12987",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12987"
},
{
"name": "CVE-2017-13826",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13826"
},
{
"name": "CVE-2017-11541",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11541"
},
{
"name": "CVE-2017-13025",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13025"
},
{
"name": "CVE-2017-13828",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13828"
},
{
"name": "CVE-2017-13688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13688"
},
{
"name": "CVE-2017-13820",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13820"
},
{
"name": "CVE-2017-12995",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12995"
},
{
"name": "CVE-2017-13792",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13792"
},
{
"name": "CVE-2017-13031",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13031"
},
{
"name": "CVE-2017-13028",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13028"
},
{
"name": "CVE-2017-13825",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13825"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2017-13803",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13803"
},
{
"name": "CVE-2017-13006",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13006"
},
{
"name": "CVE-2017-12895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12895"
},
{
"name": "CVE-2017-13812",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13812"
},
{
"name": "CVE-2017-13022",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13022"
},
{
"name": "CVE-2017-13012",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13012"
},
{
"name": "CVE-2017-13002",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13002"
},
{
"name": "CVE-2017-13035",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13035"
},
{
"name": "CVE-2017-12989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12989"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13016",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13016"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-12898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12898"
},
{
"name": "CVE-2017-13008",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13008"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-385",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208225 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208225"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208222 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208219 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208219"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208223 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208223"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208220 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208220"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208221 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208224 du 31 octobre 2017",
"url": "https://support.apple.com/en-us/HT208224"
}
]
}
CERTFR-2017-AVI-451
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13883"
},
{
"name": "CVE-2017-13847",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13847"
},
{
"name": "CVE-2017-13865",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13865"
},
{
"name": "CVE-2017-13860",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13860"
},
{
"name": "CVE-2017-13858",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13858"
},
{
"name": "CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"name": "CVE-2017-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13869"
},
{
"name": "CVE-2017-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13868"
},
{
"name": "CVE-2017-13855",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13855"
},
{
"name": "CVE-2017-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13844"
},
{
"name": "CVE-2017-13833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13833"
},
{
"name": "CVE-2017-13862",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13862"
},
{
"name": "CVE-2017-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13867"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-13878",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13878"
},
{
"name": "CVE-2017-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13872"
},
{
"name": "CVE-2017-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13876"
},
{
"name": "CVE-2017-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13875"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2017-13861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13861"
},
{
"name": "CVE-2017-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13871"
},
{
"name": "CVE-2017-13848",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13848"
},
{
"name": "CVE-2017-13826",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13826"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-451",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208331 du 06 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208331"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208325 du 06 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208325"
}
]
}
CERTFR-2017-AVI-451
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13883"
},
{
"name": "CVE-2017-13847",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13847"
},
{
"name": "CVE-2017-13865",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13865"
},
{
"name": "CVE-2017-13860",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13860"
},
{
"name": "CVE-2017-13858",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13858"
},
{
"name": "CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"name": "CVE-2017-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13869"
},
{
"name": "CVE-2017-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13868"
},
{
"name": "CVE-2017-13855",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13855"
},
{
"name": "CVE-2017-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13844"
},
{
"name": "CVE-2017-13833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13833"
},
{
"name": "CVE-2017-13862",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13862"
},
{
"name": "CVE-2017-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13867"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-13878",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13878"
},
{
"name": "CVE-2017-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13872"
},
{
"name": "CVE-2017-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13876"
},
{
"name": "CVE-2017-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13875"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2017-13861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13861"
},
{
"name": "CVE-2017-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13871"
},
{
"name": "CVE-2017-13848",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13848"
},
{
"name": "CVE-2017-13826",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13826"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-451",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208331 du 06 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208331"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208325 du 06 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208325"
}
]
}
VAR-201711-0441
Vulnerability from variot - Updated: 2023-12-18 11:33An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Messages is one of the application components for sending texts, photos and videos. A security vulnerability exists in the Messages component of Apple's iOS prior to 11.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan are now available and address the following:
apache Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory Description: Multiple issues were addressed by updating to version 2.4.28. CVE-2017-9798
curl Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: Malicious FTP servers may be able to cause the client to read out-of-bounds memory Description: An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. CVE-2017-1000254: Max Dymond
Directory Utility Available for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1 Not impacted: macOS Sierra 10.12.6 and earlier Impact: An attacker may be able to bypass administrator authentication without supplying the administrator's password Description: A logic error existed in the validation of credentials. This was addressed with improved credential validation. CVE-2017-13872
Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13883: an anonymous researcher
Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13878: Ian Beer of Google Project Zero
Intel Graphics Driver Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-13875: Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift) of SoftSec, KAIST (softsec.kaist.ac.kr)
IOKit Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with system privileges Description: An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE-2017-13848: Alex Plaskett of MWR InfoSecurity CVE-2017-13858: an anonymous researcher
IOKit Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues were addressed through improved state management. CVE-2017-13847: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13862: Apple
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2017-13833: Brandon Azad
Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13876: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A type confusion issue was addressed with improved memory handling. CVE-2017-13855: Jann Horn of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13867: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13865: Ian Beer of Google Project Zero
Kernel Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13868: Brandon Azad CVE-2017-13869: Jann Horn of Google Project Zero
Mail Available for: macOS High Sierra 10.13.1 Impact: A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13871: an anonymous researcher
Mail Drafts Available for: macOS High Sierra 10.13.1 Impact: An attacker with a privileged network position may be able to intercept mail Description: An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH
OpenSSL Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X El Capitan 10.11.6 Impact: An application may be able to read restricted memory Description: An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. CVE-2017-3735: found by OSS-Fuzz
Screen Sharing Server Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6 Impact: A user with screen sharing access may be able to access any file readable by root Description: A permissions issue existed in the handling of screen sharing sessions. This issue was addressed with improved permissions handling. CVE-2017-13826: Trevor Jacques of Toronto
Installation note:
macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7 Bub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb GkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK NYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX Ywaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv z0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ oSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq xBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp 4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj 5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf BuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+ ioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs= =2VBd -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-10-31-1 iOS 11.1
iOS 11.1 is now available and addresses the following:
CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted text file may lead to an unexpected application termination Description: A denial of service issue was addressed through improved memory handling. CVE-2017-13799: an anonymous researcher
Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A lock screen issue allowed access to photos via Reply With Message on a locked device. CVE-2017-13844: Miguel Alvarado of iDeviceHelp INC
Siri Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen Description: An issue existed with Siri permissions. CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.
UIKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Characters in a secure text field might be revealed Description: The characters in a secure text field were revealed during focus change events. CVE-2017-13785: Ivan Fratric of Google Project Zero CVE-2017-13784: Ivan Fratric of Google Project Zero CVE-2017-13783: Ivan Fratric of Google Project Zero CVE-2017-13788: xisigr of Tencent's Xuanwu Lab (tencent.com) CVE-2017-13798: Ivan Fratric of Google Project Zero CVE-2017-13795: Ivan Fratric of Google Project Zero CVE-2017-13802: Ivan Fratric of Google Project Zero CVE-2017-13792: Ivan Fratric of Google Project Zero CVE-2017-13794: Ivan Fratric of Google Project Zero CVE-2017-13791: Ivan Fratric of Google Project Zero CVE-2017-13796: Ivan Fratric of Google Project Zero CVE-2017-13793: Hanul Choi working with Trend Micro's Zero Day Initiative CVE-2017-13803: chenqin (陈钦) of Ant-financial Light-Year Security
Wi-Fi Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "11.1"
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0441",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1 (ipod touch no. 6 generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.13"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.2"
}
],
"sources": [
{
"db": "BID",
"id": "102099"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13844"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Beer of Google Project Zero, HyungSeok Han, and anonymous researcher.",
"sources": [
{
"db": "BID",
"id": "102099"
}
],
"trust": 0.3
},
"cve": "CVE-2017-13844",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-13844",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-104507",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-13844",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13844",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-393",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-104507",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104507"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state. Apple macOS is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to bypass security restrictions, execute arbitrary code and perform unauthorized action; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Messages is one of the application components for sending texts, photos and videos. A security vulnerability exists in the Messages component of Apple\u0027s iOS prior to 11.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update\n2017-002 Sierra, and Security Update 2017-005 El Capitan\n\nmacOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and\nSecurity Update 2017-005 El Capitan are now available and address\nthe following:\n\napache\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: Processing a maliciously crafted Apache configuration\ndirective may result in the disclosure of process memory\nDescription: Multiple issues were addressed by updating to\nversion 2.4.28. \nCVE-2017-9798\n\ncurl\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: Malicious FTP servers may be able to cause the client to read\nout-of-bounds memory\nDescription: An out-of-bounds read issue existed in the FTP PWD\nresponse parsing. This issue was addressed with improved bounds\nchecking. \nCVE-2017-1000254: Max Dymond\n\nDirectory Utility\nAvailable for: macOS High Sierra 10.13 and macOS High Sierra 10.13.1\nNot impacted: macOS Sierra 10.12.6 and earlier\nImpact: An attacker may be able to bypass administrator\nauthentication without supplying the administrator\u0027s password\nDescription: A logic error existed in the validation of credentials. \nThis was addressed with improved credential validation. \nCVE-2017-13872\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13883: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13878: Ian Beer of Google Project Zero\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2017-13875: Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13844: found by IMF developed by HyungSeok Han (daramg.gift)\nof SoftSec, KAIST (softsec.kaist.ac.kr)\n\nIOKit\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An input validation issue existed in the kernel. This\nissue was addressed through improved input validation. \nCVE-2017-13848: Alex Plaskett of MWR InfoSecurity\nCVE-2017-13858: an anonymous researcher\n\nIOKit\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: Multiple memory corruption issues were addressed through\nimproved state management. \nCVE-2017-13847: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13862: Apple\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2017-13833: Brandon Azad\n\nKernel\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13876: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2017-13855: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13867: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13865: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13868: Brandon Azad\nCVE-2017-13869: Jann Horn of Google Project Zero\n\nMail\nAvailable for: macOS High Sierra 10.13.1\nImpact: A S/MIME encrypted email may be inadvertently sent\nunencrypted if the receiver\u0027s S/MIME certificate is not installed\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13871: an anonymous researcher\n\nMail Drafts\nAvailable for: macOS High Sierra 10.13.1\nImpact: An attacker with a privileged network position may be able to\nintercept mail\nDescription: An encryption issue existed with S/MIME credetials. The\nissue was addressed with additional checks and user control. \nCVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH\n\nOpenSSL\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X\nEl Capitan 10.11.6\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read issue existed in\nX.509 IPAddressFamily parsing. This issue was addressed with improved\nbounds checking. \nCVE-2017-3735: found by OSS-Fuzz\n\nScreen Sharing Server\nAvailable for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6\nImpact: A user with screen sharing access may be able to access any\nfile readable by root\nDescription: A permissions issue existed in the handling of screen\nsharing sessions. This issue was addressed with improved permissions\nhandling. \nCVE-2017-13826: Trevor Jacques of Toronto\n\nInstallation note:\n\nmacOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and\nSecurity Update 2017-005 El Capitan may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlooN9kpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEbvlg/7\nBub6HL7Bv+9taMMz+3Rl2exjVIBv3fUflhpLh1524wFe6UjUyy4Z3X0t/LKogGwb\nGkHmcvDTK+85yLJeF0XQLHzzeITPrAiQ06FSnpzq6GjDEgczgbyJtw6aT4iagDgK\nNYfWnmU1XDjpx35kjEyyZblIxDHsvMJRelMdjx4w6In3Pgi+DG+ndYbK5hoaImOX\nYwaoc2xzGUXpnJU6Y5tkIbVBF4P4tZQcJJt6cfhTOcR9+ut87HQqc9mo1UGMUqAv\nz0kYZ4MtGRM4uDiVynkKxwj+NNtSVxwvf1mN2Jb7ApFt0lAfmS8L8xzI15NlbJxJ\noSuIvVi3pAhOkO7etaC/CLOxw+wRGaRbaf1i4VmaLI6HW2H2/vWiL1KDhHFIIfVq\nxBGday+yWkaS9o8B85QZy2GHxEFYxzMvArtzK3tBj2kZCuEcJis60CanwZOSbcsp\n4IlEKVGabMNwGwOVX22UwrLCtMzsqSVZpYyKy/m7n6DXnpspuWTohDmc68zq/4nj\n5LgGTFz8IUaT1ujQZq9g4siVeXzu0bsAgttauRlrWilUsDtpsv5s+dkGlXPFxbDf\nBuvNgqGSg/xz0QRGmJ7UA3g3L7fTvWhOzXnBOh7c45OpYT54tqGIEi6Bk72NyPz+\nioQ7LBPJE6RCSy5XZJ6x8YwSYp+kO8BBPaYsxSoxXCs=\n=2VBd\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-1 iOS 11.1\n\niOS 11.1 is now available and addresses the following:\n\nCoreText\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Processing a maliciously crafted text file may lead to an\nunexpected application termination\nDescription: A denial of service issue was addressed through improved\nmemory handling. \nCVE-2017-13799: an anonymous researcher\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A lock screen issue allowed access to photos via Reply\nWith Message on a locked device. \nCVE-2017-13844: Miguel Alvarado of iDeviceHelp INC\n\nSiri\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: A person with physical access to an iOS device may be able to\nuse Siri to read notifications of content that is set not to be\ndisplayed at the lock screen\nDescription: An issue existed with Siri permissions. \nCVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L. \n\nUIKit\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nImpact: Characters in a secure text field might be revealed\nDescription: The characters in a secure text field were revealed\nduring focus change events. \nCVE-2017-13785: Ivan Fratric of Google Project Zero\nCVE-2017-13784: Ivan Fratric of Google Project Zero\nCVE-2017-13783: Ivan Fratric of Google Project Zero\nCVE-2017-13788: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\nCVE-2017-13798: Ivan Fratric of Google Project Zero\nCVE-2017-13795: Ivan Fratric of Google Project Zero\nCVE-2017-13802: Ivan Fratric of Google Project Zero\nCVE-2017-13792: Ivan Fratric of Google Project Zero\nCVE-2017-13794: Ivan Fratric of Google Project Zero\nCVE-2017-13791: Ivan Fratric of Google Project Zero\nCVE-2017-13796: Ivan Fratric of Google Project Zero\nCVE-2017-13793: Hanul Choi working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2017-13803: chenqin (\u9648\u94a6) of Ant-financial Light-Year Security\n\nWi-Fi\nAvailable for: iPhone 7 and later, and iPad Pro 9.7-inch\n(early 2016) and later\nImpact: An attacker in Wi-Fi range may force nonce reuse in WPA\nclients (Key Reinstallation Attacks - KRACK)\nDescription: A logic issue existed in the handling of state\ntransitions. \nCVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU\nLeuven\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"11.1\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "BID",
"id": "102099"
},
{
"db": "VULHUB",
"id": "VHN-104507"
},
{
"db": "PACKETSTORM",
"id": "145270"
},
{
"db": "PACKETSTORM",
"id": "144860"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13844",
"trust": 3.0
},
{
"db": "BID",
"id": "102099",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039703",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU99000953",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-104507",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144860",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104507"
},
{
"db": "BID",
"id": "102099"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "PACKETSTORM",
"id": "145270"
},
{
"db": "PACKETSTORM",
"id": "144860"
},
{
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"id": "VAR-201711-0441",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104507"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:33:30.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT208222",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht208222"
},
{
"title": "HT208222",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht208222"
},
{
"title": "Apple iOS Messages Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76261"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104507"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "NVD",
"id": "CVE-2017-13844"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102099"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208222"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039703"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13844"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13844"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99000953/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-in/ht208331"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13878"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13796"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13849"
},
{
"trust": 0.1,
"url": "https://nmap.org/mailman/listinfo/fulldisclosure"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13794"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13080"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104507"
},
{
"db": "BID",
"id": "102099"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "PACKETSTORM",
"id": "145270"
},
{
"db": "PACKETSTORM",
"id": "144860"
},
{
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104507"
},
{
"db": "BID",
"id": "102099"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"db": "PACKETSTORM",
"id": "145270"
},
{
"db": "PACKETSTORM",
"id": "144860"
},
{
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-104507"
},
{
"date": "2017-12-07T00:00:00",
"db": "BID",
"id": "102099"
},
{
"date": "2017-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"date": "2017-12-08T10:11:11",
"db": "PACKETSTORM",
"id": "145270"
},
{
"date": "2017-11-02T23:31:30",
"db": "PACKETSTORM",
"id": "144860"
},
{
"date": "2017-11-13T03:29:02.367000",
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-104507"
},
{
"date": "2017-12-19T22:01:00",
"db": "BID",
"id": "102099"
},
{
"date": "2017-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010332"
},
{
"date": "2019-04-29T16:30:50.617000",
"db": "NVD",
"id": "CVE-2017-13844"
},
{
"date": "2019-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS of Messages Vulnerability in displaying arbitrary photos in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-393"
}
],
"trust": 0.6
}
}
GSD-2017-13844
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-13844",
"description": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.",
"id": "GSD-2017-13844"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-13844"
],
"details": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.",
"id": "GSD-2017-13844",
"modified": "2023-12-13T01:21:01.660346Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208222",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208222"
},
{
"name": "102099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102099"
},
{
"name": "1039703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039703"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13844"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208222",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT208222"
},
{
"name": "1039703",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039703"
},
{
"name": "102099",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102099"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2019-04-29T16:30Z",
"publishedDate": "2017-11-13T03:29Z"
}
}
}
FKIE_CVE-2017-13844
Vulnerability from fkie_nvd - Published: 2017-11-13 03:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.securityfocus.com/bid/102099 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | http://www.securitytracker.com/id/1039703 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://support.apple.com/HT208222 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102099 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039703 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT208222 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC194892-4EE5-4F92-93CB-19FB6E0BE235",
"versionEndExcluding": "11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.1 se han visto afectadas. El problema afecta al componente \"Messages\". Permite que los atacantes pr\u00f3ximos f\u00edsicamente visualicen fotos arbitrarias mediante una acci\u00f3n Reply With Message en el estado de bloqueo de pantalla."
}
],
"id": "CVE-2017-13844",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-13T03:29:02.367",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102099"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039703"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT208222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/HT208222"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q8MJ-F7WJ-V66H
Vulnerability from github – Published: 2022-05-14 01:06 – Updated: 2022-05-14 01:06
VLAI?
Details
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2017-13844"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-13T03:29:00Z",
"severity": "LOW"
},
"details": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"Messages\" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.",
"id": "GHSA-q8mj-f7wj-v66h",
"modified": "2022-05-14T01:06:14Z",
"published": "2022-05-14T01:06:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13844"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208222"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102099"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039703"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…