cvelistv5 - cve-2017-7063

CVE-2017-7063 (GCVE-0-2017-7063)

Vulnerability from cvelistv5 – Published: 2017-07-20 16:00 – Updated: 2024-08-05 15:49

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT207925	x_refsource_CONFIRM
	https://support.apple.com/HT207923	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038950	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/99881	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:49:02.902Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207925"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207923"
          },
          {
            "name": "1038950",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038950"
          },
          {
            "name": "99881",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99881"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-21T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207925"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207923"
        },
        {
          "name": "1038950",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038950"
        },
        {
          "name": "99881",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99881"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7063",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207925",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207925"
            },
            {
              "name": "https://support.apple.com/HT207923",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207923"
            },
            {
              "name": "1038950",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038950"
            },
            {
              "name": "99881",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99881"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2017-7063",
    "datePublished": "2017-07-20T16:00:00",
    "dateReserved": "2017-03-17T00:00:00",
    "dateUpdated": "2024-08-05T15:49:02.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.3.2\", \"matchCriteriaId\": \"859CEE41-0336-40DF-A9EF-C3CF2315D023\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.2.2\", \"matchCriteriaId\": \"7700B09A-5980-4112-9F22-47285E293398\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \\\"Messages\\\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en ciertos productos de Apple. iOS anterior a  la versi\\u00f3n 10.3.3 est\\u00e1 afectado. WatchOS anterior a la versi\\u00f3n 3.2.3 est\\u00e1 afectado. El problema involucra el componente \\\"Messages\\\". Permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (consumo de memoria y bloqueo de aplicaci\\u00f3n).\"}]",
      "id": "CVE-2017-7063",
      "lastModified": "2024-11-21T03:31:05.877",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-07-20T16:29:02.427",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99881\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038950\", \"source\": \"product-security@apple.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT207923\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207925\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99881\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038950\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/HT207923\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT207925\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7063\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-07-20T16:29:02.427\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \\\"Messages\\\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en ciertos productos de Apple. iOS anterior a  la versi\u00f3n 10.3.3 est\u00e1 afectado. WatchOS anterior a la versi\u00f3n 3.2.3 est\u00e1 afectado. El problema involucra el componente \\\"Messages\\\". Permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y bloqueo de aplicaci\u00f3n).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.3.2\",\"matchCriteriaId\":\"859CEE41-0336-40DF-A9EF-C3CF2315D023\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.2\",\"matchCriteriaId\":\"7700B09A-5980-4112-9F22-47285E293398\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99881\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038950\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207923\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207925\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207925\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-16959

Vulnerability from cnvd - Published: 2017-07-27

Title

Apple iOS和watchOS Messages拒绝服务漏洞

Description

Apple iOS和watchOS都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；Apple watchOS是一套智能手表操作系统。Messages是其中的一个用于发送的文本、照片和视频的应用程序组件。 Apple iOS 10.3.3之前的版本和watchOS 3.2.3之前的版本中的Messages组件存在拒绝服务漏洞。远程攻击者可利用该漏洞造成拒绝服务（内存消耗和应用程序崩溃）。

Severity

中

Patch Name

Apple iOS和watchOS Messages拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT207923

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-7063

Impacted products

Name
['Apple IOS <10.3.3', 'Apple watchOS <3.2.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7063"
    }
  },
  "description": "Apple iOS\u548cwatchOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bApple watchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002Messages\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7684\u6587\u672c\u3001\u7167\u7247\u548c\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 10.3.3\u4e4b\u524d\u7684\u7248\u672c\u548cwatchOS 3.2.3\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Messages\u7ec4\u4ef6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u6d88\u8017\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
  "discovererName": "Shashank (@cyberboyIndia)",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT207923",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-16959",
  "openTime": "2017-07-27",
  "patchDescription": "Apple iOS\u548cwatchOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bApple watchOS\u662f\u4e00\u5957\u667a\u80fd\u624b\u8868\u64cd\u4f5c\u7cfb\u7edf\u3002Messages\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u53d1\u9001\u7684\u6587\u672c\u3001\u7167\u7247\u548c\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u7ec4\u4ef6\u3002\r\n\r\nApple iOS 10.3.3\u4e4b\u524d\u7684\u7248\u672c\u548cwatchOS 3.2.3\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Messages\u7ec4\u4ef6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u6d88\u8017\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS\u548cwatchOS Messages\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c10.3.3",
      "Apple watchOS \u003c3.2.3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-7063",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-21",
  "title": "Apple iOS\u548cwatchOS Messages\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CERTFR-2017-AVI-229

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 3.2.3
Apple	N/A	Yosemite sans le correctif de sécurité 2017-003
Apple	N/A	iCloud pour Windows versions antérieures à 6.2.2
Apple	Safari	Safari versions antérieures à 10.1.2
Apple	macOS	macOS Sierra verions antérieures à 10.12.6
Apple	N/A	iTunes pour Windows versions antérieures à 12.6.2
Apple	N/A	El Capitan sans le correctif de sécurité 2017-003
Apple	N/A	tvOS versions antérieures à 10.2.2
Apple	N/A	iOS versions antérieures à 10.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207923 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207927 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207925 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207924 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207928 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207922 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207921 du 19 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 3.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Yosemite sans le correctif de s\u00e9curit\u00e9 2017-003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra verions ant\u00e9rieures \u00e0 10.12.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "El Capitan sans le correctif de s\u00e9curit\u00e9 2017-003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 10.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 10.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7016"
    },
    {
      "name": "CVE-2017-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7008"
    },
    {
      "name": "CVE-2017-7037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7037"
    },
    {
      "name": "CVE-2017-7017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7017"
    },
    {
      "name": "CVE-2017-7011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7011"
    },
    {
      "name": "CVE-2017-7023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7023"
    },
    {
      "name": "CVE-2017-7056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7056"
    },
    {
      "name": "CVE-2017-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2517"
    },
    {
      "name": "CVE-2017-7029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7029"
    },
    {
      "name": "CVE-2017-7054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7054"
    },
    {
      "name": "CVE-2017-7025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7025"
    },
    {
      "name": "CVE-2017-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7021"
    },
    {
      "name": "CVE-2017-7047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7047"
    },
    {
      "name": "CVE-2017-7041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7041"
    },
    {
      "name": "CVE-2017-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7069"
    },
    {
      "name": "CVE-2017-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7064"
    },
    {
      "name": "CVE-2016-9594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9594"
    },
    {
      "name": "CVE-2017-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7067"
    },
    {
      "name": "CVE-2017-7045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7045"
    },
    {
      "name": "CVE-2017-7015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7015"
    },
    {
      "name": "CVE-2017-7048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7048"
    },
    {
      "name": "CVE-2017-8248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8248"
    },
    {
      "name": "CVE-2017-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7039"
    },
    {
      "name": "CVE-2017-7043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7043"
    },
    {
      "name": "CVE-2017-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7059"
    },
    {
      "name": "CVE-2017-7024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7024"
    },
    {
      "name": "CVE-2017-9417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
    },
    {
      "name": "CVE-2017-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7060"
    },
    {
      "name": "CVE-2017-7031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7031"
    },
    {
      "name": "CVE-2017-7036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7036"
    },
    {
      "name": "CVE-2017-7050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7050"
    },
    {
      "name": "CVE-2017-7044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7044"
    },
    {
      "name": "CVE-2017-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7068"
    },
    {
      "name": "CVE-2017-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7061"
    },
    {
      "name": "CVE-2017-7468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7468"
    },
    {
      "name": "CVE-2017-2629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2629"
    },
    {
      "name": "CVE-2017-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7063"
    },
    {
      "name": "CVE-2017-7026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7026"
    },
    {
      "name": "CVE-2017-7058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7058"
    },
    {
      "name": "CVE-2017-7009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7009"
    },
    {
      "name": "CVE-2017-7010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7010"
    },
    {
      "name": "CVE-2017-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7055"
    },
    {
      "name": "CVE-2017-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7042"
    },
    {
      "name": "CVE-2017-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7040"
    },
    {
      "name": "CVE-2017-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7053"
    },
    {
      "name": "CVE-2017-7038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7038"
    },
    {
      "name": "CVE-2017-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7020"
    },
    {
      "name": "CVE-2017-7019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7019"
    },
    {
      "name": "CVE-2017-7027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7027"
    },
    {
      "name": "CVE-2017-7052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7052"
    },
    {
      "name": "CVE-2017-7046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7046"
    },
    {
      "name": "CVE-2017-7007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7007"
    },
    {
      "name": "CVE-2017-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7062"
    },
    {
      "name": "CVE-2016-9586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
    },
    {
      "name": "CVE-2017-7012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7012"
    },
    {
      "name": "CVE-2017-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7018"
    },
    {
      "name": "CVE-2017-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7006"
    },
    {
      "name": "CVE-2017-7014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7014"
    },
    {
      "name": "CVE-2017-7049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7049"
    },
    {
      "name": "CVE-2017-7051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7051"
    },
    {
      "name": "CVE-2017-7034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7034"
    },
    {
      "name": "CVE-2017-7013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7013"
    },
    {
      "name": "CVE-2017-7022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7022"
    },
    {
      "name": "CVE-2017-7030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7030"
    },
    {
      "name": "CVE-2017-7028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7028"
    },
    {
      "name": "CVE-2017-7033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7033"
    },
    {
      "name": "CVE-2017-7032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7032"
    },
    {
      "name": "CVE-2017-7035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7035"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-229",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207923 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207923"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207927 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT20797"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207925 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207925"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207924 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207924"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207928 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT20798"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207922 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207922"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207921 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207921"
    }
  ]
}

CERTFR-2017-AVI-229

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 3.2.3
Apple	N/A	Yosemite sans le correctif de sécurité 2017-003
Apple	N/A	iCloud pour Windows versions antérieures à 6.2.2
Apple	Safari	Safari versions antérieures à 10.1.2
Apple	macOS	macOS Sierra verions antérieures à 10.12.6
Apple	N/A	iTunes pour Windows versions antérieures à 12.6.2
Apple	N/A	El Capitan sans le correctif de sécurité 2017-003
Apple	N/A	tvOS versions antérieures à 10.2.2
Apple	N/A	iOS versions antérieures à 10.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT207923 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207927 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207925 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207924 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207928 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207922 du 19 juillet 2017	None	vendor-advisory
Bulletin de sécurité Apple HT207921 du 19 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 3.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Yosemite sans le correctif de s\u00e9curit\u00e9 2017-003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 10.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sierra verions ant\u00e9rieures \u00e0 10.12.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "El Capitan sans le correctif de s\u00e9curit\u00e9 2017-003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 10.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 10.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7016"
    },
    {
      "name": "CVE-2017-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7008"
    },
    {
      "name": "CVE-2017-7037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7037"
    },
    {
      "name": "CVE-2017-7017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7017"
    },
    {
      "name": "CVE-2017-7011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7011"
    },
    {
      "name": "CVE-2017-7023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7023"
    },
    {
      "name": "CVE-2017-7056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7056"
    },
    {
      "name": "CVE-2017-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2517"
    },
    {
      "name": "CVE-2017-7029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7029"
    },
    {
      "name": "CVE-2017-7054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7054"
    },
    {
      "name": "CVE-2017-7025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7025"
    },
    {
      "name": "CVE-2017-7021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7021"
    },
    {
      "name": "CVE-2017-7047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7047"
    },
    {
      "name": "CVE-2017-7041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7041"
    },
    {
      "name": "CVE-2017-7069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7069"
    },
    {
      "name": "CVE-2017-7064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7064"
    },
    {
      "name": "CVE-2016-9594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9594"
    },
    {
      "name": "CVE-2017-7067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7067"
    },
    {
      "name": "CVE-2017-7045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7045"
    },
    {
      "name": "CVE-2017-7015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7015"
    },
    {
      "name": "CVE-2017-7048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7048"
    },
    {
      "name": "CVE-2017-8248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8248"
    },
    {
      "name": "CVE-2017-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7039"
    },
    {
      "name": "CVE-2017-7043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7043"
    },
    {
      "name": "CVE-2017-7059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7059"
    },
    {
      "name": "CVE-2017-7024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7024"
    },
    {
      "name": "CVE-2017-9417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
    },
    {
      "name": "CVE-2017-7060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7060"
    },
    {
      "name": "CVE-2017-7031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7031"
    },
    {
      "name": "CVE-2017-7036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7036"
    },
    {
      "name": "CVE-2017-7050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7050"
    },
    {
      "name": "CVE-2017-7044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7044"
    },
    {
      "name": "CVE-2017-7068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7068"
    },
    {
      "name": "CVE-2017-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7061"
    },
    {
      "name": "CVE-2017-7468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7468"
    },
    {
      "name": "CVE-2017-2629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2629"
    },
    {
      "name": "CVE-2017-7063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7063"
    },
    {
      "name": "CVE-2017-7026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7026"
    },
    {
      "name": "CVE-2017-7058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7058"
    },
    {
      "name": "CVE-2017-7009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7009"
    },
    {
      "name": "CVE-2017-7010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7010"
    },
    {
      "name": "CVE-2017-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7055"
    },
    {
      "name": "CVE-2017-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7042"
    },
    {
      "name": "CVE-2017-7040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7040"
    },
    {
      "name": "CVE-2017-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7053"
    },
    {
      "name": "CVE-2017-7038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7038"
    },
    {
      "name": "CVE-2017-7020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7020"
    },
    {
      "name": "CVE-2017-7019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7019"
    },
    {
      "name": "CVE-2017-7027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7027"
    },
    {
      "name": "CVE-2017-7052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7052"
    },
    {
      "name": "CVE-2017-7046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7046"
    },
    {
      "name": "CVE-2017-7007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7007"
    },
    {
      "name": "CVE-2017-7062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7062"
    },
    {
      "name": "CVE-2016-9586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
    },
    {
      "name": "CVE-2017-7012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7012"
    },
    {
      "name": "CVE-2017-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7018"
    },
    {
      "name": "CVE-2017-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7006"
    },
    {
      "name": "CVE-2017-7014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7014"
    },
    {
      "name": "CVE-2017-7049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7049"
    },
    {
      "name": "CVE-2017-7051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7051"
    },
    {
      "name": "CVE-2017-7034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7034"
    },
    {
      "name": "CVE-2017-7013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7013"
    },
    {
      "name": "CVE-2017-7022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7022"
    },
    {
      "name": "CVE-2017-7030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7030"
    },
    {
      "name": "CVE-2017-7028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7028"
    },
    {
      "name": "CVE-2017-7033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7033"
    },
    {
      "name": "CVE-2017-7032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7032"
    },
    {
      "name": "CVE-2017-7035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7035"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-229",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207923 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207923"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207927 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT20797"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207925 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207925"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207924 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207924"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207928 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT20798"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207922 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207922"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT207921 du 19 juillet 2017",
      "url": "https://support.apple.com/en-us/HT207921"
    }
  ]
}

VAR-201707-1165

Vulnerability from variot - Updated: 2023-12-18 11:02

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash). Apple iOS/watchOS are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to iOS 10.3.3 and watchOS 3.2.3 are vulnerable. Apple iOS is an operating system developed for mobile devices; Apple watchOS is an operating system for smart watches. Messages is one of the application components for sending texts, photos and videos. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-07-19-3 watchOS 3.2.2

watchOS 3.2.2 is now available and addresses the following:

Contacts Available for: All Apple Watch models Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia)

IOUSBFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7022: an anonymous researcher CVE-2017-7024: an anonymous researcher CVE-2017-7026: an anonymous researcher

Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7023: an anonymous researcher CVE-2017-7025: an anonymous researcher CVE-2017-7027: an anonymous researcher CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7028: an anonymous researcher CVE-2017-7029: an anonymous researcher

libarchive Available for: All Apple Watch models Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-7068: found by OSS-Fuzz

libxml2 Available for: All Apple Watch models Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7013: found by OSS-Fuzz

libxpc Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7047: Ian Beer of Google Project Zero

Messages Available for: All Apple Watch models Impact: A remote attacker may cause an unexpected application termination Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-7063: Shashank (@cyberboyIndia)

Wi-Fi Available for: All Apple Watch models Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About".

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGds4P/jn6yqMh+cw1dYmhfloU/XGi J4Q6JbGTWLBvacsucsneTvDW6EtuZUWTENaRsndj3HFK+awwEcdfx/MkEO7LaDfQ 0cVBkij5+V0hEn3e6eNItTdKZ85h5C4zjEE76BPw6hqcCuf9t3ZqDtyubKKXb3V+ 6D6l64G/m5krs/bB65Evj/XSd3d1vNLQ03zYCKjfgqpI5P/pFv2PEdzOnH8oWYz8 mVcqQW6sRgiFsIq4W88qP1WaQmDLVlYdoPqfd+a98JoGDUebi6PcgxxJl9fXFIo6 jv0zBoXr2begOJFSo3duxOPxlnLienv+qNScdENTDgZORcJ8loALtnCN5ICWIGcE K1eqNW63nNK0Gq1EhMXMT3MktgbP8BJEc8pEs82U73XD9DVgYKcCGGNzfj7qFQAm GE18IEd20h+0N/Irk+TN+9pYf+Vf+7RNA4naRfLBOsiTRZjmDJ3ds9LWawle5Rlx hR9mznsR3zqhh6vBDvIt9vSEJXV5X61hkTe7Q4jHkHj04XLUidMWkI47BqLGYTK6 jtEHF/4Mk5A+KG+jjpxZs6LtweTQqudQSqnDXtJlE1LRJ4b1jHNNUUm05tx2lGxi zrDgNGFQtzZ0Gds9wXQjpE5eFNa7X2VUArqHiJUHnoxLMvLtBVMa7vuTvyrPGdnb QvBYRDybEp8yUkxd8seM =Ci3F -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1165",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "watchos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (ipad first  4 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (iphone 5 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.3.3   (ipod touch first  6 generation )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3.2.3   (apple watch all models )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "watch sport",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watch hermes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watch edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "watch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "watchos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.3.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99881"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shashank (@cyberboyIndia)",
    "sources": [
      {
        "db": "BID",
        "id": "99881"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7063",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-7063",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-115266",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-7063",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-7063",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-948",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115266",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash). Apple iOS/watchOS are prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to iOS 10.3.3 and watchOS 3.2.3 are vulnerable. Apple iOS is an operating system developed for mobile devices; Apple watchOS is an operating system for smart watches. Messages is one of the application components for sending texts, photos and videos. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-3 watchOS 3.2.2\n\nwatchOS 3.2.2 is now available and addresses the following:\n\nContacts\nAvailable for:  All Apple Watch models\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-7062: Shashank (@cyberboyIndia)\n\nIOUSBFamily\nAvailable for:  All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7022: an anonymous researcher\nCVE-2017-7024: an anonymous researcher\nCVE-2017-7026: an anonymous researcher\n\nKernel\nAvailable for:  All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7023: an anonymous researcher\nCVE-2017-7025: an anonymous researcher\nCVE-2017-7027: an anonymous researcher\nCVE-2017-7069: Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for:  All Apple Watch models\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7028: an anonymous researcher\nCVE-2017-7029: an anonymous researcher\n\nlibarchive\nAvailable for:  All Apple Watch models\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-7068: found by OSS-Fuzz\n\nlibxml2\nAvailable for:  All Apple Watch models\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2017-7013: found by OSS-Fuzz\n\nlibxpc\nAvailable for:  All Apple Watch models\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7047: Ian Beer of Google Project Zero\n\nMessages\nAvailable for:  All Apple Watch models\nImpact: A remote attacker may cause an unexpected application\ntermination\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-7063: Shashank (@cyberboyIndia)\n\nWi-Fi\nAvailable for:  All Apple Watch models\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGds4P/jn6yqMh+cw1dYmhfloU/XGi\nJ4Q6JbGTWLBvacsucsneTvDW6EtuZUWTENaRsndj3HFK+awwEcdfx/MkEO7LaDfQ\n0cVBkij5+V0hEn3e6eNItTdKZ85h5C4zjEE76BPw6hqcCuf9t3ZqDtyubKKXb3V+\n6D6l64G/m5krs/bB65Evj/XSd3d1vNLQ03zYCKjfgqpI5P/pFv2PEdzOnH8oWYz8\nmVcqQW6sRgiFsIq4W88qP1WaQmDLVlYdoPqfd+a98JoGDUebi6PcgxxJl9fXFIo6\njv0zBoXr2begOJFSo3duxOPxlnLienv+qNScdENTDgZORcJ8loALtnCN5ICWIGcE\nK1eqNW63nNK0Gq1EhMXMT3MktgbP8BJEc8pEs82U73XD9DVgYKcCGGNzfj7qFQAm\nGE18IEd20h+0N/Irk+TN+9pYf+Vf+7RNA4naRfLBOsiTRZjmDJ3ds9LWawle5Rlx\nhR9mznsR3zqhh6vBDvIt9vSEJXV5X61hkTe7Q4jHkHj04XLUidMWkI47BqLGYTK6\njtEHF/4Mk5A+KG+jjpxZs6LtweTQqudQSqnDXtJlE1LRJ4b1jHNNUUm05tx2lGxi\nzrDgNGFQtzZ0Gds9wXQjpE5eFNa7X2VUArqHiJUHnoxLMvLtBVMa7vuTvyrPGdnb\nQvBYRDybEp8yUkxd8seM\n=Ci3F\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "BID",
        "id": "99881"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "db": "PACKETSTORM",
        "id": "143433"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7063",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "99881",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038950",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91410779",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-115266",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143433",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "db": "BID",
        "id": "99881"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "PACKETSTORM",
        "id": "143433"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "id": "VAR-201707-1165",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:02:27.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "HT207923",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207923"
      },
      {
        "title": "HT207925",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht207925"
      },
      {
        "title": "HT207923",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207923"
      },
      {
        "title": "HT207925",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht207925"
      },
      {
        "title": "Apple iOS  and watchOS Messages Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71890"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99881"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207923"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht207925"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038950"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7063"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7063"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91410779/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/watchos-2/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht207923"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht207925"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7009"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7028"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7024"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7062"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9417"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7069"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7047"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7025"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "db": "BID",
        "id": "99881"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "PACKETSTORM",
        "id": "143433"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "db": "BID",
        "id": "99881"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "db": "PACKETSTORM",
        "id": "143433"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99881"
      },
      {
        "date": "2017-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "date": "2017-07-20T15:22:22",
        "db": "PACKETSTORM",
        "id": "143433"
      },
      {
        "date": "2017-07-20T16:29:02.427000",
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "date": "2017-07-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115266"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "BID",
        "id": "99881"
      },
      {
        "date": "2017-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-7063"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple iOS and  watchOS of  Messages Service disruption in components  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005735"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-948"
      }
    ],
    "trust": 0.6
  }
}

GSD-2017-7063

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7063

Aliases

CVE-2017-7063

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7063",
    "description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).",
    "id": "GSD-2017-7063"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7063"
      ],
      "details": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).",
      "id": "GSD-2017-7063",
      "modified": "2023-12-13T01:21:06.852163Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-7063",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT207925",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207925"
          },
          {
            "name": "https://support.apple.com/HT207923",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207923"
          },
          {
            "name": "1038950",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038950"
          },
          {
            "name": "99881",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99881"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7063"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT207925",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207925"
            },
            {
              "name": "https://support.apple.com/HT207923",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT207923"
            },
            {
              "name": "1038950",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038950"
            },
            {
              "name": "99881",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99881"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-07-20T16:29Z"
    }
  }
}

GHSA-XP35-9CRR-2X99

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-20T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).",
  "id": "GHSA-xp35-9crr-2x99",
  "modified": "2022-05-13T01:46:50Z",
  "published": "2022-05-13T01:46:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7063"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207923"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207925"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99881"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038950"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-7063

Vulnerability from fkie_nvd - Published: 2017-07-20 16:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/99881	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1038950	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT207923	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT207925	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99881	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038950	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207923	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207925	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	iphone_os	*
	apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "859CEE41-0336-40DF-A9EF-C3CF2315D023",
              "versionEndIncluding": "10.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7700B09A-5980-4112-9F22-47285E293398",
              "versionEndIncluding": "3.2.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (memory consumption and application crash)."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en ciertos productos de Apple. iOS anterior a  la versi\u00f3n 10.3.3 est\u00e1 afectado. WatchOS anterior a la versi\u00f3n 3.2.3 est\u00e1 afectado. El problema involucra el componente \"Messages\". Permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y bloqueo de aplicaci\u00f3n)."
    }
  ],
  "id": "CVE-2017-7063",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-20T16:29:02.427",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99881"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038950"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207923"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207923"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT207925"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7063 (GCVE-0-2017-7063)

CNVD-2017-16959

CERTFR-2017-AVI-229

Solution

CERTFR-2017-AVI-229

Solution

VAR-201707-1165

GSD-2017-7063

GHSA-XP35-9CRR-2X99

FKIE_CVE-2017-7063

Tags

Sightings

Nomenclature