var-201705-3982
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-05-15-1 macOS 10.12.5
macOS 10.12.5 is now available and addresses the following:
802.1X Available for: macOS Sierra 10.12.4 Impact: A malicious network with 802.1X authentication may be able to capture user network credentials Description: A certificate validation issue existed in EAP-TLS when a certificate changed. This issue was addressed through improved certificate validation. CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company
Accessibility Framework Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6978: Ian Beer of Google Project Zero
CoreAnimation Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Processing maliciously crafted data may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-2527: Ian Beer of Google Project Zero
CoreAudio Available for: macOS Sierra 10.12.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
DiskArbitration Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6 Impact: An application may be able to gain system privileges Description: A race condition was addressed with additional filesystem restrictions. CVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative
HFS Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
iBooks Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted book may open arbitrary websites without user permission Description: A URL handling issue was addressed through improved state management. CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks Available for: macOS Sierra 10.12.4 Impact: An application may be able to execute arbitrary code with root privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
iBooks Available for: macOS Sierra 10.12.4 Impact: An application may be able to escape its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of Knownsec 404 Security Team
Intel Graphics Driver Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2503: sss and Axis of 360Nirvan team
IOGraphics Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
IOSurface Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6979: Adam Donenfeld of Zimperium zLabs
Kernel Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2494: Jann Horn of Google Project Zero
Kernel Available for: macOS Sierra 10.12.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2501: Ian Beer of Google Project Zero
Kernel Available for: macOS Sierra 10.12.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-2509: Jann Horn of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack
Kernel Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2516: Jann Horn of Google Project Zero
Kernel Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
Multi-Touch Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
Sandbox Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to escape its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2512: Federico Bento of Faculty of Sciences, University of Porto
Security Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to escape its sandbox Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative
Speech Framework Available for: macOS Sierra 10.12.4 Impact: An application may be able to escape its sandbox Description: An access issue was addressed through additional sandbox restrictions. CVE-2017-2534: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative
Speech Framework Available for: macOS Sierra 10.12.4 Impact: An application may be able to escape its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative
SQLite Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz
SQLite Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz
SQLite Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz
SQLite Available for: macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
TextInput Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero
WindowServer Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to gain system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative
WindowServer Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
Installation note:
macOS 10.12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs K2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW IRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A SzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO 4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf ZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS F7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA rX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I VZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX t4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu FKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq EYP8FFm3hsrGF6D9D4Sl =MYfD -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3982",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.5"
}
],
"sources": [
{
"db": "BID",
"id": "98483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6978"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tim Cappalli of Aruba, Ian Beer of Google Project Zero, Samuel Gro? and Niklas Baumstark, Chaitin Security Research Lab, evi1m0 of YSRC, sss and Axis of 360Nirvan team, 360 Security, Jann Horn, Federico Bento of Faculty of Sciences, Richard Zhu, and Team",
"sources": [
{
"db": "BID",
"id": "98483"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6978",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6978",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-115181",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6978",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6978",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-972",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115181",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115181"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Accessibility Framework\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS is prone to multiple security vulnerabilities. \nAn attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-05-15-1 macOS 10.12.5\n\nmacOS 10.12.5 is now available and addresses the following:\n\n802.1X\nAvailable for: macOS Sierra 10.12.4\nImpact: A malicious network with 802.1X authentication may be able to\ncapture user network credentials\nDescription: A certificate validation issue existed in EAP-TLS when a\ncertificate changed. This issue was addressed through improved\ncertificate validation. \nCVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise\ncompany\n\nAccessibility Framework\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to gain system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-6978: Ian Beer of Google Project Zero\n\nCoreAnimation\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Processing maliciously crafted data may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-2527: Ian Beer of Google Project Zero\n\nCoreAudio\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6\nImpact: An application may be able to gain system privileges\nDescription: A race condition was addressed with additional\nfilesystem restrictions. \nCVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\n\nHFS\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working\nwith Trend Micro\u0027s Zero Day Initiative\n\niBooks\nAvailable for: macOS Sierra 10.12.4\nImpact: A maliciously crafted book may open arbitrary websites\nwithout user permission\nDescription: A URL handling issue was addressed through improved\nstate management. \nCVE-2017-2497: Jun Kokatsu (@shhnjk)\n\niBooks\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to execute arbitrary code with\nroot privileges\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed through improved path\nsanitization. \nCVE-2017-6981: evi1m0 of YSRC (sec.ly.com)\n\niBooks\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to escape its sandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-6986: evi1m0 of YSRC (sec.ly.com) \u0026 Heige (SuperHei) of\nKnownsec 404 Security Team\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2503: sss and Axis of 360Nirvan team\n\nIOGraphics\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro\u0027s\nZero Day Initiative\n\nIOSurface\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-6979: Adam Donenfeld of Zimperium zLabs\n\nKernel\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2494: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed through improved locking. \nCVE-2017-2501: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-2507: Ian Beer of Google Project Zero\nCVE-2017-2509: Jann Horn of Google Project Zero\nCVE-2017-6987: Patrick Wardle of Synack\n\nKernel\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-2516: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working\nwith Trend Micro\u0027s Zero Day Initiative\n\nMulti-Touch\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro\u0027s\nZero Day Initiative\n\nNVIDIA Graphics Drivers\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon\nHuang (@HuangShaomang) of IceSword Lab of Qihoo 360\n\nSandbox\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to escape its sandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2512: Federico Bento of Faculty of Sciences, University of\nPorto\n\nSecurity\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to escape its sandbox\nDescription: A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\n\nSpeech Framework\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to escape its sandbox\nDescription: An access issue was addressed through additional sandbox\nrestrictions. \nCVE-2017-2534: Samuel GroA and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\n\nSpeech Framework\nAvailable for: macOS Sierra 10.12.4\nImpact: An application may be able to escape its sandbox\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\n\nSQLite\nAvailable for: macOS Sierra 10.12.4\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2513: found by OSS-Fuzz\n\nSQLite\nAvailable for: macOS Sierra 10.12.4\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2518: found by OSS-Fuzz\nCVE-2017-2520: found by OSS-Fuzz\n\nSQLite\nAvailable for: macOS Sierra 10.12.4\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2519: found by OSS-Fuzz\n\nSQLite\nAvailable for: macOS Sierra 10.12.4\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working\nwith Trend Micro\u0027s Zero Day Initiative\nCVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working\nwith Trend Micro\u0027s Zero Day Initiative\n\nTextInput\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Parsing maliciously crafted data may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2524: Ian Beer of Google Project Zero\n\nWindowServer\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to gain system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working\nwith Trend Micro\u0027s Zero Day Initiative\nCVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro\u0027s\nZero Day Initiative\nCVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend\nMicro\u0027s Zero Day Initiative\n\nWindowServer\nAvailable for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro\u0027s\nZero Day Initiative\n\nInstallation note:\n\nmacOS 10.12.5 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs\nK2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW\nIRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A\nSzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO\n4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf\nZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS\nF7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA\nrX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I\nVZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX\nt4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu\nFKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq\nEYP8FFm3hsrGF6D9D4Sl\n=MYfD\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "BID",
"id": "98483"
},
{
"db": "VULHUB",
"id": "VHN-115181"
},
{
"db": "PACKETSTORM",
"id": "142506"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-115181",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115181"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6978",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1038484",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42056",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU98089541",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972",
"trust": 0.7
},
{
"db": "BID",
"id": "98483",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-93151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142652",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-115181",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142506",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115181"
},
{
"db": "BID",
"id": "98483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "PACKETSTORM",
"id": "142506"
},
{
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"id": "VAR-201705-3982",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115181"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:14:54.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207797",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207797"
},
{
"title": "HT207797",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207797"
},
{
"title": "Apple macOS Sierra Accessibility Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70448"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115181"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "NVD",
"id": "CVE-2017-6978"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht207797"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/42056/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038484"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6978"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6978"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98089541/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2509"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2548"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2533"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2494"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2537"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6977"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2497"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115181"
},
{
"db": "BID",
"id": "98483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "PACKETSTORM",
"id": "142506"
},
{
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115181"
},
{
"db": "BID",
"id": "98483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"db": "PACKETSTORM",
"id": "142506"
},
{
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-115181"
},
{
"date": "2017-05-15T00:00:00",
"db": "BID",
"id": "98483"
},
{
"date": "2017-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"date": "2017-05-15T13:02:22",
"db": "PACKETSTORM",
"id": "142506"
},
{
"date": "2017-05-22T05:29:02.647000",
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"date": "2017-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-115181"
},
{
"date": "2017-05-15T00:00:00",
"db": "BID",
"id": "98483"
},
{
"date": "2017-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003816"
},
{
"date": "2017-08-13T01:29:21.443000",
"db": "NVD",
"id": "CVE-2017-6978"
},
{
"date": "2017-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X of Accessibility Framework Component vulnerable to arbitrary code execution in privileged context",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003816"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-972"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.