var-201707-1150
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code or gain sensitive information. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxpc is an open source implementation of one of the Apple XPC libraries. A memory corruption vulnerability exists in the libxpc component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.3.3; macOS Sierra prior to 10.12.6; tvOS prior to 10.2.2; watchOS prior to 3.2.3.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-07-19-2 macOS 10.12.6
macOS 10.12.6 is now available and addresses the following:
afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7016: riusksk (ae3aY=) of Tencent Security Platform Department
afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7033: riusksk (ae3aY=) of Tencent Security Platform Department
AppleGraphicsPowerManagement Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team
Audio Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7050: Min (Spark) Zheng of Alibaba Inc. CVE-2017-7051: Alex Plaskett of MWR InfoSecurity
Bluetooth Available for: macOS Sierra 10.12.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7054: Lufeng Li of Qihoo 360 Vulcan Team, Alex Plaskett of MWR InfoSecurity
Contacts Available for: macOS Sierra 10.12.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia)
CoreAudio Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved bounds checking. CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team
curl Available for: macOS Sierra 10.12.5 Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to version 7.54.0. CVE-2016-9586 CVE-2016-9594 CVE-2017-2629 CVE-2017-7468
Foundation Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7014: Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz CVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab (eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team CVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team
Intel Graphics Driver Available for: macOS Sierra 10.12.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team CVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team
IOUSBFamily Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team
Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7022: an anonymous researcher CVE-2017-7024: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7023: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7025: an anonymous researcher CVE-2017-7027: an anonymous researcher CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team
Kernel Available for: macOS Sierra 10.12.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7026: an anonymous researcher
Kernel Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7028: an anonymous researcher CVE-2017-7029: an anonymous researcher CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team
kext tools Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team
libarchive Available for: macOS Sierra 10.12.5 Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-7068: found by OSS-Fuzz
libxml2 Available for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7010: Apple CVE-2017-7013: found by OSS-Fuzz
libxpc Available for: macOS Sierra 10.12.5 and OS X El Capitan v10.11.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7047: Ian Beer of Google Project Zero
Wi-Fi Available for: macOS Sierra 10.12.5 Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
Additional recognition
curl We would like to acknowledge Dave Murdock of Tangerine Element for their assistance.
Installation note:
macOS 10.12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGe3QP/2EYqCofq3zbIdr8qyzqkFea S7TLjRwnRulKBO4/Cj4Qfkc5wp8g4gd6qs0SjpfHIMw5XWwwGSxtljQ+zPhd8Zie AtwDPcjNpNKzcdgs1guEUwkv9gLgDbS6xbCUEnld00lURTAWxtMEP3Ue5chaJMn7 GpYQx8ZDZ15D8cjbtvIYHjmhTEutiqWB0EAcEvuM3ov54oC7qlu7vpXzevcLw9j6 YwZZJz2MSIlhpQh466qBr1Eay+EdTF69D0F18Jlpx9M+QejpHBLy08vk3UypXkqs Jjf/FmqrSuSZrPwU+WOYaps6AvZ+pDMnJIBuWDw1BaI5hrx3KA8eyGSlzedTM7DG r+myZHjIt4EOuSK6rOyZnmTLJM7/gWOm4CpPPbyDNd10nJm5oDWuZnqMlBcC4X/8 99ks/lXKbxtwTVL4AHDb0+rKJ2N9Try5togURREkAC5cI/97+zKzQ9Qobu4iC8MN Yo9dwDDP77vxANrGAUbEJSAWBR+tkLJw1jIJhIXeb/Hhayw4J02qo6RzO9bMotcx RhsNAr3ZN/REBBzinUR13o605W7I3ktRZlc1K8aVQqj4doRLCUAw0TJXs2/4pkKI hdueKoFsS66nbgoThU6VmAkyPfYubvJuDEaZ5wzS1CZOHZSr2Hy5//YfY9UhRcBu RN8FF9CraIvShvn0urgd =wnAu -----END PGP SIGNATURE----- . This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered. CVE-2017-7018: lokihardt of Google Project Zero CVE-2017-7020: likemeng of Baidu Security Lab CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (eeeaea'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (eeeaea'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7037: lokihardt of Google Project Zero CVE-2017-7039: Ivan Fratric of Google Project Zero CVE-2017-7040: Ivan Fratric of Google Project Zero CVE-2017-7041: Ivan Fratric of Google Project Zero CVE-2017-7042: Ivan Fratric of Google Project Zero CVE-2017-7043: Ivan Fratric of Google Project Zero CVE-2017-7046: Ivan Fratric of Google Project Zero CVE-2017-7048: Ivan Fratric of Google Project Zero CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative CVE-2017-7055: The UK's National Cyber Security Centre (NCSC) CVE-2017-7056: lokihardt of Google Project Zero CVE-2017-7061: lokihardt of Google Project Zero
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
Installation note:
Apple TV will periodically check for software updates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.3 (ipad first 4 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.3 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.3 (ipod touch first 6 generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.2.2 (apple tv first 4 generation )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.2.3 (apple watch all models )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.5"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "security update yosemite",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0030"
},
{
"model": "security update el capitan",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "2017-0030"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.3"
}
],
"sources": [
{
"db": "BID",
"id": "99883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.12.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.3.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7047"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shashank (@cyberboyIndia),Proteas of Qihoo 360 Nirvan Team,Ian Beer of Google Project Zero,shrek_wzw of Qihoo 360 Nirvan Team,Anonymous.",
"sources": [
{
"db": "BID",
"id": "99883"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7047",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7047",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-115250",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7047",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7047",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-963",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115250",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7047",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"libxpc\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code or gain sensitive information. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. libxpc is an open source implementation of one of the Apple XPC libraries. A memory corruption vulnerability exists in the libxpc component of several Apple products. The following products and versions are affected: Apple iOS prior to 10.3.3; macOS Sierra prior to 10.12.6; tvOS prior to 10.2.2; watchOS prior to 3.2.3. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-2 macOS 10.12.6\n\nmacOS 10.12.6 is now available and addresses the following:\n\nafclip\nAvailable for: macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7016: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nafclip\nAvailable for: macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7033: riusksk (ae3aY=) of Tencent Security Platform\nDepartment\n\nAppleGraphicsPowerManagement\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team\n\nAudio\nAvailable for: macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7050: Min (Spark) Zheng of Alibaba Inc. \nCVE-2017-7051: Alex Plaskett of MWR InfoSecurity\n\nBluetooth\nAvailable for: macOS Sierra 10.12.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7054: Lufeng Li of Qihoo 360 Vulcan Team, Alex Plaskett of\nMWR InfoSecurity\n\nContacts\nAvailable for: macOS Sierra 10.12.5\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-7062: Shashank (@cyberboyIndia)\n\nCoreAudio\nAvailable for: macOS Sierra 10.12.5\nImpact: Processing a maliciously crafted movie file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nbounds checking. \nCVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team\n\ncurl\nAvailable for: macOS Sierra 10.12.5\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to version\n7.54.0. \nCVE-2016-9586\nCVE-2016-9594\nCVE-2017-2629\nCVE-2017-7468\n\nFoundation\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7014: Axis and sss of Qihoo 360 Nirvan Team, Lee of Minionz\nCVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*\u0027ae-aa1\u0027a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team\nCVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team\n\nIntel Graphics Driver\nAvailable for: macOS Sierra 10.12.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team\nCVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team\n\nIOUSBFamily\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7022: an anonymous researcher\nCVE-2017-7024: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7023: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7025: an anonymous researcher\nCVE-2017-7027: an anonymous researcher\nCVE-2017-7069: Proteas of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: macOS Sierra 10.12.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7026: an anonymous researcher\n\nKernel\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7028: an anonymous researcher\nCVE-2017-7029: an anonymous researcher\nCVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team\n\nkext tools\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team\n\nlibarchive\nAvailable for: macOS Sierra 10.12.5\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed through improved bounds\nchecking. \nCVE-2017-7068: found by OSS-Fuzz\n\nlibxml2\nAvailable for: macOS Sierra 10.12.5, OS X El Capitan v10.11.6,\nand OS X Yosemite v10.10.5\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \nCVE-2017-7010: Apple\nCVE-2017-7013: found by OSS-Fuzz\n\nlibxpc\nAvailable for: macOS Sierra 10.12.5 and OS X El Capitan v10.11.6\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7047: Ian Beer of Google Project Zero\n\nWi-Fi\nAvailable for: macOS Sierra 10.12.5\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nAdditional recognition\n\ncurl\nWe would like to acknowledge Dave Murdock of Tangerine Element for\ntheir assistance. \n\nInstallation note:\n\nmacOS 10.12.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGe3QP/2EYqCofq3zbIdr8qyzqkFea\nS7TLjRwnRulKBO4/Cj4Qfkc5wp8g4gd6qs0SjpfHIMw5XWwwGSxtljQ+zPhd8Zie\nAtwDPcjNpNKzcdgs1guEUwkv9gLgDbS6xbCUEnld00lURTAWxtMEP3Ue5chaJMn7\nGpYQx8ZDZ15D8cjbtvIYHjmhTEutiqWB0EAcEvuM3ov54oC7qlu7vpXzevcLw9j6\nYwZZJz2MSIlhpQh466qBr1Eay+EdTF69D0F18Jlpx9M+QejpHBLy08vk3UypXkqs\nJjf/FmqrSuSZrPwU+WOYaps6AvZ+pDMnJIBuWDw1BaI5hrx3KA8eyGSlzedTM7DG\nr+myZHjIt4EOuSK6rOyZnmTLJM7/gWOm4CpPPbyDNd10nJm5oDWuZnqMlBcC4X/8\n99ks/lXKbxtwTVL4AHDb0+rKJ2N9Try5togURREkAC5cI/97+zKzQ9Qobu4iC8MN\nYo9dwDDP77vxANrGAUbEJSAWBR+tkLJw1jIJhIXeb/Hhayw4J02qo6RzO9bMotcx\nRhsNAr3ZN/REBBzinUR13o605W7I3ktRZlc1K8aVQqj4doRLCUAw0TJXs2/4pkKI\nhdueKoFsS66nbgoThU6VmAkyPfYubvJuDEaZ5wzS1CZOHZSr2Hy5//YfY9UhRcBu\nRN8FF9CraIvShvn0urgd\n=wnAu\n-----END PGP SIGNATURE-----\n. This issue was addressed by not painting\nthe cross-origin buffer into the frame that gets filtered. \nCVE-2017-7018: lokihardt of Google Project Zero\nCVE-2017-7020: likemeng of Baidu Security Lab\nCVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*\u0027ae-aa1\u0027a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*\u0027ae-aa1\u0027a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7037: lokihardt of Google Project Zero\nCVE-2017-7039: Ivan Fratric of Google Project Zero\nCVE-2017-7040: Ivan Fratric of Google Project Zero\nCVE-2017-7041: Ivan Fratric of Google Project Zero\nCVE-2017-7042: Ivan Fratric of Google Project Zero\nCVE-2017-7043: Ivan Fratric of Google Project Zero\nCVE-2017-7046: Ivan Fratric of Google Project Zero\nCVE-2017-7048: Ivan Fratric of Google Project Zero\nCVE-2017-7052: cc working with Trend Micro\u0027s Zero Day Initiative\nCVE-2017-7055: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2017-7056: lokihardt of Google Project Zero\nCVE-2017-7061: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content with DOMParser may\nlead to cross site scripting\nDescription: A logic issue existed in the handling of DOMParser. This\nissue was addressed with improved state management. \nCVE-2017-9417: Nitay Artenstein of Exodus Intelligence\n\nInstallation note:\n\nApple TV will periodically check for software updates",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "BID",
"id": "99883"
},
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"db": "PACKETSTORM",
"id": "143433"
},
{
"db": "PACKETSTORM",
"id": "143432"
},
{
"db": "PACKETSTORM",
"id": "143434"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-115250",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42407",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "VULMON",
"id": "CVE-2017-7047"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7047",
"trust": 3.3
},
{
"db": "BID",
"id": "99883",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1038950",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "42407",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU91410779",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "143624",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115250",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7047",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143432",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143434",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"db": "BID",
"id": "99883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "PACKETSTORM",
"id": "143624"
},
{
"db": "PACKETSTORM",
"id": "143433"
},
{
"db": "PACKETSTORM",
"id": "143432"
},
{
"db": "PACKETSTORM",
"id": "143434"
},
{
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"id": "VAR-201707-1150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115250"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:54:22.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "HT207924",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207924"
},
{
"title": "HT207925",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207925"
},
{
"title": "HT207922",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207922"
},
{
"title": "HT207923",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht207923"
},
{
"title": "HT207922",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207922"
},
{
"title": "HT207923",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207923"
},
{
"title": "HT207924",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207924"
},
{
"title": "HT207925",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht207925"
},
{
"title": "Multiple Apple product libxpc Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71905"
},
{
"title": "Apple: watchOS 3.2.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=5634549e42bbf0a68a2c6b353c505542"
},
{
"title": "Apple: tvOS 10.2.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8ea18aa7d960ba86938d7736a49fedf4"
},
{
"title": "Apple: macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b4587fdf74b78bb8207139ef57386820"
},
{
"title": "Apple: iOS 10.3.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ff2b42f631bf42e786d7e9c18a208656"
},
{
"title": "MyArticles",
"trust": 0.1,
"url": "https://github.com/zhengmin1989/myarticles "
},
{
"title": "triple_fetch",
"trust": 0.1,
"url": "https://github.com/matteyeux/triple_fetch "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "NVD",
"id": "CVE-2017-7047"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/42407/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/99883"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207922"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207923"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207924"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht207925"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1038950"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7047"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7047"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91410779/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://gpgtools.org"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7009"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7028"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7029"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7024"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7022"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7026"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7023"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7027"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7025"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7008"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7010"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/zhengmin1989/myarticles"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht207925"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7021"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7045"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7030"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7006"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"db": "BID",
"id": "99883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "PACKETSTORM",
"id": "143624"
},
{
"db": "PACKETSTORM",
"id": "143433"
},
{
"db": "PACKETSTORM",
"id": "143432"
},
{
"db": "PACKETSTORM",
"id": "143434"
},
{
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115250"
},
{
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"db": "BID",
"id": "99883"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"db": "PACKETSTORM",
"id": "143624"
},
{
"db": "PACKETSTORM",
"id": "143433"
},
{
"db": "PACKETSTORM",
"id": "143432"
},
{
"db": "PACKETSTORM",
"id": "143434"
},
{
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-115250"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"date": "2017-07-19T00:00:00",
"db": "BID",
"id": "99883"
},
{
"date": "2017-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"date": "2017-08-02T00:00:01",
"db": "PACKETSTORM",
"id": "143624"
},
{
"date": "2017-07-20T15:22:22",
"db": "PACKETSTORM",
"id": "143433"
},
{
"date": "2017-07-20T18:32:22",
"db": "PACKETSTORM",
"id": "143432"
},
{
"date": "2017-07-20T23:44:44",
"db": "PACKETSTORM",
"id": "143434"
},
{
"date": "2017-07-20T16:29:01.817000",
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"date": "2017-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-115250"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7047"
},
{
"date": "2017-07-19T00:00:00",
"db": "BID",
"id": "99883"
},
{
"date": "2017-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005745"
},
{
"date": "2019-03-25T16:31:50.900000",
"db": "NVD",
"id": "CVE-2017-7047"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product libxpc Component vulnerable to arbitrary code execution in privileged context",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005745"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-963"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.