Sign-up

ID

VAR-201704-0797


CVE

CVE-2017-2474


TITLE

plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts

Trust: 0.8

sources: JVNDB: JVNDB-2017-002373

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app. iOS is a mobile operating system developed by Apple. Apple Corps first announced this system at the Macworld conference on January 9, 2007. It was originally designed for the iPhone and later applied to iPod touch, iPad, and Apple TV. tvOS is a system developed by Apple. Based on iOS, tvOS is an operating system designed for the fourth generation of Apple TV. MacOS is a set of operating systems running on Apple Macintosh computers. watchOS is a mobile operating system for the Apple Watch developed by Apple. It is based on the iOS operating system and has many similar features. Apple iOS, tvOS, macOS and watchOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, perform unauthorized actions and gain elevated privileges; this may aid in launching further attacks. Versions prior to iOS 10.3, watchOS 3.2, macOS 10.12.4, and tvOS 10.2 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-2474 // JVNDB: JVNDB-2017-002373 // CNVD: CNVD-2017-04929 // BID: 97137 // VULHUB: VHN-110677

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:iphone osscope:lteversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:10.1.1

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:3.1.3

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.9

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2

Trust: 0.6

vendor:applemodel:macosscope:ltversion:10.12.4

Trust: 0.6

vendor:applemodel:iosscope:ltversion:10.3

Trust: 0.6

vendor:applemodel:watchosscope:ltversion:3.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:3.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:10.2

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3

Trust: 0.3

sources: CNVD: CNVD-2017-04929 // BID: 97137 // JVNDB: JVNDB-2017-002373 // CNNVD: CNNVD-201704-105 // NVD: CVE-2017-2474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2474
value: HIGH

Trust: 1.0

NVD: CVE-2017-2474
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04929
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-105
value: HIGH

Trust: 0.6

VULHUB: VHN-110677
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2474
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04929
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110677
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2474
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04929 // VULHUB: VHN-110677 // JVNDB: JVNDB-2017-002373 // CNNVD: CNNVD-201704-105 // NVD: CVE-2017-2474

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-189

Trust: 0.9

sources: VULHUB: VHN-110677 // JVNDB: JVNDB-2017-002373 // NVD: CVE-2017-2474

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-105

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201704-105

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002373

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-110677

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207602url:https://support.apple.com/en-us/HT207602
Trust: 0.8
title:HT207601url:https://support.apple.com/en-us/HT207601
Trust: 0.8
title:HT207617url:https://support.apple.com/en-us/HT207617
Trust: 0.8
title:HT207615url:https://support.apple.com/en-us/HT207615
Trust: 0.8
title:HT207617url:https://support.apple.com/ja-jp/HT207617
Trust: 0.8
title:HT207615url:https://support.apple.com/ja-jp/HT207615
Trust: 0.8
title:HT207602url:https://support.apple.com/ja-jp/HT207602
Trust: 0.8
title:HT207601url:https://support.apple.com/ja-jp/HT207601
Trust: 0.8
title:Patch for Apple iOS / tvOS / macOS / watchOS arbitrary code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/92233
Trust: 0.6
title:Multiple Apple product Kernel Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68998
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04929 // 
            
            
            
            JVNDB: JVNDB-2017-002373 // 
            
            
            
            CNNVD: CNNVD-201704-105

EXTERNAL IDS
db:NVDid:CVE-2017-2474
Trust: 3.4
db:BIDid:97137
Trust: 2.0
db:SECTRACKid:1038138
Trust: 1.7
db:EXPLOIT-DBid:41793
Trust: 1.7
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002373
Trust: 0.8
db:CNNVDid:CNNVD-201704-105
Trust: 0.7
db:CNVDid:CNVD-2017-04929
Trust: 0.6
db:SEEBUGid:SSVID-92890
Trust: 0.1
db:PACKETSTORMid:141976
Trust: 0.1
db:VULHUBid:VHN-110677
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04929 // 
            
            
            
            VULHUB: VHN-110677 // 
            
            
            
            BID: 97137 // 
            
            
            
            JVNDB: JVNDB-2017-002373 // 
            
            
            
            CNNVD: CNNVD-201704-105 // 
            
            
            
            NVD: CVE-2017-2474

REFERENCES
url:http://www.securityfocus.com/bid/97137
Trust: 2.3
url:https://support.apple.com/ht207601
Trust: 1.7
url:https://support.apple.com/ht207602
Trust: 1.7
url:https://support.apple.com/ht207615
Trust: 1.7
url:https://support.apple.com/ht207617
Trust: 1.7
url:https://www.exploit-db.com/exploits/41793/
Trust: 1.7
url:http://www.securitytracker.com/id/1038138
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-2474
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2474
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/watchos-2/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-us/ht201222
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04929 // 
            
            
            
            VULHUB: VHN-110677 // 
            
            
            
            BID: 97137 // 
            
            
            
            JVNDB: JVNDB-2017-002373 // 
            
            
            
            CNNVD: CNNVD-201704-105 // 
            
            
            
            NVD: CVE-2017-2474

CREDITS
John Villamil, Doyensec, riusksk of Tencent Security Platform Department, Omer Medan of enSilo Ltd, Lufeng Li of Qihoo 360 Vulcan Team, Qidan He of KeenLab Tencent, an anonymous researcher working with Trend Micro??s Zero Day Initiative, John Villamil of
Trust: 0.3
sources:
            
            
            BID: 97137

SOURCES
db:CNVDid:CNVD-2017-04929
db:VULHUBid:VHN-110677
db:BIDid:97137
db:JVNDBid:JVNDB-2017-002373
db:CNNVDid:CNNVD-201704-105
db:NVDid:CVE-2017-2474

LAST UPDATE DATE
2024-11-23T21:16:27.442000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04929date:2017-04-21T00:00:00
db:VULHUBid:VHN-110677date:2019-10-03T00:00:00
db:BIDid:97137date:2017-03-29T00:02:00
db:JVNDBid:JVNDB-2017-002373date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-105date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2474date:2024-11-21T03:23:35.960

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04929date:2017-04-21T00:00:00
db:VULHUBid:VHN-110677date:2017-04-02T00:00:00
db:BIDid:97137date:2017-03-27T00:00:00
db:JVNDBid:JVNDB-2017-002373date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-105date:2017-04-06T00:00:00
db:NVDid:CVE-2017-2474date:2017-04-02T01:59:03.513