Details of VAR-201704-0805

ID

VAR-201704-0805

CVE

CVE-2017-2482

TITLE

plural Apple Buffer overflow vulnerability in product kernel component

Trust: 0.8

sources: JVNDB: JVNDB-2017-002360

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app. iOS is a mobile operating system developed by Apple. Apple Corps first announced this system at the Macworld conference on January 9, 2007. It was originally designed for the iPhone and later applied to iPod touch, iPad, and Apple TV. tvOS is a system developed by Apple. Based on iOS, tvOS is an operating system designed for the fourth generation of Apple TV. MacOS is a set of operating systems running on Apple Macintosh computers. watchOS is a mobile operating system for the Apple Watch developed by Apple. It is based on the iOS operating system and has many similar features. Apple iOS, tvOS, macOS and watchOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, perform unauthorized actions and gain elevated privileges; this may aid in launching further attacks. Versions prior to iOS 10.3, watchOS 3.2, macOS 10.12.4, and tvOS 10.2 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-2482 // JVNDB: JVNDB-2017-002360 // CNVD: CNVD-2017-04927 // BID: 97137 // VULHUB: VHN-110685

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.3	Trust: 1.4
vendor:	apple	model:	iphone os	scope:	lte	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.3	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.3	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.2 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	3.2 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.2	Trust: 0.6
vendor:	apple	model:	macos	scope:	lt	version:	10.12.4	Trust: 0.6
vendor:	apple	model:	ios	scope:	lt	version:	10.3	Trust: 0.6
vendor:	apple	model:	watchos	scope:	lt	version:	3.2	Trust: 0.6
vendor:	apple	model:	tv	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.11.6	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	3.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	10.2	Trust: 0.3
vendor:	apple	model:	security update yosemite	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	security update el capitan	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3	Trust: 0.3

sources: CNVD: CNVD-2017-04927 // BID: 97137 // JVNDB: JVNDB-2017-002360 // CNNVD: CNNVD-201704-111 // NVD: CVE-2017-2482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2482
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2482
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-04927
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-111
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110685
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2482
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-04927
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-110685
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2482
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04927 // VULHUB: VHN-110685 // JVNDB: JVNDB-2017-002360 // CNNVD: CNNVD-201704-111 // NVD: CVE-2017-2482

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-110685 // JVNDB: JVNDB-2017-002360 // NVD: CVE-2017-2482

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-111

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201704-111

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002360

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-110685

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207602	url:	https://support.apple.com/en-us/HT207602	Trust: 0.8
title:	HT207601	url:	https://support.apple.com/en-us/HT207601	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/en-us/HT207617	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/en-us/HT207615	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/ja-jp/HT207617	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/ja-jp/HT207615	Trust: 0.8
title:	HT207602	url:	https://support.apple.com/ja-jp/HT207602	Trust: 0.8
title:	HT207601	url:	https://support.apple.com/ja-jp/HT207601	Trust: 0.8
title:	Patch for Apple iOS / tvOS / macOS / watchOS Buffer Overflow Vulnerability (CNVD-2017-04927)	url:	https://www.cnvd.org.cn/patchInfo/show/92241	Trust: 0.6
title:	Multiple Apple product Kernel Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69004	Trust: 0.6

sources: CNVD: CNVD-2017-04927 // JVNDB: JVNDB-2017-002360 // CNNVD: CNNVD-201704-111

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2482	Trust: 3.4
db:	BID	id:	97137	Trust: 2.0
db:	SECTRACK	id:	1038138	Trust: 1.7
db:	EXPLOIT-DB	id:	41796	Trust: 1.7
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002360	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-111	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04927	Trust: 0.6
db:	SEEBUG	id:	SSVID-92888	Trust: 0.1
db:	PACKETSTORM	id:	141981	Trust: 0.1
db:	VULHUB	id:	VHN-110685	Trust: 0.1

sources: CNVD: CNVD-2017-04927 // VULHUB: VHN-110685 // BID: 97137 // JVNDB: JVNDB-2017-002360 // CNNVD: CNNVD-201704-111 // NVD: CVE-2017-2482

REFERENCES

url:	http://www.securityfocus.com/bid/97137	Trust: 1.7
url:	https://support.apple.com/ht207601	Trust: 1.7
url:	https://support.apple.com/ht207602	Trust: 1.7
url:	https://support.apple.com/ht207615	Trust: 1.7
url:	https://support.apple.com/ht207617	Trust: 1.7
url:	https://www.exploit-db.com/exploits/41796/	Trust: 1.7
url:	http://www.securitytracker.com/id/1038138	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2482	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2482	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	http://www.apple.com/ios/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3

sources: CNVD: CNVD-2017-04927 // VULHUB: VHN-110685 // BID: 97137 // JVNDB: JVNDB-2017-002360 // CNNVD: CNNVD-201704-111 // NVD: CVE-2017-2482

CREDITS

John Villamil, Doyensec, riusksk of Tencent Security Platform Department, Omer Medan of enSilo Ltd, Lufeng Li of Qihoo 360 Vulcan Team, Qidan He of KeenLab Tencent, an anonymous researcher working with Trend Micro??s Zero Day Initiative, John Villamil of

Trust: 0.3

sources: BID: 97137

SOURCES

db:	CNVD	id:	CNVD-2017-04927
db:	VULHUB	id:	VHN-110685
db:	BID	id:	97137
db:	JVNDB	id:	JVNDB-2017-002360
db:	CNNVD	id:	CNNVD-201704-111
db:	NVD	id:	CVE-2017-2482

LAST UPDATE DATE

2024-11-23T20:10:15.322000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04927	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-110685	date:	2019-03-08T00:00:00
db:	BID	id:	97137	date:	2017-03-29T00:02:00
db:	JVNDB	id:	JVNDB-2017-002360	date:	2017-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-111	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2017-2482	date:	2024-11-21T03:23:36.947

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04927	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-110685	date:	2017-04-02T00:00:00
db:	BID	id:	97137	date:	2017-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002360	date:	2017-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201704-111	date:	2017-04-07T00:00:00
db:	NVD	id:	CVE-2017-2482	date:	2017-04-02T01:59:03.827