Details of VAR-201704-0808

ID

VAR-201704-0808

CVE

CVE-2017-2485

TITLE

plural Apple Vulnerability in arbitrary code execution in product security components

Trust: 0.8

sources: JVNDB: JVNDB-2017-002362

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted X.509 certificate file. Apple iOS, WatchOS, macOS and tvOS are prone to a memory corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. The following versions are affected: Versions prior to Apple iOS 10.2 Versions prior to Apple watchOS 3.1.1 Versions prior to Apple tvOS 10.1 Versions prior to Apple macOS 10.12.4. in the United States. Apple iOS is an operating system developed for mobile devices; watchOS is a smart watch operating system; tvOS is a smart TV operating system

Trust: 1.98

sources: NVD: CVE-2017-2485 // JVNDB: JVNDB-2017-002362 // BID: 97132 // VULHUB: VHN-110688

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.3	Trust: 1.4
vendor:	apple	model:	iphone os	scope:	lte	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.12.3	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	3.1.3	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.3	Trust: 0.9
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipad first 4 after generation )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3 (ipod touch first 6 after generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.2 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	3.2 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	tv	scope:	eq	version:	10.1.1	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.2.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watch hermes	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watch edition	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	3.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	10.2	Trust: 0.3
vendor:	apple	model:	security update yosemite	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	security update el capitan	scope:	ne	version:	2017-0010	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3	Trust: 0.3

sources: BID: 97132 // JVNDB: JVNDB-2017-002362 // CNNVD: CNNVD-201703-1277 // NVD: CVE-2017-2485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2485
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-2485
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201703-1277
value:	HIGH
Trust: 0.6
VULHUB:	VHN-110688
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2485
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110688
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2485
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110688 // JVNDB: JVNDB-2017-002362 // CNNVD: CNNVD-201703-1277 // NVD: CVE-2017-2485

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.9

sources: VULHUB: VHN-110688 // JVNDB: JVNDB-2017-002362 // NVD: CVE-2017-2485

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1277

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1277

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002362

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207602	url:	https://support.apple.com/en-us/HT207602	Trust: 0.8
title:	HT207601	url:	https://support.apple.com/en-us/HT207601	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/en-us/HT207617	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/en-us/HT207615	Trust: 0.8
title:	HT207617	url:	https://support.apple.com/ja-jp/HT207617	Trust: 0.8
title:	HT207615	url:	https://support.apple.com/ja-jp/HT207615	Trust: 0.8
title:	HT207602	url:	https://support.apple.com/ja-jp/HT207602	Trust: 0.8
title:	HT207601	url:	https://support.apple.com/ja-jp/HT207601	Trust: 0.8
title:	Multiple Apple product Security Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68829	Trust: 0.6

sources: JVNDB: JVNDB-2017-002362 // CNNVD: CNNVD-201703-1277

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2485	Trust: 2.8
db:	BID	id:	97132	Trust: 2.0
db:	TALOS	id:	TALOS-2017-0296	Trust: 1.9
db:	SECTRACK	id:	1038138	Trust: 1.7
db:	JVN	id:	JVNVU90482935	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002362	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1277	Trust: 0.7
db:	SEEBUG	id:	SSVID-92836	Trust: 0.1
db:	VULHUB	id:	VHN-110688	Trust: 0.1

sources: VULHUB: VHN-110688 // BID: 97132 // JVNDB: JVNDB-2017-002362 // CNNVD: CNNVD-201703-1277 // NVD: CVE-2017-2485

REFERENCES

url:	http://www.securityfocus.com/bid/97132	Trust: 1.7
url:	https://support.apple.com/ht207601	Trust: 1.7
url:	https://support.apple.com/ht207602	Trust: 1.7
url:	https://support.apple.com/ht207615	Trust: 1.7
url:	https://support.apple.com/ht207617	Trust: 1.7
url:	http://www.securitytracker.com/id/1038138	Trust: 1.7
url:	http://www.talosintelligence.com/reports/talos-2017-0296/	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2485	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90482935/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2485	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://www.apple.com/osx/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	http://www.talosintelligence.com/reports/talos-2017-0296/	Trust: 0.3

sources: VULHUB: VHN-110688 // BID: 97132 // JVNDB: JVNDB-2017-002362 // CNNVD: CNNVD-201703-1277 // NVD: CVE-2017-2485

CREDITS

Aleksandar Nikolic

Trust: 0.9

sources: BID: 97132 // CNNVD: CNNVD-201703-1277

SOURCES

db:	VULHUB	id:	VHN-110688
db:	BID	id:	97132
db:	JVNDB	id:	JVNDB-2017-002362
db:	CNNVD	id:	CNNVD-201703-1277
db:	NVD	id:	CVE-2017-2485

LAST UPDATE DATE

2024-11-23T21:14:54.843000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110688	date:	2019-03-08T00:00:00
db:	BID	id:	97132	date:	2017-03-29T00:02:00
db:	JVNDB	id:	JVNDB-2017-002362	date:	2017-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201703-1277	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2017-2485	date:	2024-11-21T03:23:37.313

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110688	date:	2017-04-02T00:00:00
db:	BID	id:	97132	date:	2017-03-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-002362	date:	2017-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201703-1277	date:	2017-03-29T00:00:00
db:	NVD	id:	CVE-2017-2485	date:	2017-04-02T01:59:03.933