ID

VAR-201704-0812


CVE

CVE-2017-2490


TITLE

plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts

Trust: 0.8

sources: JVNDB: JVNDB-2017-002338

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. iOS is a mobile operating system developed by Apple. Apple Corps first announced this system at the Macworld conference on January 9, 2007. It was originally designed for the iPhone and later applied to iPod touch, iPad, and Apple TV. tvOS is a system developed by Apple. Based on iOS, tvOS is an operating system designed for the fourth generation of Apple TV. MacOS is a set of operating systems running on Apple Macintosh computers. watchOS is a mobile operating system for the Apple Watch developed by Apple. It is based on the iOS operating system and has many similar features. The "Kernel" component of many Apple products has a denial of service vulnerability. Apple iOS, WatchOS, macOS and tvOS are prone to a memory corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. The following versions are affected: Versions prior to Apple iOS 10.3 Versions prior to Apple watchOS 3.2 Versions prior to Apple tvOS 10.2 Versions prior to Apple macOS 10.12.4

Trust: 2.52

sources: NVD: CVE-2017-2490 // JVNDB: JVNDB-2017-002338 // CNVD: CNVD-2017-05002 // BID: 97301 // VULHUB: VHN-110693

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:iphone osscope:lteversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:10.1.1

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:3.1.3

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.9

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2

Trust: 0.6

vendor:applemodel:macosscope:ltversion:10.12.4

Trust: 0.6

vendor:applemodel:iosscope:ltversion:10.3

Trust: 0.6

vendor:applemodel:watchosscope:ltversion:3.2

Trust: 0.6

vendor:applemodel:tvscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:3.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:10.2

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3

Trust: 0.3

sources: CNVD: CNVD-2017-05002 // BID: 97301 // JVNDB: JVNDB-2017-002338 // CNNVD: CNNVD-201704-115 // NVD: CVE-2017-2490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2490
value: HIGH

Trust: 1.0

NVD: CVE-2017-2490
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-05002
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-115
value: HIGH

Trust: 0.6

VULHUB: VHN-110693
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2490
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05002
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110693
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2490
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05002 // VULHUB: VHN-110693 // JVNDB: JVNDB-2017-002338 // CNNVD: CNNVD-201704-115 // NVD: CVE-2017-2490

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110693 // JVNDB: JVNDB-2017-002338 // NVD: CVE-2017-2490

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-115

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201704-115

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002338

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-110693

PATCH

title:Apple security updatesurl:https://support.apple.com/en-us/HT201222

Trust: 0.8

title:HT207615url:https://support.apple.com/en-us/HT207615

Trust: 0.8

title:HT207617url:https://support.apple.com/en-us/HT207617

Trust: 0.8

title:HT207601url:https://support.apple.com/en-us/HT207601

Trust: 0.8

title:HT207602url:https://support.apple.com/en-us/HT207602

Trust: 0.8

title:HT207601url:https://support.apple.com/ja-jp/HT207601

Trust: 0.8

title:HT207602url:https://support.apple.com/ja-jp/HT207602

Trust: 0.8

title:HT207615url:https://support.apple.com/ja-jp/HT207615

Trust: 0.8

title:HT207617url:https://support.apple.com/ja-jp/HT207617

Trust: 0.8

title:Patch for Apple iOS / tvOS / macOS / watchOS Denial of Service Vulnerability (CNVD-2017-05002)url:https://www.cnvd.org.cn/patchInfo/show/92264

Trust: 0.6

title:Multiple Apple product Kernel Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69008

Trust: 0.6

sources: CNVD: CNVD-2017-05002 // JVNDB: JVNDB-2017-002338 // CNNVD: CNNVD-201704-115

EXTERNAL IDS

db:NVDid:CVE-2017-2490

Trust: 3.4

db:BIDid:97301

Trust: 2.6

db:EXPLOIT-DBid:41804

Trust: 1.7

db:JVNid:JVNVU90482935

Trust: 0.8

db:JVNDBid:JVNDB-2017-002338

Trust: 0.8

db:CNNVDid:CNNVD-201704-115

Trust: 0.7

db:CNVDid:CNVD-2017-05002

Trust: 0.6

db:PACKETSTORMid:141983

Trust: 0.1

db:SEEBUGid:SSVID-92884

Trust: 0.1

db:VULHUBid:VHN-110693

Trust: 0.1

sources: CNVD: CNVD-2017-05002 // VULHUB: VHN-110693 // BID: 97301 // JVNDB: JVNDB-2017-002338 // CNNVD: CNNVD-201704-115 // NVD: CVE-2017-2490

REFERENCES

url:http://www.securityfocus.com/bid/97301

Trust: 1.7

url:https://support.apple.com/ht207601

Trust: 1.7

url:https://support.apple.com/ht207602

Trust: 1.7

url:https://support.apple.com/ht207615

Trust: 1.7

url:https://support.apple.com/ht207617

Trust: 1.7

url:https://www.exploit-db.com/exploits/41804/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-2490

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2490

Trust: 0.8

url:http://jvn.jp/vu/jvnvu90482935/index.html

Trust: 0.8

url:https://www.apple.com/

Trust: 0.3

url:http://www.apple.com/ios/

Trust: 0.3

url:https://www.apple.com/osx/

Trust: 0.3

url:http://www.apple.com/accessibility/tvos/

Trust: 0.3

url:http://www.apple.com/watchos-2/

Trust: 0.3

sources: CNVD: CNVD-2017-05002 // VULHUB: VHN-110693 // BID: 97301 // JVNDB: JVNDB-2017-002338 // CNNVD: CNNVD-201704-115 // NVD: CVE-2017-2490

CREDITS

Ian Beer of Google Project Zero, The UK's National Cyber Security Centre (NCSC).

Trust: 0.3

sources: BID: 97301

SOURCES

db:CNVDid:CNVD-2017-05002
db:VULHUBid:VHN-110693
db:BIDid:97301
db:JVNDBid:JVNDB-2017-002338
db:CNNVDid:CNNVD-201704-115
db:NVDid:CVE-2017-2490

LAST UPDATE DATE

2024-11-23T21:29:47.044000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-05002date:2017-04-21T00:00:00
db:VULHUBid:VHN-110693date:2019-03-08T00:00:00
db:BIDid:97301date:2017-04-04T00:03:00
db:JVNDBid:JVNDB-2017-002338date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-115date:2019-03-13T00:00:00
db:NVDid:CVE-2017-2490date:2024-11-21T03:23:37.923

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-05002date:2017-04-21T00:00:00
db:VULHUBid:VHN-110693date:2017-04-02T00:00:00
db:BIDid:97301date:2017-04-01T00:00:00
db:JVNDBid:JVNDB-2017-002338date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-115date:2017-04-07T00:00:00
db:NVDid:CVE-2017-2490date:2017-04-02T01:59:04.077