Sign-up

ID

VAR-201704-0836


CVE

CVE-2017-2462


TITLE

plural Apple Vulnerability to execute arbitrary code in audio component of product

Trust: 0.8

sources: JVNDB: JVNDB-2017-002369

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of M4A files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to achieve remote code execution under the context of the current user. Apple iOS, tvOS, macOS and watchOS are prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, perform unauthorized actions and gain elevated privileges; this may aid in launching further attacks. Versions prior to iOS 10.3, watchOS 3.2, macOS 10.12.4, and tvOS 10.2 are vulnerable. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. A buffer overflow vulnerability exists in the Audio component of several Apple products. CVE-2017-2430: an anonymous researcher working with Trend Microas Zero Day Initiative CVE-2017-2462: an anonymous researcher working with Trend Microas Zero Day Initiative Carbon Available for: All Apple Watch models Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of font files. This issue was addressed through improved bounds checking. CVE-2017-2379: John Villamil, Doyensec, riusksk (ae3aY=) of Tencent Security Platform Department CoreGraphics Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to a denial of service Description: An infinite recursion was addressed through improved state management. CVE-2017-2417: riusksk (ae3aY=) of Tencent Security Platform Department CoreGraphics Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2444: Mei Wang of 360 GearTeam CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2435: John Villamil, Doyensec CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2450: John Villamil, Doyensec CoreText Available for: All Apple Watch models Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2461: Isaac Archambault of IDAoADI, an anonymous researcher FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2406: riusksk (ae3aY=) of Tencent Security Platform Department CVE-2017-2487: riusksk (ae3aY=) of Tencent Security Platform Department FontParser Available for: All Apple Watch models Impact: Parsing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved input validation. CVE-2017-2407: riusksk (ae3aY=) of Tencent Security Platform Department FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed through improved input validation. CVE-2017-2439: John Villamil, Doyensec HTTPProtocol Available for: All Apple Watch models Impact: A malicious HTTP/2 server may be able to cause undefined behavior Description: Multiple issues existed in nghttp2 before 1.17.0. These were addressed by updating LibreSSL to version 1.17.0. CVE-2017-2428 ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2432: an anonymous researcher working with Trend Micro's Zero Day Initiative ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2467 ImageIO Available for: All Apple Watch models Impact: Processing a maliciously crafted image may lead to unexpected application termination Description: An out-of-bound read existed in LibTIFF versions before 4.0.7. This was addressed by updating LibTIFF in ImageIO to version 4.0.7. CVE-2017-2401: Lufeng Li of Qihoo 360 Vulcan Team Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2017-2440: an anonymous researcher Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with root privileges Description: A race condition was addressed through improved memory handling. CVE-2017-2456: lokihardt of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-2017-2472: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2473: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: An off-by-one issue was addressed through improved bounds checking. CVE-2017-2474: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2478: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2482: Ian Beer of Google Project Zero CVE-2017-2483: Ian Beer of Google Project Zero Keyboards Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2458: Shashank (@cyberboyIndia) libarchive Available for: All Apple Watch models Impact: A local attacker may be able to change file system permissions on arbitrary directories Description: A validation issue existed in the handling of symlinks. This issue was addressed through improved validation of symlinks. CVE-2017-2390: Omer Medan of enSilo Ltd libc++abi Available for: All Apple Watch models Impact: Demangling a malicious C++ application may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2441 Security Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with root privileges Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-2451: Alex Radocea of Longterm Security, Inc. Security Available for: All Apple Watch models Impact: Processing a maliciously crafted x509 certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the parsing of certificates. This issue was addressed through improved input validation. CVE-2017-2485: Aleksandar Nikolic of Cisco Talos WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed through improved memory handling. CVE-2017-2415: Kai Kang of Tencent's Xuanwu Lab (tentcent.com) WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to high memory consumption Description: An uncontrolled resource consumption issue was addressed through improved regex processing. CVE-2016-9643: Gustavo Grieco WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2471: Ivan Fratric of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2Yo7AAoJEIOj74w0bLRGnz8P/2pCIIMej7VvKEMeeOblPHII ZwaSR8nzRIlL5IsPgPcq/e2vkZoyPs3ee5dQGX4yJTgzEY0FuD1S/NxeFntxFlzm 8Ei+PQJco8xdZtlL1HXjg+UlY0HAm1TJGYyriDPjbJiqCBRktv3ta/uzJY+yvXK8 3KtO0PXmEGFod9eyQZIRqFZ6GLxNdeFIxabp1SkOoiGk29jC3E9YjgR5qldMAjfN AuYWiBBhMOmal8dbnamtcJh93ElzuXX77cCUlw7wQMz6NaqNS3FWaGEUHsxn6y/4 P8XIfwYAaoWhaCJpEari+GkxmmuXmtbuKyMTDQqCWQyG3ThkYDk6kKQNcQMDbxnh pcyEB7WI9sRQ7CoFH7rmyl8BqQr4Ys0uGPtRDvCVO91kNUMYXeBiNC+StyqWt6Wd 3p/QUxYnM+kG8Zd0lMEaF3LNolr1w54APxMYD3sW3/tOmf8C7d6+qGTGlrumizkD Z0zr/xRNNpd0m4PVmlNt7YJMjN6s1xJwpEUC1n4FyRifdQktqsKMrumq7VGplHYO VNKToB3BuHHjTi2HOocvUXfj55htqrCxETEyHD7NhKVpLEf15vDgyXKFGgF95/HR gomW+ApttZNiz/vOOoI9DL2ZSOnwzo5uO8W4GYSpDpQ36YaYQj/jei2MgtVqqKo+ bNi/H1Oquz40IhKoGR/B =4Uvv -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2017-2462 // JVNDB: JVNDB-2017-002369 // ZDI: ZDI-17-189 // BID: 97137 // VULHUB: VHN-110665 // PACKETSTORM: 141933

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.3

Trust: 1.4

vendor:applemodel:iphone osscope:lteversion:10.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.12.3

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:10.1.1

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:3.1.3

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.9

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

vendor:applemodel:tvscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:3.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:10.2

Trust: 0.3

vendor:applemodel:security update yosemitescope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:security update el capitanscope:neversion:2017-0010

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.4

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3

Trust: 0.3

sources: ZDI: ZDI-17-189 // BID: 97137 // JVNDB: JVNDB-2017-002369 // CNNVD: CNNVD-201704-095 // NVD: CVE-2017-2462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2462
value: HIGH

Trust: 1.0

NVD: CVE-2017-2462
value: HIGH

Trust: 0.8

ZDI: CVE-2017-2462
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201704-095
value: HIGH

Trust: 0.6

VULHUB: VHN-110665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2462
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

VULHUB: VHN-110665
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2462
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-17-189 // VULHUB: VHN-110665 // JVNDB: JVNDB-2017-002369 // CNNVD: CNNVD-201704-095 // NVD: CVE-2017-2462

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110665 // JVNDB: JVNDB-2017-002369 // NVD: CVE-2017-2462

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-095

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201704-095

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002369

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207602url:https://support.apple.com/en-us/HT207602
Trust: 0.8
title:HT207601url:https://support.apple.com/en-us/HT207601
Trust: 0.8
title:HT207617url:https://support.apple.com/en-us/HT207617
Trust: 0.8
title:HT207615url:https://support.apple.com/en-us/HT207615
Trust: 0.8
title:HT207617url:https://support.apple.com/ja-jp/HT207617
Trust: 0.8
title:HT207615url:https://support.apple.com/ja-jp/HT207615
Trust: 0.8
title:HT207602url:https://support.apple.com/ja-jp/HT207602
Trust: 0.8
title:HT207601url:https://support.apple.com/ja-jp/HT207601
Trust: 0.8
title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/kb/HT201222
Trust: 0.7
title:Multiple Apple product Audio Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68988
Trust: 0.6
sources:
            
            
            ZDI: ZDI-17-189 // 
            
            
            
            JVNDB: JVNDB-2017-002369 // 
            
            
            
            CNNVD: CNNVD-201704-095

EXTERNAL IDS
db:NVDid:CVE-2017-2462
Trust: 3.6
db:ZDIid:ZDI-17-189
Trust: 2.4
db:BIDid:97137
Trust: 2.0
db:SECTRACKid:1038138
Trust: 1.7
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-002369
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4413
Trust: 0.7
db:CNNVDid:CNNVD-201704-095
Trust: 0.7
db:VULHUBid:VHN-110665
Trust: 0.1
db:PACKETSTORMid:141933
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-189 // 
            
            
            
            VULHUB: VHN-110665 // 
            
            
            
            BID: 97137 // 
            
            
            
            JVNDB: JVNDB-2017-002369 // 
            
            
            
            PACKETSTORM: 141933 // 
            
            
            
            CNNVD: CNNVD-201704-095 // 
            
            
            
            NVD: CVE-2017-2462

REFERENCES
url:http://www.securityfocus.com/bid/97137
Trust: 1.7
url:https://support.apple.com/ht207601
Trust: 1.7
url:https://support.apple.com/ht207602
Trust: 1.7
url:https://support.apple.com/ht207615
Trust: 1.7
url:https://support.apple.com/ht207617
Trust: 1.7
url:http://zerodayinitiative.com/advisories/zdi-17-189/
Trust: 1.7
url:http://www.securitytracker.com/id/1038138
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-2462
Trust: 0.9
url:https://support.apple.com/kb/ht201222
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2462
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/watchos-2/
Trust: 0.3
url:http://www.apple.com/macosx/
Trust: 0.3
url:https://support.apple.com/en-us/ht201222
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-2406
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2379
Trust: 0.1
url:https://support.apple.com/kb/ht204641
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2444
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2450
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2441
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-3619
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2472
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2473
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2401
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2467
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2458
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2428
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2417
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2440
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2435
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2430
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2432
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2471
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2451
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2461
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2439
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2390
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2415
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2407
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2416
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-9643
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2456
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-189 // 
            
            
            
            VULHUB: VHN-110665 // 
            
            
            
            BID: 97137 // 
            
            
            
            JVNDB: JVNDB-2017-002369 // 
            
            
            
            PACKETSTORM: 141933 // 
            
            
            
            CNNVD: CNNVD-201704-095 // 
            
            
            
            NVD: CVE-2017-2462

CREDITS
734388278a34721ed1869ab23235b2c976a145e2
Trust: 0.7
sources:
            
            
            ZDI: ZDI-17-189

SOURCES
db:ZDIid:ZDI-17-189
db:VULHUBid:VHN-110665
db:BIDid:97137
db:JVNDBid:JVNDB-2017-002369
db:PACKETSTORMid:141933
db:CNNVDid:CNNVD-201704-095
db:NVDid:CVE-2017-2462

LAST UPDATE DATE
2024-11-23T19:38:08.068000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-189date:2017-03-28T00:00:00
db:VULHUBid:VHN-110665date:2019-03-08T00:00:00
db:BIDid:97137date:2017-03-29T00:02:00
db:JVNDBid:JVNDB-2017-002369date:2017-04-12T00:00:00
db:CNNVDid:CNNVD-201704-095date:2019-03-13T00:00:00
db:NVDid:CVE-2017-2462date:2024-11-21T03:23:34.490

SOURCES RELEASE DATE
db:ZDIid:ZDI-17-189date:2017-03-28T00:00:00
db:VULHUBid:VHN-110665date:2017-04-02T00:00:00
db:BIDid:97137date:2017-03-27T00:00:00
db:JVNDBid:JVNDB-2017-002369date:2017-04-12T00:00:00
db:PACKETSTORMid:141933date:2017-03-27T17:32:22
db:CNNVDid:CNNVD-201704-095date:2017-04-06T00:00:00
db:NVDid:CVE-2017-2462date:2017-04-02T01:59:02.997