Details of VAR-201705-3237

ID

VAR-201705-3237

CVE

CVE-2017-2523

TITLE

plural Apple Product Foundation Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-003803

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. Apple iOS, WatchOS, macOS and tvOS are prone to a memory corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1 Versions prior to Apple macOS 10.12.5. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. Foundation is a framework that provides basic system services for all applications

Trust: 1.98

sources: NVD: CVE-2017-2523 // JVNDB: JVNDB-2017-003803 // BID: 98584 // VULHUB: VHN-110726

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.12.4	Trust: 1.4
vendor:	apple	model:	watchos	scope:	lt	version:	3.2.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	10.3.2	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	10.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.12.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	eq	version:	3.2	Trust: 0.9
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (ipad first 4 generation or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (iphone 5 or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	10.3.2 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	10.2.1 (apple tv ( first 4 generation ))	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	3.2.2 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	tv	scope:	eq	version:	10.2	Trust: 0.6
vendor:	apple	model:	iphone os	scope:	eq	version:	10.3.1	Trust: 0.6
vendor:	apple	model:	watchos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	3	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	watchos	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	watch hermes	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watch edition	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	watch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	tvos	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	tv	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.4	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.3	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.2	Trust: 0.3
vendor:	apple	model:	macos	scope:	eq	version:	10.12.1	Trust: 0.3
vendor:	apple	model:	ipod touch	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	iphone	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ipad	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	50	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	40	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	30	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.9	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.8	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.7	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.6	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2.10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	watchos	scope:	ne	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	tvos	scope:	ne	version:	10.2.1	Trust: 0.3
vendor:	apple	model:	macos	scope:	ne	version:	10.12.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	ne	version:	10.3.2	Trust: 0.3

sources: BID: 98584 // JVNDB: JVNDB-2017-003803 // CNNVD: CNNVD-201705-998 // NVD: CVE-2017-2523

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2523
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-2523
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201705-998
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-110726
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-2523
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-110726
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2523
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110726 // JVNDB: JVNDB-2017-003803 // CNNVD: CNNVD-201705-998 // NVD: CVE-2017-2523

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-110726 // JVNDB: JVNDB-2017-003803 // NVD: CVE-2017-2523

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-998

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201705-998

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003803

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-110726

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT207800	url:	https://support.apple.com/en-us/HT207800	Trust: 0.8
title:	HT207801	url:	https://support.apple.com/en-us/HT207801	Trust: 0.8
title:	HT207797	url:	https://support.apple.com/en-us/HT207797	Trust: 0.8
title:	HT207798	url:	https://support.apple.com/en-us/HT207798	Trust: 0.8
title:	HT207797	url:	https://support.apple.com/ja-jp/HT207797	Trust: 0.8
title:	HT207798	url:	https://support.apple.com/ja-jp/HT207798	Trust: 0.8
title:	HT207800	url:	https://support.apple.com/ja-jp/HT207800	Trust: 0.8
title:	HT207801	url:	https://support.apple.com/ja-jp/HT207801	Trust: 0.8
title:	Multiple Apple product Foundation Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70474	Trust: 0.6

sources: JVNDB: JVNDB-2017-003803 // CNNVD: CNNVD-201705-998

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2523	Trust: 2.8
db:	BID	id:	98584	Trust: 2.0
db:	EXPLOIT-DB	id:	42050	Trust: 1.7
db:	JVN	id:	JVNVU98089541	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003803	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-998	Trust: 0.7
db:	PACKETSTORM	id:	142649	Trust: 0.1
db:	SEEBUG	id:	SSVID-93159	Trust: 0.1
db:	VULHUB	id:	VHN-110726	Trust: 0.1

sources: VULHUB: VHN-110726 // BID: 98584 // JVNDB: JVNDB-2017-003803 // CNNVD: CNNVD-201705-998 // NVD: CVE-2017-2523

REFERENCES

url:	http://www.securityfocus.com/bid/98584	Trust: 1.7
url:	https://support.apple.com/ht207797	Trust: 1.7
url:	https://support.apple.com/ht207798	Trust: 1.7
url:	https://support.apple.com/ht207800	Trust: 1.7
url:	https://support.apple.com/ht207801	Trust: 1.7
url:	https://www.exploit-db.com/exploits/42050/	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2523	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98089541/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2523	Trust: 0.8
url:	https://www.apple.com/	Trust: 0.3
url:	http://www.apple.com/ios/	Trust: 0.3
url:	https://www.apple.com/osx/	Trust: 0.3
url:	http://www.apple.com/accessibility/tvos/	Trust: 0.3
url:	http://www.apple.com/watchos-2/	Trust: 0.3
url:	https://support.apple.com/en-us/ht201222	Trust: 0.3

sources: VULHUB: VHN-110726 // BID: 98584 // JVNDB: JVNDB-2017-003803 // CNNVD: CNNVD-201705-998 // NVD: CVE-2017-2523

CREDITS

Ian Beer of Google Project Zero.

Trust: 0.3

sources: BID: 98584

SOURCES

db:	VULHUB	id:	VHN-110726
db:	BID	id:	98584
db:	JVNDB	id:	JVNDB-2017-003803
db:	CNNVD	id:	CNNVD-201705-998
db:	NVD	id:	CVE-2017-2523

LAST UPDATE DATE

2024-11-23T21:10:34.006000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110726	date:	2019-03-21T00:00:00
db:	BID	id:	98584	date:	2017-05-23T16:28:00
db:	JVNDB	id:	JVNDB-2017-003803	date:	2017-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201705-998	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2017-2523	date:	2024-11-21T03:23:42.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110726	date:	2017-05-22T00:00:00
db:	BID	id:	98584	date:	2017-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-003803	date:	2017-06-08T00:00:00
db:	CNNVD	id:	CNNVD-201705-998	date:	2017-05-23T00:00:00
db:	NVD	id:	CVE-2017-2523	date:	2017-05-22T05:29:01.490