Sign-up

ID

VAR-201705-3241


CVE

CVE-2017-2527


TITLE

Apple OS X of CoreAnimation Vulnerability in arbitrary code execution in components

Trust: 0.8

sources: JVNDB: JVNDB-2017-003839

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data. Apple macOS is prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. CoreAnimation is one of the animation processing API components. A memory corruption vulnerability exists in the CoreAnimation component of Apple macOS Sierra prior to 10.12.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-05-15-1 macOS 10.12.5 macOS 10.12.5 is now available and addresses the following: 802.1X Available for: macOS Sierra 10.12.4 Impact: A malicious network with 802.1X authentication may be able to capture user network credentials Description: A certificate validation issue existed in EAP-TLS when a certificate changed. This issue was addressed through improved certificate validation. CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company Accessibility Framework Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6978: Ian Beer of Google Project Zero CoreAnimation Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Processing maliciously crafted data may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-2527: Ian Beer of Google Project Zero CoreAudio Available for: macOS Sierra 10.12.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team DiskArbitration Available for: macOS Sierra 10.12.4 and OS X El Capitan v10.11.6 Impact: An application may be able to gain system privileges Description: A race condition was addressed with additional filesystem restrictions. CVE-2017-2533: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative HFS Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative iBooks Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted book may open arbitrary websites without user permission Description: A URL handling issue was addressed through improved state management. CVE-2017-2497: Jun Kokatsu (@shhnjk) iBooks Available for: macOS Sierra 10.12.4 Impact: An application may be able to execute arbitrary code with root privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization. CVE-2017-6981: evi1m0 of YSRC (sec.ly.com) iBooks Available for: macOS Sierra 10.12.4 Impact: An application may be able to escape its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of Knownsec 404 Security Team Intel Graphics Driver Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2503: sss and Axis of 360Nirvan team IOGraphics Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative IOSurface Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6979: Adam Donenfeld of Zimperium zLabs Kernel Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2494: Jann Horn of Google Project Zero Kernel Available for: macOS Sierra 10.12.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2501: Ian Beer of Google Project Zero Kernel Available for: macOS Sierra 10.12.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-2509: Jann Horn of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack Kernel Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2516: Jann Horn of Google Project Zero Kernel Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative Multi-Touch Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative NVIDIA Graphics Drivers Available for: macOS Sierra 10.12.4 Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360 Sandbox Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to escape its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2512: Federico Bento of Faculty of Sciences, University of Porto Security Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to escape its sandbox Description: A resource exhaustion issue was addressed through improved input validation. CVE-2017-2535: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative Speech Framework Available for: macOS Sierra 10.12.4 Impact: An application may be able to escape its sandbox Description: An access issue was addressed through additional sandbox restrictions. CVE-2017-2534: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative Speech Framework Available for: macOS Sierra 10.12.4 Impact: An application may be able to escape its sandbox Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6977: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative SQLite Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz SQLite Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz SQLite Available for: macOS Sierra 10.12.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz SQLite Available for: macOS Sierra 10.12.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative TextInput Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero WindowServer Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to gain system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative WindowServer Available for: macOS Sierra 10.12.4, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative Installation note: macOS 10.12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGU2cP/2EqdcJ943FWZZLD0q12RgWs K2leunn93aYhkoT8IL2AvZ22mDSs5EIbTPEFfyHlu9GDbSTfUSq3AWsuGVrN8qSW IRkv3herbpZEIU8pNKHVsJBWgQf+pVnAHvJ/uvRQ9ZcseSOPhnmPKSAlpjSi4R4A SzSEzYoW0QaJzSOGvMmbToIgB+s1IcUVBAwrM/MIIO8kmtKo7uCsxX1y9W1PC3kO 4RyW87YomoVHCBN8PC755pMwhgF3mCx/yXoYdHn1b0BN82CqIvKj8SkHu3AJB+Rf ZcEEVbVlEVJHwvYdvd18ugiOdLXbe8hAHmU7YrLj7srhLpob9MC/KdfKxpTjGolS F7ocgZ5UrP8bQeWW9o1I1bpe6HdANl6UWTBjYKTVs4MM9g2UQiiOz4FCH2Ogk4EA rX8aQ62gzTIZp5tjqVvypT1SEf5/VJkM+P+p+ckxtgRWYxv7NLY8kFuVO7IlAC+I VZRpWLUryLSMdype0z0KAhnu+PZS9Rx6vnCrlRU6QZu3OHWjcOu0eF7wmt5lTWhX t4goc89xPIqLgD042B21PTdHlW5umrvDuqNzOzgqUmPHKllSCdZamrN2R4R1rrUu FKS+y2EC2KW41uozZFblHYRHEwAAeXqNhJYqAQAF/E7Tu0wWZzCtNn1XsEOu54pq EYP8FFm3hsrGF6D9D4Sl =MYfD -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2017-2527 // JVNDB: JVNDB-2017-003839 // BID: 98483 // VULHUB: VHN-110730 // PACKETSTORM: 142506

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.5

Trust: 0.3

sources: BID: 98483 // JVNDB: JVNDB-2017-003839 // CNNVD: CNNVD-201705-994 // NVD: CVE-2017-2527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2527
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2527
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201705-994
value: HIGH

Trust: 0.6

VULHUB: VHN-110730
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2527
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110730
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2527
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110730 // JVNDB: JVNDB-2017-003839 // CNNVD: CNNVD-201705-994 // NVD: CVE-2017-2527

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-110730 // JVNDB: JVNDB-2017-003839 // NVD: CVE-2017-2527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-994

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-994

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003839

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-110730

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207797url:https://support.apple.com/en-us/HT207797
Trust: 0.8
title:HT207797url:https://support.apple.com/ja-jp/HT207797
Trust: 0.8
title:Apple macOS Sierra CoreAnimation Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70470
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003839 // 
            
            
            
            CNNVD: CNNVD-201705-994

EXTERNAL IDS
db:NVDid:CVE-2017-2527
Trust: 2.9
db:EXPLOIT-DBid:42052
Trust: 1.1
db:SECTRACKid:1038484
Trust: 1.1
db:JVNid:JVNVU98089541
Trust: 0.8
db:JVNDBid:JVNDB-2017-003839
Trust: 0.8
db:CNNVDid:CNNVD-201705-994
Trust: 0.7
db:BIDid:98483
Trust: 0.3
db:SEEBUGid:SSVID-93158
Trust: 0.1
db:PACKETSTORMid:142651
Trust: 0.1
db:VULHUBid:VHN-110730
Trust: 0.1
db:PACKETSTORMid:142506
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110730 // 
            
            
            
            BID: 98483 // 
            
            
            
            JVNDB: JVNDB-2017-003839 // 
            
            
            
            PACKETSTORM: 142506 // 
            
            
            
            CNNVD: CNNVD-201705-994 // 
            
            
            
            NVD: CVE-2017-2527

REFERENCES
url:https://support.apple.com/ht207797
Trust: 1.7
url:https://www.exploit-db.com/exploits/42052/
Trust: 1.1
url:http://www.securitytracker.com/id/1038484
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2527
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2527
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98089541/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-2509
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2542
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2548
Trust: 0.1
url:https://gpgtools.org
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6978
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2502
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2516
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2545
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2520
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2519
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2543
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2535
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2507
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2533
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2494
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2546
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2518
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2537
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2513
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2540
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6977
Trust: 0.1
url:https://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2534
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2512
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2524
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2501
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2541
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2503
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2497
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110730 // 
            
            
            
            BID: 98483 // 
            
            
            
            JVNDB: JVNDB-2017-003839 // 
            
            
            
            PACKETSTORM: 142506 // 
            
            
            
            CNNVD: CNNVD-201705-994 // 
            
            
            
            NVD: CVE-2017-2527

CREDITS
Tim Cappalli of Aruba,  Ian Beer of Google Project Zero, Samuel Gro? and Niklas Baumstark, Chaitin Security Research Lab, evi1m0 of YSRC, sss and Axis of 360Nirvan team, 360 Security, Jann Horn, Federico Bento of Faculty of Sciences, Richard Zhu, and Team
Trust: 0.3
sources:
            
            
            BID: 98483

SOURCES
db:VULHUBid:VHN-110730
db:BIDid:98483
db:JVNDBid:JVNDB-2017-003839
db:PACKETSTORMid:142506
db:CNNVDid:CNNVD-201705-994
db:NVDid:CVE-2017-2527

LAST UPDATE DATE
2024-11-23T19:40:02.529000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110730date:2017-08-13T00:00:00
db:BIDid:98483date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-003839date:2017-06-08T00:00:00
db:CNNVDid:CNNVD-201705-994date:2017-05-23T00:00:00
db:NVDid:CVE-2017-2527date:2024-11-21T03:23:42.940

SOURCES RELEASE DATE
db:VULHUBid:VHN-110730date:2017-05-22T00:00:00
db:BIDid:98483date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-003839date:2017-06-08T00:00:00
db:PACKETSTORMid:142506date:2017-05-15T13:02:22
db:CNNVDid:CNNVD-201705-994date:2017-05-23T00:00:00
db:NVDid:CVE-2017-2527date:2017-05-22T05:29:01.693