Sign-up

ID

VAR-201705-3983


CVE

CVE-2017-6979


TITLE

plural Apple Product IOSurface Component vulnerable to arbitrary code execution in privileged context

Trust: 0.8

sources: JVNDB: JVNDB-2017-003805

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. IOSurface is one of the programming framework components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2. CVE-2017-2521: lokihardt of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-05-15-3 tvOS 10.2.1 tvOS 10.2.1 is now available and addresses the following: AVEVideoEncoder Available for: Apple TV (4th generation) Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CoreAudio Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team IOSurface Available for: Apple TV (4th generation) Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2501: Ian Beer of Google Project Zero Kernel Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz TextInput Available for: Apple TV (4th generation) Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management. CVE-2017-2504: lokihardt of Google Project Zero WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2505: lokihardt of Google Project Zero CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Microas Zero Day Initiative CVE-2017-2515: lokihardt of Google Project Zero CVE-2017-2521: lokihardt of Google Project Zero CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab ( tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2530: Wei Yuan of Baidu Security Lab CVE-2017-2531: lokihardt of Google Project Zero CVE-2017-6980: lokihardt of Google Project Zero CVE-2017-6984: lokihardt of Google Project Zero WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues with addressed through improved memory handling. CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management. CVE-2017-2549: lokihardt of Google Project Zero WebKit Web Inspector Available for: Apple TV (4th generation) Impact: An application may be able to execute unsigned code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2499: George Dan (@theninjaprawn) Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.a To check the current version of software, select "Settings -> General -> About.a Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua 3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3 1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ n4lw8wPv5laa5ARIQHP/ =94LN -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2017-6979 // JVNDB: JVNDB-2017-003805 // BID: 98468 // VULHUB: VHN-115182 // PACKETSTORM: 142510 // PACKETSTORM: 142509

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.12.4

Trust: 1.4

vendor:applemodel:mac os xscope:lteversion:10.12.4

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:10.3.1

Trust: 1.0

vendor:applemodel:tvosscope:lteversion:10.2

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.2

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:10.10.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.11.6

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (ipad first 4 generation or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3.2 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:10.2.1 (apple tv ( first 4 generation ))

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:3.2.2 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:10.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:3.2.2

Trust: 0.3

vendor:applemodel:tvosscope:neversion:10.2.1

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.12.5

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3.2

Trust: 0.3

sources: BID: 98468 // JVNDB: JVNDB-2017-003805 // CNNVD: CNNVD-201705-971 // NVD: CVE-2017-6979

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6979
value: HIGH

Trust: 1.0

NVD: CVE-2017-6979
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201705-971
value: HIGH

Trust: 0.6

VULHUB: VHN-115182
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6979
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115182
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6979
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115182 // JVNDB: JVNDB-2017-003805 // CNNVD: CNNVD-201705-971 // NVD: CVE-2017-6979

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-115182 // JVNDB: JVNDB-2017-003805 // NVD: CVE-2017-6979

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201705-971

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201705-971

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003805

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-115182

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207800url:https://support.apple.com/en-us/HT207800
Trust: 0.8
title:HT207801url:https://support.apple.com/en-us/HT207801
Trust: 0.8
title:HT207797url:https://support.apple.com/en-us/HT207797
Trust: 0.8
title:HT207798url:https://support.apple.com/en-us/HT207798
Trust: 0.8
title:HT207797url:https://support.apple.com/ja-jp/HT207797
Trust: 0.8
title:HT207798url:https://support.apple.com/ja-jp/HT207798
Trust: 0.8
title:HT207800url:https://support.apple.com/ja-jp/HT207800
Trust: 0.8
title:HT207801url:https://support.apple.com/ja-jp/HT207801
Trust: 0.8
title:Multiple Apple product IOSurface Fixing measures for component race condition vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70447
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003805 // 
            
            
            
            CNNVD: CNNVD-201705-971

EXTERNAL IDS
db:NVDid:CVE-2017-6979
Trust: 3.0
db:BIDid:98468
Trust: 2.0
db:SECTRACKid:1038484
Trust: 1.7
db:EXPLOIT-DBid:42555
Trust: 1.7
db:JVNid:JVNVU98089541
Trust: 0.8
db:JVNDBid:JVNDB-2017-003805
Trust: 0.8
db:CNNVDid:CNNVD-201705-971
Trust: 0.7
db:VULHUBid:VHN-115182
Trust: 0.1
db:PACKETSTORMid:142510
Trust: 0.1
db:PACKETSTORMid:142509
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115182 // 
            
            
            
            BID: 98468 // 
            
            
            
            JVNDB: JVNDB-2017-003805 // 
            
            
            
            PACKETSTORM: 142510 // 
            
            
            
            PACKETSTORM: 142509 // 
            
            
            
            CNNVD: CNNVD-201705-971 // 
            
            
            
            NVD: CVE-2017-6979

REFERENCES
url:http://www.securityfocus.com/bid/98468
Trust: 2.3
url:https://support.apple.com/ht207797
Trust: 1.7
url:https://support.apple.com/ht207798
Trust: 1.7
url:https://support.apple.com/ht207800
Trust: 1.7
url:https://support.apple.com/ht207801
Trust: 1.7
url:https://www.exploit-db.com/exploits/42555/
Trust: 1.7
url:http://www.securitytracker.com/id/1038484
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-6979
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6979
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98089541/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/watchos-2/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2017-2519
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2521
Trust: 0.2
url:https://support.apple.com/kb/ht201222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2524
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2501
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2518
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2513
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-6989
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2502
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2507
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-6987
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-2520
Trust: 0.2
url:https://support.apple.com/kb/ht204641
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2531
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2506
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2504
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2505
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2530
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2525
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2499
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6984
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2536
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2549
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-2515
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6980
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115182 // 
            
            
            
            BID: 98468 // 
            
            
            
            JVNDB: JVNDB-2017-003805 // 
            
            
            
            PACKETSTORM: 142510 // 
            
            
            
            PACKETSTORM: 142509 // 
            
            
            
            CNNVD: CNNVD-201705-971 // 
            
            
            
            NVD: CVE-2017-6979

CREDITS
Ian Beer of Google Project Zero, Yangkang (@dnpushme) of Qihoo360 Qex Team, OSS-Fuzz, Adam Donenfeld of Zimperium zLabs and Patrick Wardle of Synack.
Trust: 0.3
sources:
            
            
            BID: 98468

SOURCES
db:VULHUBid:VHN-115182
db:BIDid:98468
db:JVNDBid:JVNDB-2017-003805
db:PACKETSTORMid:142510
db:PACKETSTORMid:142509
db:CNNVDid:CNNVD-201705-971
db:NVDid:CVE-2017-6979

LAST UPDATE DATE
2024-11-23T20:27:28.864000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115182date:2019-10-03T00:00:00
db:BIDid:98468date:2017-05-23T16:28:00
db:JVNDBid:JVNDB-2017-003805date:2017-06-08T00:00:00
db:CNNVDid:CNNVD-201705-971date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6979date:2024-11-21T03:30:54.637

SOURCES RELEASE DATE
db:VULHUBid:VHN-115182date:2017-05-22T00:00:00
db:BIDid:98468date:2017-05-15T00:00:00
db:JVNDBid:JVNDB-2017-003805date:2017-06-08T00:00:00
db:PACKETSTORMid:142510date:2017-05-15T23:23:23
db:PACKETSTORMid:142509date:2017-05-15T19:32:22
db:CNNVDid:CNNVD-201705-971date:2017-05-24T00:00:00
db:NVDid:CVE-2017-6979date:2017-05-22T05:29:02.677