Sign-up

ID

VAR-201706-0390


CVE

CVE-2017-2491


TITLE

Apple iOS of Safari of JavaScriptCore of String.replace Vulnerability in arbitrary code execution in method

Trust: 0.8

sources: JVNDB: JVNDB-2017-005198

DESCRIPTION

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the String.replace method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Both Apple Safari and iOS are products of the American company Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices. JavaScriptCore is one of those frameworks

Trust: 2.7

sources: NVD: CVE-2017-2491 // JVNDB: JVNDB-2017-005198 // ZDI: ZDI-17-321 // BID: 98316 // VULHUB: VHN-110694 // VULMON: CVE-2017-2491

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:lteversion:10.2.1

Trust: 1.0

vendor:applemodel:iosscope:ltversion:10.3 (ipad first 4 after generation )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (iphone 5 or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:10.3 (ipod touch first 6 after generation )

Trust: 0.8

vendor:applemodel:safariscope: - version: -

Trust: 0.7

vendor:applemodel:iphone osscope:eqversion:10.2.1

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.10.5

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:neversion:10.3

Trust: 0.3

sources: ZDI: ZDI-17-321 // BID: 98316 // JVNDB: JVNDB-2017-005198 // CNNVD: CNNVD-201705-407 // NVD: CVE-2017-2491

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2491
value: HIGH

Trust: 1.0

NVD: CVE-2017-2491
value: HIGH

Trust: 0.8

ZDI: CVE-2017-2491
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-201705-407
value: HIGH

Trust: 0.6

VULHUB: VHN-110694
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-2491
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2491
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

VULHUB: VHN-110694
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2491
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: ZDI: ZDI-17-321 // VULHUB: VHN-110694 // VULMON: CVE-2017-2491 // JVNDB: JVNDB-2017-005198 // CNNVD: CNNVD-201705-407 // NVD: CVE-2017-2491

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-110694 // JVNDB: JVNDB-2017-005198 // NVD: CVE-2017-2491

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-407

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201705-407

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005198

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-110694 // 
            
            
            
            VULMON: CVE-2017-2491

PATCH
title:HT207617url:https://support.apple.com/en-us/HT207617
Trust: 1.5
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT207617url:https://support.apple.com/ja-jp/HT207617
Trust: 0.8
title:Apple Safari  and iOS JavaScriptCore Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69948
Trust: 0.6
title:PegMii-Boogaloourl:https://github.com/hedgeberg/PegMii-Boogaloo 
Trust: 0.1
title:OSG-macOS/iOS Security Group Translation Team
翻译团队url:https://github.com/r0ysue/OSG-TranslationTeam 
Trust: 0.1
title:Case Study of JavaScript Engine Vulnerabilitiesurl:https://github.com/tunz/js-vuln-db 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-321 // 
            
            
            
            VULMON: CVE-2017-2491 // 
            
            
            
            JVNDB: JVNDB-2017-005198 // 
            
            
            
            CNNVD: CNNVD-201705-407

EXTERNAL IDS
db:NVDid:CVE-2017-2491
Trust: 3.6
db:ZDIid:ZDI-17-321
Trust: 2.8
db:BIDid:98316
Trust: 2.1
db:EXPLOIT-DBid:41964
Trust: 1.8
db:JVNid:JVNVU90482935
Trust: 0.8
db:JVNDBid:JVNDB-2017-005198
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4578
Trust: 0.7
db:CNNVDid:CNNVD-201705-407
Trust: 0.7
db:SEEBUGid:SSVID-93079
Trust: 0.1
db:VULHUBid:VHN-110694
Trust: 0.1
db:VULMONid:CVE-2017-2491
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-321 // 
            
            
            
            VULHUB: VHN-110694 // 
            
            
            
            VULMON: CVE-2017-2491 // 
            
            
            
            BID: 98316 // 
            
            
            
            JVNDB: JVNDB-2017-005198 // 
            
            
            
            CNNVD: CNNVD-201705-407 // 
            
            
            
            NVD: CVE-2017-2491

REFERENCES
url:https://support.apple.com/en-us/ht207617
Trust: 2.8
url:http://www.securityfocus.com/bid/98316
Trust: 1.9
url:https://www.exploit-db.com/exploits/41964/
Trust: 1.9
url:http://www.zerodayinitiative.com/advisories/zdi-17-321
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2491
Trust: 0.8
url:http://jvn.jp/vu/jvnvu90482935/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2491
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-17-321/
Trust: 0.3
url:https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://github.com/hedgeberg/pegmii-boogaloo
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-17-321 // 
            
            
            
            VULHUB: VHN-110694 // 
            
            
            
            VULMON: CVE-2017-2491 // 
            
            
            
            BID: 98316 // 
            
            
            
            JVNDB: JVNDB-2017-005198 // 
            
            
            
            CNNVD: CNNVD-201705-407 // 
            
            
            
            NVD: CVE-2017-2491

CREDITS
Samuel Groß and Niklas Baumstark
Trust: 0.7
sources:
            
            
            ZDI: ZDI-17-321

SOURCES
db:ZDIid:ZDI-17-321
db:VULHUBid:VHN-110694
db:VULMONid:CVE-2017-2491
db:BIDid:98316
db:JVNDBid:JVNDB-2017-005198
db:CNNVDid:CNNVD-201705-407
db:NVDid:CVE-2017-2491

LAST UPDATE DATE
2024-11-23T20:26:41.087000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-17-321date:2017-05-04T00:00:00
db:VULHUBid:VHN-110694date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-2491date:2019-10-03T00:00:00
db:BIDid:98316date:2017-05-23T16:23:00
db:JVNDBid:JVNDB-2017-005198date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201705-407date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2491date:2024-11-21T03:23:38.047

SOURCES RELEASE DATE
db:ZDIid:ZDI-17-321date:2017-05-04T00:00:00
db:VULHUBid:VHN-110694date:2017-06-27T00:00:00
db:VULMONid:CVE-2017-2491date:2017-06-27T00:00:00
db:BIDid:98316date:2017-05-04T00:00:00
db:JVNDBid:JVNDB-2017-005198date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201705-407date:2017-05-10T00:00:00
db:NVDid:CVE-2017-2491date:2017-06-27T20:29:00.980