ID

VAR-201709-0464

CVE

CVE-2017-14315

TITLE

Multiple Bluetooth implementation vulnerabilities affect many devices

DESCRIPTION

In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings. A collection of Bluetooth implementation vulnerabilities known as "BlueBorne" has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen, and may in worst case allow an unauthenticated attacker to perform commands on the device. Apple iOS and tvOS are prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service conditions. Following products and versions are vulnerable: Apple iOS 7 through 9.3.5 Apple tvOS. The vulnerability stems from the fact that the program does not correctly verify audio commands. An attacker could exploit this vulnerability to take control of the device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-5 Safari 12.1.1 Safari 12.1.1 is now available and addresses the following: WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.5 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.5 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Additional recognition Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance. Installation note: Safari 12.1.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUkpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EGGBAA jan3x6GxZzcawJskOhoEVDuZTcb19c+K9Q+jHPbG6szt2ChRkpZfN2fX+fqG8q7Y Itu63uFCfhWMKRbQrwIvzBceEUsNCbgiKNrIJGtEJkmvZjp84ETTjp5WYjMGCTCI 8pe/ij5TtFwJWWXKboO3rVfxfFcfI/67g/wx05l3h2YFoC9Fm52isUkycaAi0siP M4/nTeoA5BTAuv+7J6ohw5TgcYR8NEENpaVTQcUIMLyO3E/wlRcEoHLRtHnMjR89 CGwZg1/LIF/Ae3hJmg5O9PQMIDU6u8ILi/BVK4LGZ4u3x8Qfvg7fm556J6wBEUuP YZ2Mne5Gg1ayUGw/glTbpAkP1XFymvPloyC6/41r3b46X/nExXER86RC2uNJNNe3 8doCYGznFWWbsGBAAVrWut0sS80nOyjSpoAifkkhqZEXbo8pyvjqfGVGijwzcKcd iTdzhpcYahJ1WUIAIXbxjFlHJ8muFxyKrEuqrjnXqM+EjyYP/tu8VOCl2blTOGLP vPmF6ZBHoP3Dtqk9Z+XNusJFGWo7Nm+HLzXTyQsdbnGu8EnP6ywLHBrmBVu03men Os4rHHH1zueO42iPnATC60y9jvyFt2ofnQHCkPl7FdWS8Ek9nVgIhtzaLokrSQM7 TZ10USIZOmz/2BQs133z+fA30SgDUNDyMIE47x6x3HI= =bWtO -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote or local

TYPE

buffer error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Apple

SOURCES

LAST UPDATE DATE

2024-11-23T19:38:28.047000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE