Sign-up

ID

VAR-201710-1362


CVE

CVE-2017-7114


TITLE

plural Apple Vulnerability in the kernel component of a product that allows arbitrary code execution in privileged contexts

Trust: 0.8

sources: JVNDB: JVNDB-2017-009317

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: versions prior to Apple iOS 11; versions prior to macOS High Sierra 10.13; versions prior to tvOS 11; versions prior to watchOS 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 macOS High Sierra 10.13 is now available and addresses the following: Application Firewall Available for: OS X Lion v10.8 and later Impact: A previously denied application firewall setting may take effect after upgrading Description: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades. CVE-2017-7084: an anonymous researcher AppSandbox Available for: OS X Lion v10.8 and later Impact: An application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7074: Daniel Jalkut of Red Sweater Software Captive Network Assistant Available for: OS X Lion v10.8 and later Impact: A local user may unknowingly send a password unencrypted over the network Description: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state. CVE-2017-7143: an anonymous researcher CFNetwork Proxies Available for: OS X Lion v10.8 and later Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc. CoreAudio Available for: OS X Lion v10.8 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro Directory Utility Available for: OS X Lion v10.8 and later Impact: A local attacker may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. CVE-2017-7138: an anonymous researcher file Available for: OS X Lion v10.8 and later Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.30. CVE-2017-7121: found by OSS-Fuzz CVE-2017-7122: found by OSS-Fuzz CVE-2017-7123: found by OSS-Fuzz CVE-2017-7124: found by OSS-Fuzz CVE-2017-7125: found by OSS-Fuzz CVE-2017-7126: found by OSS-Fuzz Heimdal Available for: OS X Lion v10.8 and later Impact: An attacker in a privileged network position may be able to impersonate a service Description: A validation issue existed in the handling of the KDC- REP service name. This issue was addressed through improved validation. CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams IOFireWireFamily Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7077: Brandon Azad IOFireWireFamily Available for: OS X Lion v10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX Kernel Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity libc Available for: OS X Lion v10.8 and later Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google libc Available for: OS X Lion v10.8 and later Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373 libexpat Available for: OS X Lion v10.8 and later Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233 Mail Available for: OS X Lion v10.8 and later Impact: The sender of an email may be able to determine the IP address of the recipient Description: Turning off "Load remote content in messages" did not apply to all mailboxes. This issue was addressed with improved setting propagation. CVE-2017-7141: an anonymous researcher Mail Drafts Available for: OS X Lion v10.8 and later Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted. CVE-2017-7078: an anonymous researcher, an anonymous researcher, an anonymous researcher ntp Available for: OS X Lion v10.8 and later Impact: Multiple issues in ntp Description: Multiple issues were addressed by updating to version 4.2.8p10 CVE-2017-6451: Cure53 CVE-2017-6452: Cure53 CVE-2017-6455: Cure53 CVE-2017-6458: Cure53 CVE-2017-6459: Cure53 CVE-2017-6460: Cure53 CVE-2017-6462: Cure53 CVE-2017-6463: Cure53 CVE-2017-6464: Cure53 CVE-2016-9042: Matthew Van Gundy of Cisco Screen Lock Available for: OS X Lion v10.8 and later Impact: Application Firewall prompts may appear over Login Window Description: A window management issue was addressed through improved state management. CVE-2017-7082: Tim Kingman Security Available for: OS X Lion v10.8 and later Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation. CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher, an anonymous researcher SQLite Available for: OS X Lion v10.8 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz SQLite Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher WebKit Available for: OS X Lion v10.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2017-7144: an anonymous researcher zlib Available for: OS X Lion v10.8 and later Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Additional recognition Security We would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance. Installation note: macOS 10.13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGmSEP/0wgqASRSNneoBx/AMLk0Qac mZhI8HuyJRTFwCOT7P7vkZTmoxtyOOdh4XaInvKMsW5I2G64YEmW86pcofHwdOTz TSWIAdus34xErUZ13rMzfg8Z3XAberG1E31QU2y2EXenpJSZIL8nzLgt8ySPVyzu PrQJxGxCMq1WAOSemGe+4rK2rMwpw5UDZyTbNPDi6lfKz0ZmtfvBzrgBq2xhA9iF /2NVs5rRog38N6F6xR6GNqi0dVoZmh1umQINh9nzTn8crbSuI3ixRtQYxstxU91/ 0wrgV03YF297n6bwVhawEDPU8obZzFgQRiKOjghE6h4YBVccWxMI9n42PwVc+G/Z X48wuSavpOEV6WEC+hWtALl/W73uH3jF2iK8rPBcDENheRlFi/y5+XeOK8TGJftS 6raj+IgbgERaY3uXcRoi0mLflpzxvGBYlTiJRRj7H7HFZO6v14hYyEMVrWmhFUiZ Xgy/qxHdWd/NW4AZz8Ke+ZMaJr21DozzI8ejug9shD7O/N31ZNq2qsNmxEweCPvt yMauTPAUutApHTEUXfwCdOy+ZGgTtWDnOC+g3ezkAOdigvjFcwlFH0Sbjxnhxbbp LVLz7tHwyKa5Xcwet0ZRH3WCHBsTzzkpsgxoyEMabE2KGS461uZw20t2uZozNsV0 bniy26PJZ5xGrFOSZYUa =wBKW -----END PGP SIGNATURE----- . CVE-2017-7103: Gal Beniamini of Google Project Zero CVE-2017-7105: Gal Beniamini of Google Project Zero CVE-2017-7108: Gal Beniamini of Google Project Zero CVE-2017-7110: Gal Beniamini of Google Project Zero CVE-2017-7112: Gal Beniamini of Google Project Zero Wi-Fi Available for: All Apple Watch models Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.25

sources: NVD: CVE-2017-7114 // JVNDB: JVNDB-2017-009317 // BID: 100990 // VULHUB: VHN-115317 // VULMON: CVE-2017-7114 // PACKETSTORM: 144366 // PACKETSTORM: 144370

AFFECTED PRODUCTS

vendor:applemodel:tvosscope:lteversion:10.2.2

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.12.6

Trust: 1.0

vendor:applemodel:watchosscope:lteversion:3.2.3

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:10.3.3

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:3.2.3

Trust: 0.9

vendor:applemodel:mac os xscope:ltversion:10.8 or later 10.13

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (ipad air or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (iphone 5s or later )

Trust: 0.8

vendor:applemodel:iosscope:ltversion:11 (ipod touch first 6 generation )

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:11 (apple tv first 4 generation )

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:4 (apple watch all models )

Trust: 0.8

vendor:applemodel:tvscope:eqversion:10.2.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:10.3.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 0.6

vendor:applemodel:iosscope:eqversion:30

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:watchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.3

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.4

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:40

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10

Trust: 0.3

vendor:applemodel:watchosscope:neversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.4.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.1

Trust: 0.3

vendor:applemodel:tvscope:eqversion:0

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:50

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.1.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:iosscope:neversion:11

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.5

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.1.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:tvosscope:neversion:11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.5

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:10.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.1.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.0.1

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:9.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:8.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:10.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:watchosscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:tvosscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:7.0.1

Trust: 0.3

sources: BID: 100990 // JVNDB: JVNDB-2017-009317 // CNNVD: CNNVD-201710-1083 // NVD: CVE-2017-7114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7114
value: HIGH

Trust: 1.0

NVD: CVE-2017-7114
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201710-1083
value: HIGH

Trust: 0.6

VULHUB: VHN-115317
value: HIGH

Trust: 0.1

VULMON: CVE-2017-7114
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7114
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-115317
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7114
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115317 // VULMON: CVE-2017-7114 // JVNDB: JVNDB-2017-009317 // CNNVD: CNNVD-201710-1083 // NVD: CVE-2017-7114

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-115317 // JVNDB: JVNDB-2017-009317 // NVD: CVE-2017-7114

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201710-1083

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-1083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009317

PATCH
title:Apple security updatesurl:https://support.apple.com/en-us/HT201222
Trust: 0.8
title:HT208115url:https://support.apple.com/en-us/HT208115
Trust: 0.8
title:HT208144url:https://support.apple.com/en-us/HT208144
Trust: 0.8
title:HT208112url:https://support.apple.com/en-us/HT208112
Trust: 0.8
title:HT208113url:https://support.apple.com/en-us/HT208113
Trust: 0.8
title:HT208112url:https://support.apple.com/ja-jp/HT208112
Trust: 0.8
title:HT208113url:https://support.apple.com/ja-jp/HT208113
Trust: 0.8
title:HT208115url:https://support.apple.com/ja-jp/HT208115
Trust: 0.8
title:HT208144url:https://support.apple.com/ja-jp/HT208144
Trust: 0.8
title:Multiple Apple product Kernel Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75942
Trust: 0.6
title:Apple: macOS High Sierra 10.13url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=dc5ef303c64758e2c6d76a32028764e1
Trust: 0.1
title:Apple: watchOS 4url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=ab83a1accc04e07941acff281502d6ab
Trust: 0.1
title:Apple: iOS 11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=041cce4eee20b18dc79e9460a53e8400
Trust: 0.1
title:Apple: tvOS 11url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=74de8bbddd443742d386dabda32dc2ae
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-7114 // 
            
            
            
            JVNDB: JVNDB-2017-009317 // 
            
            
            
            CNNVD: CNNVD-201710-1083

EXTERNAL IDS
db:NVDid:CVE-2017-7114
Trust: 3.1
db:BIDid:100990
Trust: 2.1
db:SECTRACKid:1039427
Trust: 1.8
db:JVNid:JVNVU99806334
Trust: 0.8
db:JVNDBid:JVNDB-2017-009317
Trust: 0.8
db:CNNVDid:CNNVD-201710-1083
Trust: 0.7
db:VULHUBid:VHN-115317
Trust: 0.1
db:VULMONid:CVE-2017-7114
Trust: 0.1
db:PACKETSTORMid:144366
Trust: 0.1
db:PACKETSTORMid:144370
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115317 // 
            
            
            
            VULMON: CVE-2017-7114 // 
            
            
            
            BID: 100990 // 
            
            
            
            JVNDB: JVNDB-2017-009317 // 
            
            
            
            PACKETSTORM: 144366 // 
            
            
            
            PACKETSTORM: 144370 // 
            
            
            
            CNNVD: CNNVD-201710-1083 // 
            
            
            
            NVD: CVE-2017-7114

REFERENCES
url:http://www.securityfocus.com/bid/100990
Trust: 1.9
url:https://support.apple.com/ht208112
Trust: 1.8
url:https://support.apple.com/ht208113
Trust: 1.8
url:https://support.apple.com/ht208115
Trust: 1.8
url:https://support.apple.com/ht208144
Trust: 1.8
url:http://www.securitytracker.com/id/1039427
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7114
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7114
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99806334/index.html
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:http://www.apple.com/ios/
Trust: 0.3
url:http://www.apple.com/accessibility/tvos/
Trust: 0.3
url:http://www.apple.com/watchos-2/
Trust: 0.3
url:https://support.apple.com/kb/ht201222
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-10989
Trust: 0.2
url:https://gpgtools.org
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-7080
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-0381
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2016-9842
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-1000373
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-7083
Trust: 0.2
url:https://www.apple.com/support/security/pgp/
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2016-9840
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2016-9063
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2016-9841
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2017-7086
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2016-9843
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://support.apple.com/kb/ht208144
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7078
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6451
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6460
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7077
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6459
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6458
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7074
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-11103
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-9042
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6463
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7082
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6455
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6452
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6462
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7084
Trust: 0.1
url:https://www.apple.com/support/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6464
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-9233
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7112
Trust: 0.1
url:https://support.apple.com/kb/ht204641
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7130
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7110
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7129
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7108
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7128
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7127
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7103
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7116
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-7105
Trust: 0.1
sources:
            
            
            VULHUB: VHN-115317 // 
            
            
            
            VULMON: CVE-2017-7114 // 
            
            
            
            BID: 100990 // 
            
            
            
            JVNDB: JVNDB-2017-009317 // 
            
            
            
            PACKETSTORM: 144366 // 
            
            
            
            PACKETSTORM: 144370 // 
            
            
            
            CNNVD: CNNVD-201710-1083 // 
            
            
            
            NVD: CVE-2017-7114

CREDITS
Alex Plaskett of MWR InfoSecurity, An anonymous researcher and Russ Cox of Google.
Trust: 0.3
sources:
            
            
            BID: 100990

SOURCES
db:VULHUBid:VHN-115317
db:VULMONid:CVE-2017-7114
db:BIDid:100990
db:JVNDBid:JVNDB-2017-009317
db:PACKETSTORMid:144366
db:PACKETSTORMid:144370
db:CNNVDid:CNNVD-201710-1083
db:NVDid:CVE-2017-7114

LAST UPDATE DATE
2024-11-23T21:26:43.574000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115317date:2019-03-08T00:00:00
db:VULMONid:CVE-2017-7114date:2019-03-08T00:00:00
db:BIDid:100990date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009317date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-1083date:2019-03-13T00:00:00
db:NVDid:CVE-2017-7114date:2024-11-21T03:31:12.137

SOURCES RELEASE DATE
db:VULHUBid:VHN-115317date:2017-10-23T00:00:00
db:VULMONid:CVE-2017-7114date:2017-10-23T00:00:00
db:BIDid:100990date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2017-009317date:2017-11-09T00:00:00
db:PACKETSTORMid:144366date:2017-09-28T00:13:55
db:PACKETSTORMid:144370date:2017-09-28T00:21:17
db:CNNVDid:CNNVD-201710-1083date:2017-10-24T00:00:00
db:NVDid:CVE-2017-7114date:2017-10-23T01:29:12.923