ID

VAR-201710-1368

CVE

CVE-2017-7120

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple arbitrary-code execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-25-3 Additional information for APPLE-SA-2017-09-19-2 Safari 11 Safari 11 addresses the following: Safari Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7081: Apple Entry added September 25, 2017 WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7090: Apple Entry added September 25, 2017 WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7109: avlidienbrunn Entry added September 25, 2017 WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. Installation note: Safari 11 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRG/OcQAMYUtsjsKZSQngaIfrbsJJws 0FyAha36FHpQgo4EJ7sREcm31esSdE7DHoPG/8sG6WyP+H298kAAt7ZxedyBR17P FmF5L6yr1CcuvVNI3fj8hA278tUF6MMPU3/PQiIrmRvWwjkQ50ZJvP8yAPqKsMhJ +VhBFTgkGlg6Nb7baiT1pr6u/u0+MqsNaLiyWgz1GbTL9gOykKvl+hZMjOTWACzJ eMr0XJSs6n8AcpxL/VDjhHJXucDckJUsW3DrtVC8DGWxCMHXYxQNjADVhuD/tme/ qfEvAdKDXk43Y2YZkpch6qExW6eC2HVKWCb3VVTtYxHiPSklhc1rBSNIXqQxP5vD EVdqFDhx0jMhAH9wjQUaVpwQ2TWzxtdfuPLOr4v9e46e3zunnB8h5uCQt21LfQnH e6KtinCcCjONkrrF1OMRyDX28vHGB69djTb4mCVDEHalq66BIh6o8vJpo7rSHATt BO64xKKzwChaOzmBiWE60d3x6AWCfBwfKWy0iTCfSGlrVs3EWknK1bTQ8dUqdE02 x60GzQwvVhAgR8czyHtdCHK9Fym+SkixusyiHnvWOaJl/D1TE96Ng/XL83L/2TK6 YxO0GEf2KDbewr8uJg9gO5Dv433YY47unyRi1DrTjrjuE07RWs5nBLSXGBzx1Nvc lOJZilco7jGI/wBK51Jf =7GkF -----END PGP SIGNATURE----- . ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0008 ------------------------------------------------------------------------ Date reported : October 18, 2017 Advisory ID : WSA-2017-0008 Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. Several vulnerabilities were discovered in WebKitGTK+. Credit to Apple. Description: A memory corruption issue was addressed through improved input validation. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Credit to Apple. Impact: Cookies belonging to one origin may be sent to another origin. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. Credit to Wei Yuan of Baidu Security Lab working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Samuel Gro and Niklas Baumstark working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to avlidienbrunn. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: Application Cache policy may be unexpectedly applied. Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: Website data may persist after a Safari Private browsing session. Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, October 18, 2017 . ========================================================================== Ubuntu Security Notice USN-3460-1 October 23, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3460-1 CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Wang Junjie, Wei Lei, and Liu Yang of Nanyang,Wei Yuan of Baidu Security Lab,lokihardt of Google Project Zero,chenqin (??) of Ant-financial Light-Year Security Lab.

SOURCES

LAST UPDATE DATE

2024-11-23T19:52:38.999000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE