ID

VAR-201710-1413

CVE

CVE-2017-7100

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to a same-origin policy security-bypass vulnerability and multiple memory-corruption vulnerabilities. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or bypass certain same-origin policy restrictions and obtain sensitive information; other attacks may also be possible. These issues affect the following technologies and versions: iCloud for Windows 7 Safari prior to 11 iOS prior to 11 tvOS prior to 11 iTunes for Windows prior to 12.7. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-25-6 Additional information for APPLE-SA-2017-09-20-3 tvOS 11 tvOS 11 addresses the following: CFNetwork Proxies Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc. Entry added September 25, 2017 CoreAudio Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro Entry added September 25, 2017 Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity Entry added September 25, 2017 libc Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google Entry added September 25, 2017 libc Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373 Entry added September 25, 2017 libexpat Available for: Apple TV (4th generation) Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233 Entry added September 25, 2017 Security Available for: Apple TV (4th generation) Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. CVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune Entry added September 25, 2017 SQLite Available for: Apple TV (4th generation) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz Entry added September 25, 2017 SQLite Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7109: avlidienbrunn Entry added September 25, 2017 Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-11120: Gal Beniamini of Google Project Zero CVE-2017-11121: Gal Beniamini of Google Project Zero Entry added September 25, 2017 Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7103: Gal Beniamini of Google Project Zero CVE-2017-7105: Gal Beniamini of Google Project Zero CVE-2017-7108: Gal Beniamini of Google Project Zero CVE-2017-7110: Gal Beniamini of Google Project Zero CVE-2017-7112: Gal Beniamini of Google Project Zero Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: Multiple race conditions were addressed through improved validation. CVE-2017-7115: Gal Beniamini of Google Project Zero Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7116: Gal Beniamini of Google Project Zero zlib Available for: Apple TV (4th generation) Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Entry added September 25, 2017 Additional recognition Security We would like to acknowledge Abhinav Bansal of Zscaler, Inc. for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZyUQgAAoJEIOj74w0bLRGmH0P/1rZBEQnrvLIzN5gACvcHV/C EKodfm/gKl7oLx6imZ+DB8/bihcvCGzrxAH6EOIfLaKS3kOpHoEU6FnfppxQfeh5 6YDyVbckCj7Z1WLsEJdjr69+BeCsuqmNs9uR00M3W4sAAZoBV22kTc1qqcsRBkI4 AuiqivNeLYn0ugJYG16IL59Owew8MhSrJNDrFPEL6ASiJX54pyLUvshRHbFvllzO XjhlScXBZ3n7LhEpWfwJHiS31p3Sqcxdi3UhY5j4zrwR+mWB2SJneo2C3rYGf/jq U/nwNMFJz2s9VLpvijPKrZ6f5P2VObPQbiZB0PKCXa9pJj62Z4xj4E/EcH6CM49o qRwWH87xFrjBdhGAzI1rUc2ytbCiz6rdlpELL4CNgGXKaaQNv88HSBVB3XEGzJYH wa4fq4eSBl/nxwo/tHroyHjL70LLFdbhtmCDO24Bp1lu4ukmH1TsM/k6S3GLxVCl SYLtwcTzE+V4iFaASWdFP2j87OxhdzA9XZqOfR9eU2ydNvWFIJ9+S1JaFEZYTJYy UFRJmvTFw910mq3Sf5G8JdBFu9MMOL/2UEaOyAzd29xK2TQKiTijd+Zlq1FJAIoF lezymTMM4ArlK1pmz3er9Jodh6Xj4Pse09NvwYxrZ1WPChAqV7C6ygBaib7CRTI6 zuNm/zMi6PIpOGbB5Wvh =YZ+q -----END PGP SIGNATURE----- . CVE-2017-7109: avlidienbrunn Entry added September 25, 2017 WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. Installation note: Safari 11 may be obtained from the Mac App Store. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0008 ------------------------------------------------------------------------ Date reported : October 18, 2017 Advisory ID : WSA-2017-0008 Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. Several vulnerabilities were discovered in WebKitGTK+. Credit to Apple. Description: A memory corruption issue was addressed through improved input validation. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Credit to Apple. Impact: Cookies belonging to one origin may be sent to another origin. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. Credit to Wei Yuan of Baidu Security Lab working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Samuel Gro and Niklas Baumstark working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to avlidienbrunn. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: Application Cache policy may be unexpectedly applied. Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: Website data may persist after a Safari Private browsing session. Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, October 18, 2017 . ========================================================================== Ubuntu Security Notice USN-3460-1 October 23, 2017 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS Summary: Several security issues were fixed in WebKitGTK+. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2 Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3460-1 CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Tim Michaud (@TimGMichaud) of Leviathan Security Group,Apple, and Liu Yang of Nanyang Technological Univ, Wang Junjie, Wei Yuan of Baidu Security Lab working with Trend Micro???s Zero Day Initiative, Masato Kinugawa and Mario Heiderich of Cure53, Wei Lei

SOURCES

LAST UPDATE DATE

2024-11-23T20:19:30.648000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE