Details of VAR-201711-0444

ID

VAR-201711-0444

CVE

CVE-2017-13852

TITLE

plural Apple Vulnerabilities that allow arbitrary application monitoring in product kernel components

Trust: 0.8

sources: JVNDB: JVNDB-2017-010337

DESCRIPTION

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.1; macOS High Sierra prior to 10.13.1; tvOS prior to 11.1; watchOS prior to 4.1

Trust: 1.8

sources: NVD: CVE-2017-13852 // JVNDB: JVNDB-2017-010337 // VULHUB: VHN-104516 // VULMON: CVE-2017-13852

AFFECTED PRODUCTS

vendor:	apple	model:	tvos	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	4.1	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	11.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.1 (ipad air or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.1 (iphone 5s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	11.1 (ipod touch first 6 generation )	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.1 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	11.1 (apple tv first 4 generation )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	4.1 (apple watch all models )	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.2	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.0	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.3	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.8.5	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.1	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.4	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9	Trust: 0.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.2	Trust: 0.6

sources: JVNDB: JVNDB-2017-010337 // CNNVD: CNNVD-201711-391 // NVD: CVE-2017-13852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13852
value:	LOW
Trust: 1.0
NVD:	CVE-2017-13852
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201711-391
value:	LOW
Trust: 0.6
VULHUB:	VHN-104516
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-13852
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13852
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-104516
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13852
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104516 // VULMON: CVE-2017-13852 // JVNDB: JVNDB-2017-010337 // CNNVD: CNNVD-201711-391 // NVD: CVE-2017-13852

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-104516 // JVNDB: JVNDB-2017-010337 // NVD: CVE-2017-13852

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-391

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-391

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010337

PATCH

title:	Apple security updates	url:	https://support.apple.com/en-us/HT201222	Trust: 0.8
title:	HT208221	url:	https://support.apple.com/en-us/HT208221	Trust: 0.8
title:	HT208222	url:	https://support.apple.com/en-us/HT208222	Trust: 0.8
title:	HT208219	url:	https://support.apple.com/en-us/HT208219	Trust: 0.8
title:	HT208220	url:	https://support.apple.com/en-us/HT208220	Trust: 0.8
title:	HT208219	url:	https://support.apple.com/ja-jp/HT208219	Trust: 0.8
title:	HT208220	url:	https://support.apple.com/ja-jp/HT208220	Trust: 0.8
title:	HT208221	url:	https://support.apple.com/ja-jp/HT208221	Trust: 0.8
title:	HT208222	url:	https://support.apple.com/ja-jp/HT208222	Trust: 0.8
title:	Multiple Apple product Kernel Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76259	Trust: 0.6

sources: JVNDB: JVNDB-2017-010337 // CNNVD: CNNVD-201711-391

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13852	Trust: 2.6
db:	JVN	id:	JVNVU99000953	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010337	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-391	Trust: 0.7
db:	VULHUB	id:	VHN-104516	Trust: 0.1
db:	VULMON	id:	CVE-2017-13852	Trust: 0.1

sources: VULHUB: VHN-104516 // VULMON: CVE-2017-13852 // JVNDB: JVNDB-2017-010337 // CNNVD: CNNVD-201711-391 // NVD: CVE-2017-13852

REFERENCES

url:	https://support.apple.com/ht208219	Trust: 1.8
url:	https://support.apple.com/ht208220	Trust: 1.8
url:	https://support.apple.com/ht208221	Trust: 1.8
url:	https://support.apple.com/ht208222	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13852	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99000953/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13852	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-104516 // VULMON: CVE-2017-13852 // JVNDB: JVNDB-2017-010337 // CNNVD: CNNVD-201711-391 // NVD: CVE-2017-13852

SOURCES

db:	VULHUB	id:	VHN-104516
db:	VULMON	id:	CVE-2017-13852
db:	JVNDB	id:	JVNDB-2017-010337
db:	CNNVD	id:	CNNVD-201711-391
db:	NVD	id:	CVE-2017-13852

LAST UPDATE DATE

2024-11-23T19:54:30.113000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104516	date:	2019-03-08T00:00:00
db:	VULMON	id:	CVE-2017-13852	date:	2019-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-010337	date:	2017-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201711-391	date:	2019-03-13T00:00:00
db:	NVD	id:	CVE-2017-13852	date:	2024-11-21T03:11:48.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104516	date:	2017-11-13T00:00:00
db:	VULMON	id:	CVE-2017-13852	date:	2017-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2017-010337	date:	2017-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201711-391	date:	2017-11-15T00:00:00
db:	NVD	id:	CVE-2017-13852	date:	2017-11-13T03:29:02.473