SB2017051518 - Multiple vulnerabilities in Apple iOS

Description

This security bulletin contains information about 33 secuirty vulnerabilities.

1) Denial of service (CVE-ID: CVE-2017-2495)

The vulnerability allows a remote attacker to cause DoS conditions on the target device.

The weakness exists due to a memory handling error in Safari's history menu. A remote attacker can create a specially crafted webpage, trick the victim into visiting it and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Memory corruption (CVE-ID: CVE-2017-2536)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

3) Memory corruption (CVE-ID: CVE-2017-2505)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2017-2506)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

5) Memory corruption (CVE-ID: CVE-2017-2514)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

6) Memory corruption (CVE-ID: CVE-2017-2515)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

7) Memory corruption (CVE-ID: CVE-2017-2521)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

8) Memory corruption (CVE-ID: CVE-2017-2525)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

9) Memory corruption (CVE-ID: CVE-2017-2526)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

10) Memory corruption (CVE-ID: CVE-2017-2530)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

11) Memory corruption (CVE-ID: CVE-2017-2531)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

12) Memory corruption (CVE-ID: CVE-2017-2538)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

13) Memory corruption (CVE-ID: CVE-2017-2544)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

14) Memory corruption (CVE-ID: CVE-2017-2547)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

15) Memory corruption (CVE-ID: CVE-2017-6980)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

16) Memory corruption (CVE-ID: CVE-2017-6984)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit component when processing maliciously web content. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

17) Memory corruption (CVE-ID: CVE-2017-2499)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the WebKit Web Inspector component. A run a specially crafted application and  execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

18) Cross-site scripting (CVE-ID: CVE-2017-2504)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to a logic error in the WebKit component. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

19) Cross-site scripting (CVE-ID: CVE-2017-2508)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to a logic error in the WebKit component. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

20) Cross-site scripting (CVE-ID: CVE-2017-2528)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to a logic error in the WebKit component. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

21) Cross-site scripting (CVE-ID: CVE-2017-2549)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to a logic error in the WebKit component. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

22) Open redirect (CVE-ID: CVE-2017-2497)

The vulnerability allows a remote attacker to perform phishing attacks.

The weakness exists due to improper validation of user-supplied data used to redirect visitors to external pages. A remote attacker can create a specially crafted ebook, trick the victim into opening it and redirect a user to a malicious Web site that would appear to be trusted and obtain potentially sensitive information.

Successful exploitation of the vulnerability will allow to steal valid user's credentials and use the information to conduct further attacks.

23) Authentication bypass (CVE-ID: CVE-2017-2498)

The vulnerability allows a remote attacker to bypass authentication on the target system.

The weakness exists due to an unspecified certificate validation error in the Security component. A remote attacker can send a specially crafted certificate and bypass authentication to access the system.

Successful exploitation of the vulnerability may result in conducting of further attacks.

24) Race condition (CVE-ID: CVE-2017-2501)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to race condition in kernel when processing a malicious application. A local attacker can run a specially crafted application to execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

25) Information disclosure (CVE-ID: CVE-2017-2502)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due improper input validation in the CoreAudio component. A local attacker can run a specially crafted application to read restricted memory.

Successful exploitation of the vulnerability results in information disclosure.

26) Information disclosure (CVE-ID: CVE-2017-2507)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due lack of bounds checking in netagent socket option handling. A local attacker can run a specially crafted application to read kernel memory.

Successful exploitation of the vulnerability results in information disclosure.

27) Information disclosure (CVE-ID: CVE-2017-6987)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due improper input validation in the kernel. A local attacker can run a specially crafted application to read restricted memory.

Successful exploitation of the vulnerability results in information disclosure.

28) Buffer overflow (CVE-ID: CVE-2017-2518)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when processing SQL queries. A remote attacker can send specially crafted SQL queries, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over affected system.

29) Use-after-free error (CVE-ID: CVE-2017-2513)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing SQL queries. A remote attacker can send specially crafted SQL queries, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over affected system.

30) Buffer overflow (CVE-ID: CVE-2017-2520)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow when processing SQL queries. A remote attacker can send specially crafted SQL queries, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over affected system.

31) Memory corruption (CVE-ID: CVE-2017-2519)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing SQL queries. A remote attacker can send specially crafted SQL queries, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over affected system.

32) Heap-based buffer overflow (CVE-ID: CVE-2017-2524)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the TextInput component when parsing malicious content. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over affected system.

33) Memory corruption (CVE-ID: CVE-2017-6979)

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to boundary error in the IOSurface component when parsing malicious content. A local attacker can run a specially crafted application to gain kernel privileges.

Successful exploitation of the vulnerability results in full access to the system.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT207798