Multiple vulnerabilities in Apple macOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 36 |
| CVE-ID | CVE-2017-13782 CVE-2017-13786 CVE-2017-13800 CVE-2017-13801 CVE-2017-13807 CVE-2017-13808 CVE-2017-13809 CVE-2017-13810 CVE-2017-13811 CVE-2017-13812 CVE-2017-13813 CVE-2017-13814 CVE-2017-13815 CVE-2017-13816 CVE-2017-13817 CVE-2017-13818 CVE-2017-13819 CVE-2017-13820 CVE-2017-13821 CVE-2017-13822 CVE-2017-13823 CVE-2017-13824 CVE-2017-13825 CVE-2017-13828 CVE-2017-13830 CVE-2017-13831 CVE-2017-13832 CVE-2017-13834 CVE-2017-13836 CVE-2017-13838 CVE-2017-13840 CVE-2017-13841 CVE-2017-13842 CVE-2017-13843 CVE-2017-13846 CVE-2017-7132 |
| CWE-ID | CWE-20 CWE-284 CWE-119 CWE-264 CWE-120 CWE-125 CWE-79 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
macOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU9064
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13782
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the kernel component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU9043
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13786
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to a DMA access control flaw in the APFS component. A local attacker with a connected Thunderbolt adapter can recover unencrypted APFS filesystem data.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU9045
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13800
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the APFS component. A remote attacker can execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU9051
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13801
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the Dictionary Widget component. A remote user can supply a specially crafted input to access arbitrary files.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU9048
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13807
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the Audio component. A remote attacker can execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU9062
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13808
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the Remote Management component. A remote attacker can execute arbitrary code with system privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU9044
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13809
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a input validation flaw in the AppleScript component. A remote attacker can create specially crafted AppleScript that, trick the victim into decompiling it with osadecompile and execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU9072
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13810
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a permissions error in packet counters in the kernel component. A local attacker can gain access to arbitrary data.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU9053
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13811
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the fsck_msdos component. A remote attacker can execute arbitrary code with system privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU9060
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13812
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the libarchive component. A remote attacker can execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU9058
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13813
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a buffer overflow in the libarchive component. A remote attacker can execute arbitrary code with elevated privileges.
Update to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory corruption
EUVDB-ID: #VU9055
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13814
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the ImageIO component. A remote attacker can execute arbitrary code with system privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security restrictions bypass
EUVDB-ID: #VU9074
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13815
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to multiple issues in file. A remote attacker can gain access to the system.
Update to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU9059
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13816
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a buffer overflow in the libarchive component. A remote attacker can execute arbitrary code with elevated privileges.
Update to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU9073
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13817
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an out-of-bounds read error in the the kernel component. A local attacker can gain access to arbitrary data.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU9065
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the kernel component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Cross-site scripting
EUVDB-ID: #VU9075
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13819
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the HelpViewer component due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU9047
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13820
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a memory corruption error in the ATS component. A remote user can trick the victim into processing a specially crafted font and gain access to arbitrary data.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU9049
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13821
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the CFString component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU9070
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13822
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the Quick Look component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU9071
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13823
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the QuickTime component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory corruption
EUVDB-ID: #VU9046
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13824
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the Open Scripting Architecture component. A remote attacker can create specially crafted AppleScript that, trick the victim into decompiling it with osadecompile and execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory corruption
EUVDB-ID: #VU9050
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13825
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the CoreText component. A remote attacker can execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Spoofing attack
EUVDB-ID: #VU9052
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13828
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct spoofing attack on the target system.
The weakness exists due to a font rendering flaw in the Fonts component. A remote user can spoof user interface elements and access arbitrary data.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Memory corruption
EUVDB-ID: #VU9054
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13830
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the HFS component. A remote attacker can execute arbitrary code with system privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory corruption
EUVDB-ID: #VU9076
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13831
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a memory management error in the ImageIO component. A remote attacker can trick the victim into loading a specially crafted image, trigger memory corruption and cause the application to crash.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Security restrictions bypass
EUVDB-ID: #VU9042
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13832
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the TLS 1.0 protocol in the 802.1X component. A remote attacker can bypass security restrictions.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory corruption
EUVDB-ID: #VU9057
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13834
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the kernel component. A remote attacker can trick the victim into loading a specially crafted mach binary and execute arbitrary code with kernel privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU9066
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13836
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the kernel component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory corruption
EUVDB-ID: #VU9063
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13838
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the Sandbox component. A remote attacker can execute arbitrary code with system privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper input validation
EUVDB-ID: #VU9067
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13840
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the kernel component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU9068
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13841
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the kernel component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU9069
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13842
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an input validation flaw in the the kernel component. A remote user can supply a specially crafted input to read restricted memory.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory corruption
EUVDB-ID: #VU9056
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the kernel component. A remote attacker can execute arbitrary code with kernel privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Security restrictions bypass
EUVDB-ID: #VU9077
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13846
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to multiple issues in pcre. A remote attacker can gain access to the system.
Update to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Memory corruption
EUVDB-ID: #VU9061
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7132
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a memory corruption error in the Quick Look component. A remote attacker can execute arbitrary code with elevated privileges.
MitigationUpdate to version 10.13.1.
macOS: 10.12.4 16E195 - 10.12.6 16G29
External linkshttp://support.apple.com/en-us/HT208221
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
