SB2017120702 - Multiple vulnerabilities in Apple macOS/OS X

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017120702

SB2017120702 - Multiple vulnerabilities in Apple macOS/OS X

Published: December 7, 2017

Security Bulletin ID SB2017120702
Severity
Low
Patch available
YES
Number of vulnerabilities 20
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2017-13883)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Intel Graphics Driver component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Memory corruption (CVE-ID: CVE-2017-13847)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the IOKit component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Memory corruption (CVE-ID: CVE-2017-13862)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2017-13876)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Memory corruption (CVE-ID: CVE-2017-13867)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Out-of-bounds read (CVE-ID: CVE-2017-13875)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to out-of-bounds read in the Intel Graphics Driver component. A local attacker can use a specially crafted application, trigger out-of-bounds read and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Improper input validation (CVE-ID: CVE-2017-13848)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to improper input validation in the IOKit component. A local attacker can use a specially crafted application, trigger input validation flaw and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Improper input validation (CVE-ID: CVE-2017-13858)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to improper input validation in the IOKit component. A local attacker can use a specially crafted application, trigger input validation flaw and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

9) Improper input validation (CVE-ID: CVE-2017-13865)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

10) Improper input validation (CVE-ID: CVE-2017-13868)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

11) Improper input validation (CVE-ID: CVE-2017-13869)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

12) Out-of-bounds read (CVE-ID: CVE-2017-13833)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read in the kernel component. A local attacker can use a specially crafted application, trigger out-of-bounds read error and read arbitrary files.

13) Memory corruption (CVE-ID: CVE-2017-13855)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory handling error in the kernel component. A local attacker can use a specially crafted application, trigger memory handling error and read arbitrary files.

14) Information disclosure (CVE-ID: CVE-2017-13826)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a permissions error in the Screen Sharing Server component. A remote attacker with screen sharing access can trigger a permissions error and read files with root privileges.

15) Information disclosure (CVE-ID: CVE-2017-13860)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to encryption error. A remote attacker in a privileged network position can trigger an encryption error with S/MIME credentials in the Mail Drafts component to intercept mail.

16) Information disclosure (CVE-ID: CVE-2017-13871)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an inconsistent user interface issue in the Mail component. A local attacker can use a specially crafted application, inadvertently send uncrypted S/MIME email and read arbitrary data.

17) Out-of-bounds read (CVE-ID: CVE-2017-13878)

The vulnerability allows a local attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the Intel Graphics Driver component. A local attacker can use a specially crafted application, trigger out-of-bounds memory read error and view kernel memory contents or cause the system to crash.

18) Out-of-bounds read (CVE-ID: CVE-2017-1000254)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when parsing a directory name when connecting to an FTP server. A remote attacker can trigger memory corruption, access arbitrary files and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

19) Out-of-bounds read (CVE-ID: CVE-2017-3735)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.


20) Use-after-free (CVE-ID: CVE-2017-9798)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.

The vulnerability is dubbed Optionsbleed.


Remediation

Install update from vendor's website.

References