SB2017120703 - Multiple vulnerabilities in Apple iOS
Published: December 7, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 vulnerabilities.
1) Key management errors (CVE-ID: CVE-2017-13080)
CWE-ID: CWE-320 - Key Management Errors
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
2) Out-of-bounds read (CVE-ID: CVE-2017-13833)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read in the kernel component. A local attacker can use a specially crafted application, trigger out-of-bounds read error and read arbitrary files.
3) Memory corruption (CVE-ID: CVE-2017-13847)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the IOKit component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
4) Memory corruption (CVE-ID: CVE-2017-13855)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to memory handling error in the kernel component. A local attacker can use a specially crafted application, trigger memory handling error and read arbitrary files.
5) Information disclosure (CVE-ID: CVE-2017-13860)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to encryption error. A remote attacker in a privileged network position can trigger an encryption error with S/MIME credentials in the Mail Drafts component to intercept mail.
6) Memory corruption (CVE-ID: CVE-2017-13861)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
The vulnerability allows a local attacker to execute arbitrary code o the target system.
The weakness exists due to boundary error in IOSurface. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
7) Memory corruption (CVE-ID: CVE-2017-13862)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
8) Improper input validation (CVE-ID: CVE-2017-13865)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.
9) Memory corruption (CVE-ID: CVE-2017-13867)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
10) Improper input validation (CVE-ID: CVE-2017-13868)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.
11) Improper input validation (CVE-ID: CVE-2017-13869)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.
12) Security restrictions bypass (CVE-ID: CVE-2017-13874)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to a S/MIME issue in the handling of encrypted email. A local attacker can cause incorrect certificate to be used for encryption.
13) Memory corruption (CVE-ID: CVE-2017-13876)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
14) Memory corruption (CVE-ID: CVE-2017-13879)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to execute arbitrary code o the target system.
The weakness exists due to boundary error in IOMobileFrameBuffer. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.