SB2017120703 - Multiple vulnerabilities in Apple iOS



SB2017120703 - Multiple vulnerabilities in Apple iOS

Published: December 7, 2017

Security Bulletin ID SB2017120703
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 7% Low 93%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 vulnerabilities.


1) Key management errors (CVE-ID: CVE-2017-13080)

CWE-ID: CWE-320 - Key Management Errors

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green


The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

2) Out-of-bounds read (CVE-ID: CVE-2017-13833)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read in the kernel component. A local attacker can use a specially crafted application, trigger out-of-bounds read error and read arbitrary files.

3) Memory corruption (CVE-ID: CVE-2017-13847)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the IOKit component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2017-13855)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory handling error in the kernel component. A local attacker can use a specially crafted application, trigger memory handling error and read arbitrary files.

5) Information disclosure (CVE-ID: CVE-2017-13860)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to encryption error. A remote attacker in a privileged network position can trigger an encryption error with S/MIME credentials in the Mail Drafts component to intercept mail.

6) Memory corruption (CVE-ID: CVE-2017-13861)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear


The vulnerability allows a local attacker to execute arbitrary code o the target system.

The weakness exists due to boundary error in IOSurface. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.


7) Memory corruption (CVE-ID: CVE-2017-13862)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Improper input validation (CVE-ID: CVE-2017-13865)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

9) Memory corruption (CVE-ID: CVE-2017-13867)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

10) Improper input validation (CVE-ID: CVE-2017-13868)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

11) Improper input validation (CVE-ID: CVE-2017-13869)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

12) Security restrictions bypass (CVE-ID: CVE-2017-13874)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to a S/MIME issue in the handling of encrypted email. A local attacker can cause incorrect certificate to be used for encryption.

13) Memory corruption (CVE-ID: CVE-2017-13876)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

14) Memory corruption (CVE-ID: CVE-2017-13879)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local attacker to execute arbitrary code o the target system.

The weakness exists due to boundary error in IOMobileFrameBuffer. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Install update from vendor's website.