SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   Apple iTunes Vendors:   Apple
(Apple Issues Fix for Apple iTunes for Windows) Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, Spoof URLs, Conduct Cross-Site Scripting Attacks, Bypass Security, and Obtain Potentially Sensitive information and Let Local Users Obtain Potentially Sensitive information and Gain Elevated Privileges
SecurityTracker Alert ID:  1038953
SecurityTracker URL:  http://securitytracker.com/id/1038953
CVE Reference:   CVE-2017-7010, CVE-2017-7012, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064   (Links to External Site)
Date:  Jul 19 2017
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 12.6.2
Description:   Multiple vulnerabilities were reported in Apple iOS. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions on the target system. A remote user can spoof URLs. A remote user can conduct cross-site scripting attacks. A remote user can bypass security controls on the target system. A remote or local user can obtain potentially sensitive information. A local user can obtain elevated privileges on the target system. Apple iTunes is affected.

A remote user can trigger a buffer overflow in the Contacts component to execute arbitrary code [CVE-2017-7062].

A remote user can trigger a memory corruption error in the CoreAudio component to execute arbitrary code [CVE-2017-7008].

A remote user can trigger a resource exhaustion flaw in the EventKitUI component to cause the target application to crash [CVE-2017-7007].

An application can trigger a memory corruption error in the IOUSBFamily component to execute arbitrary code with kernel privileges [CVE-2017-7009].

An application can trigger a memory corruption error in the the kernel component to execute arbitrary code with system privileges [CVE-2017-7022, CVE-2017-7024, CVE-2017-7026].

An application can trigger a memory corruption error in the the kernel component to execute arbitrary code with kernel privileges [CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069].

An application can trigger a input validation flaw in the the kernel component to read restricted memory [CVE-2017-7028, CVE-2017-7029].

A remote user can trigger a buffer overflow in the libarchive component to execute arbitrary code [CVE-2017-7068].

A remote user can create a specially crafted XML document to trigger an out-of-bounds memory read error in the libxml2 component and access potentially sensitive user information [CVE-2017-7010, CVE-2017-7013].

An application can trigger a memory corruption error in the libxpc component to execute arbitrary code with system privileges [CVE-2017-7047].

A remote user can trigger a memory handling error in the Messages component to consume excessive memory on the target system [CVE-2017-7063].

A physically local user can view notifications on the lock screen when notifications are disabled [CVE-2017-7058].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a flaw in the Safari component and spoof the address bar [CVE-2017-2517].

A remote user can create specially crafted web content that, when loaded by the target user, will load an infinite number of print dialogs [CVE-2017-7060].

A remote user can trigger a cross-origin bypass in the WebKit component to obtain potentially sensitive information on the target system [CVE-2017-7006].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger a frame handling flaw and spoof the address bar [CVE-2017-7011].

A remote user can trigger a memory corruption error in the WebKit component to execute arbitrary code [CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061].

An application can trigger a memory handling error in the WebKit component to read restricted memory [CVE-2017-7064].

A remote user can trigger a logic error in the WebKit component to conduct cross site scripting attacks [CVE-2017-7038, CVE-2017-7059].

A remote user can trigger a memory corruption error in the WebKit component to execute arbitrary code [CVE-2017-7049].

A remote user can trigger a memory corruption error in the WebKit Page Loading component to execute arbitrary code [CVE-2017-7019].

A remote user can trigger a memory corruption error in the WebKit Web Inspector component to execute arbitrary code [CVE-2017-7012].

A remote user on the wireless network can trigger a memory corruption error in the Wi-Fi component to execute arbitrary code [CVE-2017-9417]. This vulnerability in the Broadcom chipset is referred to as 'Broadpwn'. Detailed information about the vulnerability and exploit methods is available at:

https://blog.exodusintel.com/2017/07/26/broadpwn/

David Kohlbrenner of UC San Diego, an anonymous researcher, Egor Karbutov (@ShikariSenpai) of Digital Security and Egor Saltykov (@ansjdnakjdnajkd) of Digital Security, Neil Jenkins of FastMail Pty Ltd, Ian Beer of Google Project Zero,
Ivan Fratric of Google Project Zero, Jose Antonio Esteban (@Erratum_) of Sapsi Consultores, Nitay Artenstein of Exodus Intelligence, Proteas of Qihoo 360 Nirvan Team, Shashank (@cyberboyIndia), The UK's National Cyber Security Centre (NCSC),
Travis Kelley of City of Mishawaka, Indiana, Yangkang (@dnpushme) of Qihoo 360 Qex Team, Zhiyang Zeng of Tencent Security Platform Department, an anonymous researcher, cc working with Trend Micro's Zero Day Initiative, chenqin of Ant-financial Light-Year Security Lab, likemeng of Baidu Security Lab, lokihardt of Google Project Zero,
shrek_wzw of Qihoo 360 Nirvan Team, and xisigr of Tencent's Xuanwu Lab (tencent.com) reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

A local user can obtain potentially sensitive information on the target system.

A local user can obtain potentially sensitive information from system memory on the target system.

A local user can obtain elevated privileges on the target system.

A remote user can bypass security controls on the target system.

A remote user can execute arbitrary code on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can spoof a URL.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with an arbitrary site's interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.

Solution:   Apple has issued a fix for CVE-2017-7010, CVE-2017-7012, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, and CVE-2017-7064 for Apple iTunes (12.6.2 for Windows).

The Apple advisory is available at:

https://support.apple.com/en-us/HT207928

Vendor URL:  support.apple.com/en-us/HT207928 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, Resource error, State error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 19 2017 Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, Spoof URLs, Conduct Cross-Site Scripting Attacks, Bypass Security, and Obtain Potentially Sensitive information and Let Local Users Elevated Privileges



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC