SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Apple macOS/OS X Vendors:   Apple
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof URLs, and Obtain Potentially Sensitive Information and Let Local Users Modify Data and Gain Elevated Privileges
SecurityTracker Alert ID:  1038138
SecurityTracker URL:  http://securitytracker.com/id/1038138
CVE Reference:   CVE-2016-5636, CVE-2016-7585, CVE-2017-2379, CVE-2017-2381, CVE-2017-2388, CVE-2017-2390, CVE-2017-2392, CVE-2017-2398, CVE-2017-2401, CVE-2017-2402, CVE-2017-2403, CVE-2017-2406, CVE-2017-2407, CVE-2017-2408, CVE-2017-2409, CVE-2017-2410, CVE-2017-2413, CVE-2017-2416, CVE-2017-2417, CVE-2017-2418, CVE-2017-2420, CVE-2017-2421, CVE-2017-2422, CVE-2017-2423, CVE-2017-2425, CVE-2017-2426, CVE-2017-2427, CVE-2017-2428, CVE-2017-2429, CVE-2017-2430, CVE-2017-2431, CVE-2017-2432, CVE-2017-2435, CVE-2017-2436, CVE-2017-2437, CVE-2017-2438, CVE-2017-2439, CVE-2017-2440, CVE-2017-2441, CVE-2017-2443, CVE-2017-2448, CVE-2017-2449, CVE-2017-2450, CVE-2017-2451, CVE-2017-2456, CVE-2017-2457, CVE-2017-2458, CVE-2017-2461, CVE-2017-2462, CVE-2017-2467, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2485, CVE-2017-2486, CVE-2017-2487, CVE-2017-6974   (Links to External Site)
Updated:  Mar 28 2017
Original Entry Date:  Mar 27 2017
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple macOS/OS X. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A local user can modify data on the target system. A remote user can obtain files on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof URLs.

An application can execute arbitrary code with kernel-level privileges.

A race condition may occur in AppleGraphicsPowerManagement [CVE-2017-2421].

A use-after-free may occur in AppleRAID [CVE-2017-2438].

A memory corruption error may occur in Bluetooth [CVE-2017-2420, CVE-2017-2427].

A use after free issue may occur in Bluetooth [CVE-2017-2449].

A memory corruption error may occur in the Intel Graphics Driver [CVE-2017-2443].

A memory corruption error may occur [CVE-2017-2398, CVE-2017-2401, CVE-2017-2408, CVE-2017-2436, CVE-2017-2437, CVE-2017-2473].

A null pointer dereference may occur [CVE-2017-2388].

An input validation flaw may occur [CVE-2017-2410, CVE-2017-2440].

A race condition may occur [CVE-2017-2456, CVE-2017-2478].

A use after free issue may occur in [CVE-2017-2472].

An off-by-one memory error may occur [CVE-2017-2474].

A buffer overflow may occur [CVE-2017-2482, CVE-2017-2483].

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A specially crafted audio file can trigger a memory corruption error [CVE-2017-2430, CVE-2017-2462].

A specially crafted '.dfont' file can trigger a buffer overflow [CVE-2017-2379].

Specially crafted web content can trigger a memory corruption error [CVE-2017-2457].

A specially crafted '.mov' file can trigger a memory corruption error [CVE-2017-2431].

A specially crafted font file can trigger a memory corruption error [CVE-2017-2406, CVE-2017-2407, CVE-2017-2435, CVE-2017-2487].

A specially crafted media file can trigger a memory corruption error in QuickTime [CVE-2017-2413].

A specially crafted IPP(S) link can trigger a format string error [CVE-2017-2403].

A specially crafted zip archive processed via Python can trigger a memory corruption error [CVE-2016-5636].

A specially crafted media file can trigger a memory corruption error in QuickTime [CVE-2017-2413].

A specially crafted x509 certificate can trigger a memory corruption error [CVE-2017-2485].

A specially crafted x509 certificate can trigger a double-free memory error [CVE-2017-2425].

An application can execute arbitrary code on the target system with system-level privileges.

A memory corruption error may occur in Multi-Touch [CVE-2017-2422].

An application can execute arbitrary code on the target system with root privileges.

A buffer overflow may occur [CVE-2017-2451].

An application can execute arbitrary code on the target system.

A memory corruption error may occur in ImageIO [CVE-2017-2416, CVE-2017-2432, CVE-2017-2467].

A buffer overflow may occur in Keyboards [CVE-2017-2458].

A memory corruption error may occur in WebKit [CVE-2017-2392].

A local user can exploit a symlink flaw in libarchive to modify file system permissions on arbitrary directories [CVE-2017-2390].

A local user can trigger a use-after-free memory error in 'libc++abi' while demangling a specially crafted C++ application to execute arbitrary code [CVE-2017-2441].

The system may fail to remove Active Directory certificate trust when a configuration profile with multiple payloads is removed [CVE-2017-2402].

An empty signature may be incorrectly validated wtih SecKeyRawVerify() [CVE-2017-2423].

A remote user that can monitor the network can exploit an OTR packet validation flaw to access or modify data in SSL/TLS sessions [CVE-2017-2448].

An application can exploit a validation error in System Integrity Protection to modify protected disk locations [CVE-2017-6974].

A remote user can spoof the address bar [CVE-2017-2486].

A specially crafted Thunderbolt adapter can exploit a DMA flaw in EFI to recover the FileVault 2 encryption password [CVE-2016-7585].

A specially crafted font file can trigger an out-of-bounds memory read error and access process memory on the target system [CVE-2017-2439, CVE-2017-2450].

An application can exploit a flaw in the Hypervisor to leak the CR8 control register between the guest system and the host system [CVE-2017-2418].

A specially crafted iBooks file can access local files on the target user's system [CVE-2017-2426].

An application can trigger an out-of-bounds memory read error in Menus to obtain portions of process memory [CVE-2017-2409].

Permissions may be reset when the target user invokes the Send Link feature of iCloud Sharing [CVE-2017-2429].

A specially crafted image can trigger an infinite recursion error in CoreGraphics and deny service on the target system [CVE-2017-2417].

A specially crafted text message can consume excessive resources on the target system [CVE-2017-2461].

A remote user (HTTP/2 server) can exploit a flaw in the nghttp2 LibreSSL component to cause "undefined behavior" on the target system [CVE-2017-2428].

A local user in an group named "admin" on a network directory server can exploit an access check flaw in sudo to gain elevated privileges [CVE-2017-2381].

@cocoahuke, Aleksandar Nikolic of Cisco Talos, Alex Fishman and Izik Eidus of Veertu Inc., Alex Radocea of Longterm Security, Inc., Axis and sss of Qihoo 360 Nirvan Team, Benjamin Gnahm (@mitp0sh) of Blue Frost Security, Brandon Azad, an anonymous researcher, Craig Arendt of Stratum Security, Jun Kokatsu (@shhnjk), Ian Beer of Google Project Zero, Isaac Archambault of IDAoADI, an anonymous researcher, Lufeng Li of Qihoo 360 Vulcan Team, Max Bazaliy of Lookout, Omer Medan of enSilo Ltd, Orr A, IBM Security, Patrick Wardle of Synack, Pekka Oikarainen, Matias Karhumaa and Marko Laakso of Synopsys Software Integrity Group, Qidan He of KeenLab, Tencent, Sergey Bylokhov, Shashank (@cyberboyIndia), Simon Huang(@HuangShaomang) and pjf of IceSword Lab of Qihoo 360, Ulf Frisk (@UlfFrisk), Yangkang (@dnpushme) of Qihoo360 Qex Team, an anonymous researcher, an anonymous researcher (via Trend Micro's Zero Day Initiative), beist of GrayHash, kimyok of Tencent Security Platform Department, lokihardt of Google Project Zero, riusksk of Tencent Security Platform Department, John Villamil, and Doyensec, reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A local user can modify data on the target system.

A remote user can obtain files on the target system.

A remote user can obtain potentially sensitive information on the target system.

A remote user can spoof a URL.

Solution:   The vendor has issued a fix (Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite).

The vendor advisory is available at:

https://support.apple.com/en-us/HT207615

Vendor URL:  support.apple.com/en-us/HT207615 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 28 2017 (Apple Issues Fix for Apple TV) Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof URLs, and Obtain Potentially Sensitive Information and Let Local Users Modify Data and Gain Elevated Privileges
Apple has issued a fix for Apple TV.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC