SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Apple TV Vendors:   Apple
(Apple Issues Fix for Apple TV) Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Authentication Credentials and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges
SecurityTracker Alert ID:  1038491
SecurityTracker URL:  http://securitytracker.com/id/1038491
CVE Reference:   CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-6979, CVE-2017-6987   (Links to External Site)
Date:  May 16 2017
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.2.1
Description:   Multiple vulnerabilities were reported in Apple macOS/OS X. A remote user can cause arbitrary code to be executed on the target user's system. An application can obtain potentially sensitive information from system memory. An application can obtain elevated privileges on the target system. A remote user on a local network can obtain 802.1X authentication credentials. Apple TV is affected.

An application can exploit a validation flaw in the CoreAudio component to read restricted memory [CVE-2017-2502].

An application can trigger an input validation flaw in the HFS component to read restricted memory [CVE-2017-6990].

An application can trigger an input validation flaw in the kernel to read restricted memory [CVE-2017-2507, CVE-2017-2509, CVE-2017-2516, CVE-2017-6987].

An application can trigger an input validation flaw in the WindowServer component to read restricted memory [CVE-2017-2540].

A remote user on a local network can exploit a certificate validation flaw in EAP-TLS when a certificate is changed to obtain 802.1X authentication credentials [CVE-2017-6988].

An application can trigger a memory corruption error in the Accessibility Framework component to gain system privileges [CVE-2017-6978].

A memory corruption error in the CoreAnimation component may allow arbitrary code execution [CVE-2017-2527].

A memory corruption error in the TextInput component may allow arbitrary code execution [CVE-2017-2524].

An application can trigger a race condition in the DiskArbitration component to gain system privileges [CVE-2017-2533].

A remote user can create a specially crafted iBook that, when loaded by the target user, will open arbitrary websites [CVE-2017-2497].

An application can exploit a symbolic link (symlink) path validation flaw in iBooks to execute arbitrary code with root privileges [CVE-2017-6981].

An application can trigger a memory corruption error in the iBooks component to gain kernel-level privileges [CVE-2017-6986].

An application can trigger a memory corruption error in the Intel Graphics Driver component to gain kernel-level privileges [CVE-2017-2503].

An application can trigger a memory corruption error in the IOGraphics component to gain kernel-level privileges [CVE-2017-2545].

An application can trigger a memory corruption error in the IOSurface component to gain kernel-level privileges [CVE-2017-6979].

An application can trigger a memory corruption error in the kernel to gain kernel-level privileges [CVE-2017-2494, CVE-2017-2546].

An application can trigger a race condition in the kernel to execute arbitrary code with kernel-level privileges [CVE-2017-2501].

An application can trigger a memory corruption error in the Multi-Touch component to gain kernel-level privileges [CVE-2017-2542, [CVE-2017-2543].

An application can trigger a memory corruption error in the NVIDIA Graphics Drivers component to gain kernel-level privileges [CVE-2017-6985].

An application can trigger a memory corruption error in the Sandbox component to escape its sandbox [CVE-2017-2512].

An application can trigger a memory corruption error in the Security component to escape its sandbox [CVE-2017-2535].

An application can trigger a memory corruption error in the Speech Framework component to escape its sandbox [CVE-2017-2534, CVE-2017-6977].

A user-after-free memory error and code execution may occur in the SQLite component in processing specially crafted SQL queries [CVE-2017-2513].

A buffer overflow and code execution may occur in the SQLite component in processing specially crafted SQL queries [CVE-2017-2518, CVE-2017-2520].

A memory error and code execution may occur in the SQLite component in processing specially crafted SQL queries [CVE-2017-2519].

A remote user can create specially crafted web content that, when loaded by the target user, will trigger memory corruption errors in SQLite and execute arbitrary code on the target user's system [CVE-2017-6983, CVE-2017-6991].

An application can trigger a memory corruption error in the WindowServer component to gain system privileges [CVE-2017-2537, CVE-2017-2541, CVE-2017-2548].

360 Security (@mj0011sec) (via Trend Micro's Zero Day Initiative), Adam Donenfeld of Zimperium zLabs, Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360, Chaitin Security Research Lab (@ChaitinTech) (via Trend Micro's Zero Day Initiative), Federico Bento of Faculty of Sciences, University of Porto, Ian Beer of Google Project Zero, Jann Horn of Google Project Zero, Jun Kokatsu (@shhnjk), Patrick Wardle of Synack, Richard Zhu (fluorescence) (via Trend Micro's Zero Day Initiative), Samuel Gros and Niklas Baumstark (via Trend Micro's Zero Day Initiative), Team Sniper (Keen Lab and PC Mgr) (via Trend Micro's Zero Day Initiative), Tim Cappalli of Aruba (Hewlett Packard Enterprise), Yangkang (@dnpushme) of Qihoo360 Qex Team, evi1m0 of YSRC (sec.ly.com), Heige (SuperHei) of Knownsec 404 Security Team, and sss and Axis of 360Nirvan team reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

An application can obtain potentially sensitive information from system memory on the target system.

An application can obtain elevated privileges on the target system.

A remote user on a local network can obtain 802.1X authentication credentials.

Solution:   The Apple has issued a fix for CVE-2017-2501, CVE-2017-2502, CVE-2017-2507, CVE-2017-2513, CVE-2017-2518, CVE-2017-2519, CVE-2017-2520, CVE-2017-2524, CVE-2017-6979, and CVE-2017-6987 for Apple TV (10.2.1).

The Apple advisory is available at:

https://support.apple.com/en-us/HT207801

Vendor URL:  support.apple.com/en-us/HT207801 (Links to External Site)
Cause:   Access control error, Authentication error, Boundary error, Input validation error, State error

Message History:   This archive entry is a follow-up to the message listed below.
May 15 2017 Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Authentication Credentials and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC