Multiple vulnerabilities in Apple iOS



| Updated: 2017-12-25
Risk High
Patch available YES
Number of vulnerabilities 21
CVE-ID CVE-2017-13849
CVE-2017-13799
CVE-2017-13844
CVE-2017-13805
CVE-2017-13804
CVE-2017-7113
CVE-2017-13783
CVE-2017-13784
CVE-2017-13785
CVE-2017-13788
CVE-2017-13791
CVE-2017-13792
CVE-2017-13793
CVE-2017-13794
CVE-2017-13795
CVE-2017-13796
CVE-2017-13798
CVE-2017-13802
CVE-2017-13803
CVE-2017-13080
CVE-2017-13797
CWE-ID CWE-119
CWE-284
CWE-264
CWE-20
CWE-320
CWE-416
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #12 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #15 is available.
Public exploit code for vulnerability #16 is available.
Public exploit code for vulnerability #17 is available.
Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #20 is available.
Public exploit code for vulnerability #21 is available.
Vulnerable software
Subscribe 		Apple iOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 21 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU9020

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13849

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to memory handling error in the CoreText component. A remote attacker can supply a specially crafted text file, trigger memory corruption and cause an unexpected application termination.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Memory corruption

EUVDB-ID: #VU9021

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13799

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the kernel component. A remote attacker can trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU9022

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13844

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Messages application. A local attacker can supply Reply With Message and access photos from the lock screen.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU9023

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13805

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Siri component. A local attacker can use Siri to read notifications of content that is set not to be displayed at the lock screen.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU9024

Risk: High

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13804

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper input validation. A remote attacker can trick the victim into opening a specially crafted zip file, trigger a path handling flaw in the StreamingZip component and modify restricted areas of the file system.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper access control

EUVDB-ID: #VU9025

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7113

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the UIKit component. A local attacker can view characters in a secure text field during focus change events.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU9026

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13783

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Memory corruption

EUVDB-ID: #VU9027

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13784

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Memory corruption

EUVDB-ID: #VU9028

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13785

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Memory corruption

EUVDB-ID: #VU9029

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13788

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory corruption

EUVDB-ID: #VU9030

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13791

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Memory corruption

EUVDB-ID: #VU9031

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13792

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) Memory corruption

EUVDB-ID: #VU9032

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13793

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory corruption

EUVDB-ID: #VU9033

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13794

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Memory corruption

EUVDB-ID: #VU9034

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13795

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Memory corruption

EUVDB-ID: #VU9035

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13796

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Memory corruption

EUVDB-ID: #VU9036

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13798

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Memory corruption

EUVDB-ID: #VU9037

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13802

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Memory corruption

EUVDB-ID: #VU9038

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13803

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to memory handling error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

21) Use-after-free error

EUVDB-ID: #VU9749

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13797

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the WebKit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update to version 11.1.

Vulnerable software versions

Apple iOS: 3.0 - 10.3.3

CPE2.3 External links

http://support.apple.com/en-us/HT208222


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###