Vulnerability CVE-2017-7154


Published: 2017-12-27

Description:
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).

See advisories in our WLB2 database:
Topic
Author
Date
Low
macOS process_policy Stack Leak Through Uninitialized Field
Google Security ...
12.01.2018

Type:

CWE-20

(Improper Input Validation)

Vendor: Apple
Product: Iphone os 
Version:
9.3.5
9.3.4
9.3.3
9.3.2
9.3.1
9.3
9.2.1
9.2
9.1
9.0.2
9.0.1
9.0
8.4.1
8.2
8.1.3
8.1.2
8.1
8.0.2
8.0.1
8.0
7.1.2
7.1.1
7.1
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1
6.0.2
6.0.1
6.0
5.1.1
5.1
5.0.1
5.0
4.3.5
4.3.3
4.3.2
4.3.1
4.3.0
4.2.8
4.2.5
4.2.1
4.1
4.0.2
4.0.1
4.0
3.2.2
3.2.1
3.2
3.1.3
3.1.2
3.1
3.0.1
3.0
2.2.1
See more versions on NVD
Product: Apple tv 
Version:
9.1.1
9.0.1
7.1
7.0.3
7.0.1
7.0
6.2.1
6.2
6.1.2
6.1.1
6.1
6.0.2
6.0.1
6.0
5.2.0
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.4.4
4.4.3
4.4.2
4.4.0
4.3.0
4.2.2
4.2.1
4.2.0
4.1.1
4.1.0
3.0.2
3.0.1
3.0.0
2.4.0
2.3.1
2.3.0
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.6/10
7.8/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Complete

 References:
http://www.securityfocus.com/bid/103134
https://support.apple.com/HT208327
https://support.apple.com/HT208331
https://support.apple.com/HT208334
https://www.exploit-db.com/exploits/43521/

Related CVE
CVE-2018-8897
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that ...
CVE-2018-4173
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
CVE-2018-4176
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
CVE-2018-4175
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
CVE-2018-4174
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an incons...
CVE-2018-4172
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" f...
CVE-2018-4170
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
CVE-2018-4168
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a lo...

Copyright 2018, cxsecurity.com

 

Back to Top