ID CVE-2017-13875
Summary An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
References
Vulnerable Configurations
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Apple Mac OS X 10.0
    cpe:2.3:o:apple:mac_os_x:10.0
  • Apple Mac OS X 10.0.0
    cpe:2.3:o:apple:mac_os_x:10.0.0
  • Apple Mac OS X 10.0.1
    cpe:2.3:o:apple:mac_os_x:10.0.1
  • Apple Mac OS X 10.0.2
    cpe:2.3:o:apple:mac_os_x:10.0.2
  • Apple Mac OS X 10.0.3
    cpe:2.3:o:apple:mac_os_x:10.0.3
  • Apple Mac OS X 10.0.4
    cpe:2.3:o:apple:mac_os_x:10.0.4
  • Apple Mac OS X 10.1
    cpe:2.3:o:apple:mac_os_x:10.1
  • Apple Mac OS X 10.1.0
    cpe:2.3:o:apple:mac_os_x:10.1.0
  • Apple Mac OS X 10.1.1
    cpe:2.3:o:apple:mac_os_x:10.1.1
  • Apple Mac OS X 10.1.2
    cpe:2.3:o:apple:mac_os_x:10.1.2
  • Apple Mac OS X 10.1.3
    cpe:2.3:o:apple:mac_os_x:10.1.3
  • Apple Mac OS X 10.1.4
    cpe:2.3:o:apple:mac_os_x:10.1.4
  • Apple Mac OS X 10.1.5
    cpe:2.3:o:apple:mac_os_x:10.1.5
  • Apple Mac OS X 10.2
    cpe:2.3:o:apple:mac_os_x:10.2
  • Apple Mac OS X 10.2.0
    cpe:2.3:o:apple:mac_os_x:10.2.0
  • Apple Mac OS X 10.2.1
    cpe:2.3:o:apple:mac_os_x:10.2.1
  • Apple Mac OS X 10.2.2
    cpe:2.3:o:apple:mac_os_x:10.2.2
  • Apple Mac OS X 10.2.3
    cpe:2.3:o:apple:mac_os_x:10.2.3
  • Apple Mac OS X 10.2.4
    cpe:2.3:o:apple:mac_os_x:10.2.4
  • Apple Mac OS X 10.2.5
    cpe:2.3:o:apple:mac_os_x:10.2.5
  • Apple Mac OS X 10.2.6
    cpe:2.3:o:apple:mac_os_x:10.2.6
  • Apple Mac OS X 10.2.7
    cpe:2.3:o:apple:mac_os_x:10.2.7
  • Apple Mac OS X 10.2.8
    cpe:2.3:o:apple:mac_os_x:10.2.8
  • Apple Mac OS X 10.3
    cpe:2.3:o:apple:mac_os_x:10.3
  • Apple Mac OS X 10.3.0
    cpe:2.3:o:apple:mac_os_x:10.3.0
  • Apple Mac OS X 10.3.1
    cpe:2.3:o:apple:mac_os_x:10.3.1
  • Apple Mac OS X 10.3.2
    cpe:2.3:o:apple:mac_os_x:10.3.2
  • Apple Mac OS X 10.3.3
    cpe:2.3:o:apple:mac_os_x:10.3.3
  • Apple Mac OS X 10.3.4
    cpe:2.3:o:apple:mac_os_x:10.3.4
  • Apple Mac OS X 10.3.5
    cpe:2.3:o:apple:mac_os_x:10.3.5
  • Apple Mac OS X 10.3.6
    cpe:2.3:o:apple:mac_os_x:10.3.6
  • Apple Mac OS X 10.3.7
    cpe:2.3:o:apple:mac_os_x:10.3.7
  • Apple Mac OS X 10.3.8
    cpe:2.3:o:apple:mac_os_x:10.3.8
  • Apple Mac OS X 10.3.9
    cpe:2.3:o:apple:mac_os_x:10.3.9
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.0
    cpe:2.3:o:apple:mac_os_x:10.4.0
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
  • Apple Mac OS X 10.4.3
    cpe:2.3:o:apple:mac_os_x:10.4.3
  • Apple Mac OS X 10.4.4
    cpe:2.3:o:apple:mac_os_x:10.4.4
  • Apple Mac OS X 10.4.5
    cpe:2.3:o:apple:mac_os_x:10.4.5
  • Apple Mac OS X 10.4.6
    cpe:2.3:o:apple:mac_os_x:10.4.6
  • Apple Mac OS X 10.4.7
    cpe:2.3:o:apple:mac_os_x:10.4.7
  • Apple Mac OS X 10.4.8
    cpe:2.3:o:apple:mac_os_x:10.4.8
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X 10.4.10
    cpe:2.3:o:apple:mac_os_x:10.4.10
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X 10.5
    cpe:2.3:o:apple:mac_os_x:10.5
  • Apple Mac OS X 10.5.0
    cpe:2.3:o:apple:mac_os_x:10.5.0
  • Apple Mac OS X 10.5.1
    cpe:2.3:o:apple:mac_os_x:10.5.1
  • Apple Mac OS X 10.5.2
    cpe:2.3:o:apple:mac_os_x:10.5.2
  • Apple Mac OS X 10.5.3
    cpe:2.3:o:apple:mac_os_x:10.5.3
  • Apple Mac OS X 10.5.4
    cpe:2.3:o:apple:mac_os_x:10.5.4
  • Apple Mac OS X 10.5.5
    cpe:2.3:o:apple:mac_os_x:10.5.5
  • Apple Mac OS X 10.5.6
    cpe:2.3:o:apple:mac_os_x:10.5.6
  • Apple Mac OS X 10.5.7
    cpe:2.3:o:apple:mac_os_x:10.5.7
  • Apple Mac OS X 10.5.8
    cpe:2.3:o:apple:mac_os_x:10.5.8
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X 10.6.6
    cpe:2.3:o:apple:mac_os_x:10.6.6
  • Apple Mac OS X 10.6.7
    cpe:2.3:o:apple:mac_os_x:10.6.7
  • Apple Mac OS X 10.6.8
    cpe:2.3:o:apple:mac_os_x:10.6.8
  • Apple Mac OS X 10.7.0
    cpe:2.3:o:apple:mac_os_x:10.7.0
  • Apple Mac OS X 10.7.1
    cpe:2.3:o:apple:mac_os_x:10.7.1
  • Apple Mac OS X 10.7.2
    cpe:2.3:o:apple:mac_os_x:10.7.2
  • Apple Mac OS X 10.7.3
    cpe:2.3:o:apple:mac_os_x:10.7.3
  • Apple Mac OS X 10.7.4
    cpe:2.3:o:apple:mac_os_x:10.7.4
  • Apple Mac OS X 10.7.5
    cpe:2.3:o:apple:mac_os_x:10.7.5
  • Apple Mac OS X 10.8.0
    cpe:2.3:o:apple:mac_os_x:10.8.0
  • Apple Mac OS X 10.8.1
    cpe:2.3:o:apple:mac_os_x:10.8.1
  • Apple Mac OS X 10.8.2
    cpe:2.3:o:apple:mac_os_x:10.8.2
  • Apple Mac OS X 10.8.3
    cpe:2.3:o:apple:mac_os_x:10.8.3
  • Apple Mac OS X 10.8.4
    cpe:2.3:o:apple:mac_os_x:10.8.4
  • Apple Mac OS X 10.8.5
    cpe:2.3:o:apple:mac_os_x:10.8.5
  • Apple Mac OS X 10.8.5 Supplemental Update
    cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update
  • Apple Mac OS X 10.9
    cpe:2.3:o:apple:mac_os_x:10.9
  • Apple Mac OS X 10.9.1 (Mavericks)
    cpe:2.3:o:apple:mac_os_x:10.9.1
  • Apple Mac OS X 10.9.2
    cpe:2.3:o:apple:mac_os_x:10.9.2
  • Apple Mac OS X 10.9.3
    cpe:2.3:o:apple:mac_os_x:10.9.3
  • Apple Mac OS X 10.9.4
    cpe:2.3:o:apple:mac_os_x:10.9.4
  • Apple Mac OS X 10.9.5
    cpe:2.3:o:apple:mac_os_x:10.9.5
  • Apple Mac OS X 10.10.0
    cpe:2.3:o:apple:mac_os_x:10.10.0
  • Apple Mac OS X 10.10.1
    cpe:2.3:o:apple:mac_os_x:10.10.1
  • Apple Mac OS X Yosemite 10.10.2
    cpe:2.3:o:apple:mac_os_x:10.10.2
  • Apple Mac OS X 10.10.3
    cpe:2.3:o:apple:mac_os_x:10.10.3
  • Apple Mac OS X 10.10.4
    cpe:2.3:o:apple:mac_os_x:10.10.4
  • Apple Mac OS X 10.10.5
    cpe:2.3:o:apple:mac_os_x:10.10.5
  • Apple Mac OS X 10.11.0
    cpe:2.3:o:apple:mac_os_x:10.11.0
  • Apple Mac OS X 10.11.1
    cpe:2.3:o:apple:mac_os_x:10.11.1
  • Apple Mac OS X 10.11.2
    cpe:2.3:o:apple:mac_os_x:10.11.2
  • Apple Mac OS X 10.11.3
    cpe:2.3:o:apple:mac_os_x:10.11.3
  • Apple Mac OS X 10.11.4
    cpe:2.3:o:apple:mac_os_x:10.11.4
  • Apple Mac OS X 10.11.5
    cpe:2.3:o:apple:mac_os_x:10.11.5
  • Apple Mac OS X 10.11.6
    cpe:2.3:o:apple:mac_os_x:10.11.6
  • Apple macOS 10.12.0
    cpe:2.3:o:apple:mac_os_x:10.12.0
  • Apple Mac OS X 10.12.1
    cpe:2.3:o:apple:mac_os_x:10.12.1
  • Apple Mac OS X 10.12.2
    cpe:2.3:o:apple:mac_os_x:10.12.2
  • Apple Mac OS X 10.12.3
    cpe:2.3:o:apple:mac_os_x:10.12.3
  • Apple Mac OS X 10.12.4
    cpe:2.3:o:apple:mac_os_x:10.12.4
  • Apple Mac OS X 10.12.5
    cpe:2.3:o:apple:mac_os_x:10.12.5
  • Apple Mac OS X 10.12.6
    cpe:2.3:o:apple:mac_os_x:10.12.6
  • Apple Mac OS X 10.13.0
    cpe:2.3:o:apple:mac_os_x:10.13.0
CVSS
Base: 9.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
exploit-db via4
description macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig. CVE-2017-13875. Dos exploit for macOS platform
file exploits/macos/dos/43327.c
id EDB-ID:43327
last seen 2017-12-12
modified 2017-12-12
platform macos
port
published 2017-12-12
reporter Exploit-DB
source https://www.exploit-db.com/download/43327/
title macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
type dos
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOS_10_13_2.NASL
description The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - curl - Directory Utility - IOAcceleratorFamily - IOKit - Intel Graphics Driver - Kernel - Mail - Mail Drafts - OpenSSL - Screen Sharing Server Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen 2019-02-21
modified 2018-07-14
plugin id 105080
published 2017-12-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=105080
title macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)
refmap via4
bid 102099
confirm https://support.apple.com/HT208331
exploit-db 43327
sectrack 1039966
Last major update 25-12-2017 - 16:29
Published 25-12-2017 - 16:29
Last modified 28-12-2017 - 13:33
Back to Top