ID CVE-2017-13878
Summary An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).
References
Vulnerable Configurations
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Apple Mac OS X 10.0
    cpe:2.3:o:apple:mac_os_x:10.0
  • Apple Mac OS X 10.0.0
    cpe:2.3:o:apple:mac_os_x:10.0.0
  • Apple Mac OS X 10.0.1
    cpe:2.3:o:apple:mac_os_x:10.0.1
  • Apple Mac OS X 10.0.2
    cpe:2.3:o:apple:mac_os_x:10.0.2
  • Apple Mac OS X 10.0.3
    cpe:2.3:o:apple:mac_os_x:10.0.3
  • Apple Mac OS X 10.0.4
    cpe:2.3:o:apple:mac_os_x:10.0.4
  • Apple Mac OS X 10.1
    cpe:2.3:o:apple:mac_os_x:10.1
  • Apple Mac OS X 10.1.0
    cpe:2.3:o:apple:mac_os_x:10.1.0
  • Apple Mac OS X 10.1.1
    cpe:2.3:o:apple:mac_os_x:10.1.1
  • Apple Mac OS X 10.1.2
    cpe:2.3:o:apple:mac_os_x:10.1.2
  • Apple Mac OS X 10.1.3
    cpe:2.3:o:apple:mac_os_x:10.1.3
  • Apple Mac OS X 10.1.4
    cpe:2.3:o:apple:mac_os_x:10.1.4
  • Apple Mac OS X 10.1.5
    cpe:2.3:o:apple:mac_os_x:10.1.5
  • Apple Mac OS X 10.2
    cpe:2.3:o:apple:mac_os_x:10.2
  • Apple Mac OS X 10.2.0
    cpe:2.3:o:apple:mac_os_x:10.2.0
  • Apple Mac OS X 10.2.1
    cpe:2.3:o:apple:mac_os_x:10.2.1
  • Apple Mac OS X 10.2.2
    cpe:2.3:o:apple:mac_os_x:10.2.2
  • Apple Mac OS X 10.2.3
    cpe:2.3:o:apple:mac_os_x:10.2.3
  • Apple Mac OS X 10.2.4
    cpe:2.3:o:apple:mac_os_x:10.2.4
  • Apple Mac OS X 10.2.5
    cpe:2.3:o:apple:mac_os_x:10.2.5
  • Apple Mac OS X 10.2.6
    cpe:2.3:o:apple:mac_os_x:10.2.6
  • Apple Mac OS X 10.2.7
    cpe:2.3:o:apple:mac_os_x:10.2.7
  • Apple Mac OS X 10.2.8
    cpe:2.3:o:apple:mac_os_x:10.2.8
  • Apple Mac OS X 10.3
    cpe:2.3:o:apple:mac_os_x:10.3
  • Apple Mac OS X 10.3.0
    cpe:2.3:o:apple:mac_os_x:10.3.0
  • Apple Mac OS X 10.3.1
    cpe:2.3:o:apple:mac_os_x:10.3.1
  • Apple Mac OS X 10.3.2
    cpe:2.3:o:apple:mac_os_x:10.3.2
  • Apple Mac OS X 10.3.3
    cpe:2.3:o:apple:mac_os_x:10.3.3
  • Apple Mac OS X 10.3.4
    cpe:2.3:o:apple:mac_os_x:10.3.4
  • Apple Mac OS X 10.3.5
    cpe:2.3:o:apple:mac_os_x:10.3.5
  • Apple Mac OS X 10.3.6
    cpe:2.3:o:apple:mac_os_x:10.3.6
  • Apple Mac OS X 10.3.7
    cpe:2.3:o:apple:mac_os_x:10.3.7
  • Apple Mac OS X 10.3.8
    cpe:2.3:o:apple:mac_os_x:10.3.8
  • Apple Mac OS X 10.3.9
    cpe:2.3:o:apple:mac_os_x:10.3.9
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.0
    cpe:2.3:o:apple:mac_os_x:10.4.0
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
  • Apple Mac OS X 10.4.3
    cpe:2.3:o:apple:mac_os_x:10.4.3
  • Apple Mac OS X 10.4.4
    cpe:2.3:o:apple:mac_os_x:10.4.4
  • Apple Mac OS X 10.4.5
    cpe:2.3:o:apple:mac_os_x:10.4.5
  • Apple Mac OS X 10.4.6
    cpe:2.3:o:apple:mac_os_x:10.4.6
  • Apple Mac OS X 10.4.7
    cpe:2.3:o:apple:mac_os_x:10.4.7
  • Apple Mac OS X 10.4.8
    cpe:2.3:o:apple:mac_os_x:10.4.8
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X 10.4.10
    cpe:2.3:o:apple:mac_os_x:10.4.10
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X 10.5
    cpe:2.3:o:apple:mac_os_x:10.5
  • Apple Mac OS X 10.5.0
    cpe:2.3:o:apple:mac_os_x:10.5.0
  • Apple Mac OS X 10.5.1
    cpe:2.3:o:apple:mac_os_x:10.5.1
  • Apple Mac OS X 10.5.2
    cpe:2.3:o:apple:mac_os_x:10.5.2
  • Apple Mac OS X 10.5.3
    cpe:2.3:o:apple:mac_os_x:10.5.3
  • Apple Mac OS X 10.5.4
    cpe:2.3:o:apple:mac_os_x:10.5.4
  • Apple Mac OS X 10.5.5
    cpe:2.3:o:apple:mac_os_x:10.5.5
  • Apple Mac OS X 10.5.6
    cpe:2.3:o:apple:mac_os_x:10.5.6
  • Apple Mac OS X 10.5.7
    cpe:2.3:o:apple:mac_os_x:10.5.7
  • Apple Mac OS X 10.5.8
    cpe:2.3:o:apple:mac_os_x:10.5.8
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X 10.6.5
    cpe:2.3:o:apple:mac_os_x:10.6.5
  • Apple Mac OS X 10.6.6
    cpe:2.3:o:apple:mac_os_x:10.6.6
  • Apple Mac OS X 10.6.7
    cpe:2.3:o:apple:mac_os_x:10.6.7
  • Apple Mac OS X 10.6.8
    cpe:2.3:o:apple:mac_os_x:10.6.8
  • Apple Mac OS X 10.7.0
    cpe:2.3:o:apple:mac_os_x:10.7.0
  • Apple Mac OS X 10.7.1
    cpe:2.3:o:apple:mac_os_x:10.7.1
  • Apple Mac OS X 10.7.2
    cpe:2.3:o:apple:mac_os_x:10.7.2
  • Apple Mac OS X 10.7.3
    cpe:2.3:o:apple:mac_os_x:10.7.3
  • Apple Mac OS X 10.7.4
    cpe:2.3:o:apple:mac_os_x:10.7.4
  • Apple Mac OS X 10.7.5
    cpe:2.3:o:apple:mac_os_x:10.7.5
  • Apple Mac OS X 10.8.0
    cpe:2.3:o:apple:mac_os_x:10.8.0
  • Apple Mac OS X 10.8.1
    cpe:2.3:o:apple:mac_os_x:10.8.1
  • Apple Mac OS X 10.8.2
    cpe:2.3:o:apple:mac_os_x:10.8.2
  • Apple Mac OS X 10.8.3
    cpe:2.3:o:apple:mac_os_x:10.8.3
  • Apple Mac OS X 10.8.4
    cpe:2.3:o:apple:mac_os_x:10.8.4
  • Apple Mac OS X 10.8.5
    cpe:2.3:o:apple:mac_os_x:10.8.5
  • Apple Mac OS X 10.8.5 Supplemental Update
    cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update
  • Apple Mac OS X 10.9
    cpe:2.3:o:apple:mac_os_x:10.9
  • Apple Mac OS X 10.9.1 (Mavericks)
    cpe:2.3:o:apple:mac_os_x:10.9.1
  • Apple Mac OS X 10.9.2
    cpe:2.3:o:apple:mac_os_x:10.9.2
  • Apple Mac OS X 10.9.3
    cpe:2.3:o:apple:mac_os_x:10.9.3
  • Apple Mac OS X 10.9.4
    cpe:2.3:o:apple:mac_os_x:10.9.4
  • Apple Mac OS X 10.9.5
    cpe:2.3:o:apple:mac_os_x:10.9.5
  • Apple Mac OS X 10.10.0
    cpe:2.3:o:apple:mac_os_x:10.10.0
  • Apple Mac OS X 10.10.1
    cpe:2.3:o:apple:mac_os_x:10.10.1
  • Apple Mac OS X Yosemite 10.10.2
    cpe:2.3:o:apple:mac_os_x:10.10.2
  • Apple Mac OS X 10.10.3
    cpe:2.3:o:apple:mac_os_x:10.10.3
  • Apple Mac OS X 10.10.4
    cpe:2.3:o:apple:mac_os_x:10.10.4
  • Apple Mac OS X 10.10.5
    cpe:2.3:o:apple:mac_os_x:10.10.5
  • Apple Mac OS X 10.11.0
    cpe:2.3:o:apple:mac_os_x:10.11.0
  • Apple Mac OS X 10.11.1
    cpe:2.3:o:apple:mac_os_x:10.11.1
  • Apple Mac OS X 10.11.2
    cpe:2.3:o:apple:mac_os_x:10.11.2
  • Apple Mac OS X 10.11.3
    cpe:2.3:o:apple:mac_os_x:10.11.3
  • Apple Mac OS X 10.11.4
    cpe:2.3:o:apple:mac_os_x:10.11.4
  • Apple Mac OS X 10.11.5
    cpe:2.3:o:apple:mac_os_x:10.11.5
  • Apple Mac OS X 10.11.6
    cpe:2.3:o:apple:mac_os_x:10.11.6
  • Apple macOS 10.12.0
    cpe:2.3:o:apple:mac_os_x:10.12.0
  • Apple Mac OS X 10.12.1
    cpe:2.3:o:apple:mac_os_x:10.12.1
  • Apple Mac OS X 10.12.2
    cpe:2.3:o:apple:mac_os_x:10.12.2
  • Apple Mac OS X 10.12.3
    cpe:2.3:o:apple:mac_os_x:10.12.3
  • Apple Mac OS X 10.12.4
    cpe:2.3:o:apple:mac_os_x:10.12.4
  • Apple Mac OS X 10.12.5
    cpe:2.3:o:apple:mac_os_x:10.12.5
  • Apple Mac OS X 10.12.6
    cpe:2.3:o:apple:mac_os_x:10.12.6
  • Apple Mac OS X 10.13.0
    cpe:2.3:o:apple:mac_os_x:10.13.0
CVSS
Base: 5.6
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
exploit-db via4
description macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'. CVE-2017-13878. Dos ...
file exploits/macos/dos/43780.c
id EDB-ID:43780
last seen 2018-01-24
modified 2018-01-19
platform macos
port
published 2018-01-19
reporter Exploit-DB
source https://www.exploit-db.com/download/43780/
title macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'
type dos
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOS_10_13_2.NASL
description The remote host is running a version of Mac OS X that is 10.13.x prior to 10.13.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - curl - Directory Utility - IOAcceleratorFamily - IOKit - Intel Graphics Driver - Kernel - Mail - Mail Drafts - OpenSSL - Screen Sharing Server Note that successful exploitation of the most serious issues can result in arbitrary code execution.
last seen 2019-02-21
modified 2018-07-14
plugin id 105080
published 2017-12-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=105080
title macOS 10.13.x < 10.13.2 Multiple Vulnerabilities (Meltdown)
refmap via4
bid 102099
confirm https://support.apple.com/HT208331
exploit-db 43780
sectrack 1039966
Last major update 25-12-2017 - 16:29
Published 25-12-2017 - 16:29
Last modified 21-01-2018 - 21:29
Back to Top