cnvd - cnvd-2017-16609

cnvd-2017-16609

Vulnerability from cnvd

Title: 多款Apple产品WebKit内存破坏漏洞（CNVD-2017-16609）

Description:

Apple iOS、iCloud for Windows、iTunes for Windows、Safari和tvOS都是美国苹果（Apple）公司的产品。Apple iOS是一套为专移动设备所开发的一套操作系统；Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。WebKit是KDE社区开发的一套开源Web浏览器引擎，目前被Apple Safari及Google Chrome等浏览器使用。

多款Apple产品中的WebKit组件中存在内存破坏漏洞。远程攻击者可借助特制的网站利用该漏洞执行任意代码或造成拒绝服务（内存破坏和应用程序崩溃）。

Severity: 中

Patch Name: 多款Apple产品WebKit存在内存破坏漏洞（CNVD-2017-16609）的补丁

Patch Description:

多款Apple产品中的WebKit组件中存在内存破坏漏洞。远程攻击者可借助特制的网站利用该漏洞执行任意代码或造成拒绝服务（内存破坏和应用程序崩溃）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT207921

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-7034

Impacted products

Name
['Apple IOS <10.3.3', 'Apple Safari <10.1.2', 'Apple iCloud(on Windows) <6.2.2', 'Apple iTunes(on Windows) <12.6.2', 'Apple tvOS <10.2.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7034"
    }
  },
  "description": "Apple iOS\u3001iCloud for Windows\u3001iTunes for Windows\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u4e13\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002WebKit\u662fKDE\u793e\u533a\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002",
  "discovererName": "chenqin of Ant-financial Light-Year Security Lab",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT207921",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-16609",
  "openTime": "2017-07-25",
  "patchDescription": "Apple iOS\u3001iCloud for Windows\u3001iTunes for Windows\u3001Safari\u548ctvOS\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u4e13\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\uff1bSafari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002WebKit\u662fKDE\u793e\u533a\u5f00\u53d1\u7684\u4e00\u5957\u5f00\u6e90Web\u6d4f\u89c8\u5668\u5f15\u64ce\uff0c\u76ee\u524d\u88abApple Safari\u53caGoogle Chrome\u7b49\u6d4f\u89c8\u5668\u4f7f\u7528\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548c\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-16609\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple IOS \u003c10.3.3",
      "Apple Safari \u003c10.1.2",
      "Apple iCloud(on Windows) \u003c6.2.2",
      "Apple  iTunes(on Windows) \u003c12.6.2",
      "Apple tvOS \u003c10.2.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-7034",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-21",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-16609\uff09"
}

CVE-2017-7034 (GCVE-0-2017-7034)

Vulnerability from cvelistv5

Published

2017-07-20 16:00

Modified

2024-08-05 15:49

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/99885	vdb-entry, x_refsource_BID
	https://support.apple.com/HT207927	x_refsource_CONFIRM
	https://support.apple.com/HT207924	x_refsource_CONFIRM
	https://support.apple.com/HT207928	x_refsource_CONFIRM
	https://support.apple.com/HT207921	x_refsource_CONFIRM
	https://support.apple.com/HT207923	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201710-14	vendor-advisory, x_refsource_GENTOO
	http://www.securitytracker.com/id/1038950	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:49:02.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207927"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207924"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207928"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207921"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT207923"
          },
          {
            "name": "GLSA-201710-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-14"
          },
          {
            "name": "1038950",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038950"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-15T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "99885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207927"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207924"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207928"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207921"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT207923"
        },
        {
          "name": "GLSA-201710-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-14"
        },
        {
          "name": "1038950",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038950"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7034",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99885"
            },
            {
              "name": "https://support.apple.com/HT207927",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207927"
            },
            {
              "name": "https://support.apple.com/HT207924",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207924"
            },
            {
              "name": "https://support.apple.com/HT207928",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207928"
            },
            {
              "name": "https://support.apple.com/HT207921",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207921"
            },
            {
              "name": "https://support.apple.com/HT207923",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT207923"
            },
            {
              "name": "GLSA-201710-14",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-14"
            },
            {
              "name": "1038950",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038950"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2017-7034",
    "datePublished": "2017-07-20T16:00:00",
    "dateReserved": "2017-03-17T00:00:00",
    "dateUpdated": "2024-08-05T15:49:02.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted