cnvd - cnvd-2018-02228

cnvd-2018-02228

Vulnerability from cnvd

Title

Apple iOS Mail Message Framework存在未明漏洞

Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Mail Message Framework是其中的一个电子邮件消息框架组件。 Apple iOS中的Mail Message Framework组件存在安全漏洞。远程攻击者可借助特制的网站利用该漏洞伪造地址栏内容。

Severity

中

Patch Name

Apple iOS Mail Message Framework存在未明漏洞的补丁

Patch Description

Apple iOS是美国苹果（Apple）公司为移动设备所开发的一套操作系统。Mail Message Framework是其中的一个电子邮件消息框架组件。 Apple iOS中的Mail Message Framework组件存在安全漏洞。远程攻击者可借助特制的网站利用该漏洞伪造地址栏内容。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT208334

Reference

https://support.apple.com/HT208334

Impacted products

Name
Apple IOS <11.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7152",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7152"
    }
  },
  "description": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Mail Message Framework\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7535\u5b50\u90ae\u4ef6\u6d88\u606f\u6846\u67b6\u7ec4\u4ef6\u3002\r\n\r\nApple iOS\u4e2d\u7684Mail Message Framework\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u5730\u5740\u680f\u5185\u5bb9\u3002",
  "discovererName": "Oliver Paukstadt",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT208334",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02228",
  "openTime": "2018-01-30",
  "patchDescription": "Apple iOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002Mail Message Framework\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7535\u5b50\u90ae\u4ef6\u6d88\u606f\u6846\u67b6\u7ec4\u4ef6\u3002\r\n\r\nApple iOS\u4e2d\u7684Mail Message Framework\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u5730\u5740\u680f\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple iOS Mail Message Framework\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple IOS \u003c11.2"
  },
  "referenceLink": "https://support.apple.com/HT208334",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-04",
  "title": "Apple iOS Mail Message Framework\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2017-7152 (GCVE-0-2017-7152)

Vulnerability from cvelistv5

Published

2017-12-25 21:00

Modified

2024-08-05 15:56

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.

References

URL

Tags

	https://support.apple.com/HT208334	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210721	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210724	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210722	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2019/Oct/49	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Oct/54	mailing-list, x_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Oct/56	mailing-list, x_refsource_FULLDISC