var-201705-3983
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. An attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. IOSurface is one of the programming framework components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2. CVE-2017-2521: lokihardt of Google Project Zero
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-05-15-3 tvOS 10.2.1
tvOS 10.2.1 is now available and addresses the following:
AVEVideoEncoder Available for: Apple TV (4th generation) Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
CoreAudio Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
IOSurface Available for: Apple TV (4th generation) Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2501: Ian Beer of Google Project Zero
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack
SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz
SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz
SQLite Available for: Apple TV (4th generation) Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz
TextInput Available for: Apple TV (4th generation) Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management. CVE-2017-2504: lokihardt of Google Project Zero
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2505: lokihardt of Google Project Zero CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Microas Zero Day Initiative CVE-2017-2515: lokihardt of Google Project Zero CVE-2017-2521: lokihardt of Google Project Zero CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab ( tencent.com) working with Trend Microas Zero Day Initiative CVE-2017-2530: Wei Yuan of Baidu Security Lab CVE-2017-2531: lokihardt of Google Project Zero CVE-2017-6980: lokihardt of Google Project Zero CVE-2017-6984: lokihardt of Google Project Zero
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues with addressed through improved memory handling. CVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend Micro's Zero Day Initiative
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in frame loading. This issue was addressed with improved state management. CVE-2017-2549: lokihardt of Google Project Zero
WebKit Web Inspector Available for: Apple TV (4th generation) Impact: An application may be able to execute unsigned code Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2499: George Dan (@theninjaprawn)
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.a
To check the current version of software, select "Settings -> General -> About.a
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM wLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua 3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl fALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm hqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma nz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E DJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi NsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3 1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW RxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D WILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ n4lw8wPv5laa5ARIQHP/ =94LN -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3983",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.4,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "3.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11.6"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.2 (ipad first 4 generation or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.2 (iphone 5 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.3.2 (ipod touch first 6 generation )"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.2.1 (apple tv ( first 4 generation ))"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "3.2.2 (apple watch all models )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "watch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "watchos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.5"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
}
],
"sources": [
{
"db": "BID",
"id": "98468"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ian Beer of Google Project Zero, Yangkang (@dnpushme) of Qihoo360 Qex Team, OSS-Fuzz, Adam Donenfeld of Zimperium zLabs and Patrick Wardle of Synack.",
"sources": [
{
"db": "BID",
"id": "98468"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6979",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CVE-2017-6979",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-115182",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2017-6979",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6979",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-971",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115182",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115182"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"IOSurface\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Apple iOS/WatchOS/tvOS/macOS are prone to multiple security vulnerabilities. \nAn attacker can exploit these issues to gain elevated privileges, perform unauthorized actions and execute arbitrary code with kernel privileges. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. IOSurface is one of the programming framework components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2. \nCVE-2017-2521: lokihardt of Google Project Zero\n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-05-15-3 tvOS 10.2.1\n\ntvOS 10.2.1 is now available and addresses the following:\n\nAVEVideoEncoder\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nCoreAudio\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team\n\nIOSurface\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to gain kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2501: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-2507: Ian Beer of Google Project Zero\nCVE-2017-6987: Patrick Wardle of Synack\n\nSQLite\nAvailable for: Apple TV (4th generation)\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A use after free issue was addressed through improved\nmemory management. \nCVE-2017-2513: found by OSS-Fuzz\n\nSQLite\nAvailable for: Apple TV (4th generation)\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-2518: found by OSS-Fuzz\nCVE-2017-2520: found by OSS-Fuzz\n\nSQLite\nAvailable for: Apple TV (4th generation)\nImpact: A maliciously crafted SQL query may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2519: found by OSS-Fuzz\n\nTextInput\nAvailable for: Apple TV (4th generation)\nImpact: Parsing maliciously crafted data may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2524: Ian Beer of Google Project Zero\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of WebKit Editor\ncommands. This issue was addressed with improved state management. \nCVE-2017-2504: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-2505: lokihardt of Google Project Zero\nCVE-2017-2506: Zheng Huang of the Baidu Security Lab working with\nTrend Microas Zero Day Initiative\nCVE-2017-2515: lokihardt of Google Project Zero\nCVE-2017-2521: lokihardt of Google Project Zero\nCVE-2017-2525: Kai Kang (4B5F5F4B) of Tencentas Xuanwu Lab (\ntencent.com) working with Trend Microas Zero Day Initiative\nCVE-2017-2530: Wei Yuan of Baidu Security Lab\nCVE-2017-2531: lokihardt of Google Project Zero\nCVE-2017-6980: lokihardt of Google Project Zero\nCVE-2017-6984: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues with addressed through\nimproved memory handling. \nCVE-2017-2536: Samuel GroA and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in frame loading. This issue was\naddressed with improved state management. \nCVE-2017-2549: lokihardt of Google Project Zero\n\nWebKit Web Inspector\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute unsigned code\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-2499: George Dan (@theninjaprawn)\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.a\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.a\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGTv0QALXtcCO+P0UQrA8OdpvNFaYM\nwLPRoyGpEpnLo1acqD6bhILsI3aC+sPby7OyPhWYVVYSiJu11AYW0z51nYIo6Yua\n3Gn1BnksriTPQo6o7gJf65ZSvFj5gew90tfpQI634ywolMcpU98lbDMimKxqGxXl\nfALlrapTntZEvYHuHiSVXEh823ZQWKIjzHuJBPWq7TqcCQt09cbeYCHVtqf+43jm\nhqWCIQ1CePLhhsBUy2ZwsYqD5TRiEZGLTQiSgBX8iWHRLm5D6hoi05PeDrK5fNma\nnz2doNMDPkYY7TIR0cnfrKR9Q/Oy6C7C/wX17Kv7iaGpg66f5hSf+JFTreJCg21E\nDJYxuty2sf0+DnxNvkczGHChnv/hPc5yLozKuMu62VdiAtuCTd/93s52WZTT1ZPi\nNsKi/TKHRcV5EH/j453f3o9RRnaqtFcrVv2Jp+WK6e2/s6qlQUCwH3o99lR14Cn3\n1VyJEMj3S6SL125RbfM8aRsIyqsPY0aKCayA1/prDbjEZOv4urnDQid2hFeGGviW\nRxoH8N8Y3j2z/bkJ9LQApekOF8MAv9yWmhpklnOWLeL/bGAsEschQMrkkiGwe87D\nWILIbwTJzEs++U+PF5NIgXytiLzrqmHCOmjTA595q8pfkIU0WSQV4tGMNieptDJZ\nn4lw8wPv5laa5ARIQHP/\n=94LN\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6979"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "BID",
"id": "98468"
},
{
"db": "VULHUB",
"id": "VHN-115182"
},
{
"db": "PACKETSTORM",
"id": "142510"
},
{
"db": "PACKETSTORM",
"id": "142509"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-115182",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115182"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6979",
"trust": 3.0
},
{
"db": "BID",
"id": "98468",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038484",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "42555",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98089541",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-115182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142509",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115182"
},
{
"db": "BID",
"id": "98468"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "PACKETSTORM",
"id": "142510"
},
{
"db": "PACKETSTORM",
"id": "142509"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"id": "VAR-201705-3983",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115182"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:27:28.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT207800",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207800"
},
{
"title": "HT207801",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207801"
},
{
"title": "HT207797",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207797"
},
{
"title": "HT207798",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT207798"
},
{
"title": "HT207797",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207797"
},
{
"title": "HT207798",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207798"
},
{
"title": "HT207800",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207800"
},
{
"title": "HT207801",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT207801"
},
{
"title": "Multiple Apple product IOSurface Fixing measures for component race condition vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70447"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115182"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98468"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207797"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207798"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207800"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht207801"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42555/"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038484"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6979"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6979"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98089541/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/accessibility/tvos/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/watchos-2/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2519"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2521"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2501"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2518"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://gpgtools.org"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2513"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6989"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2502"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2507"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6987"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2520"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6980"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115182"
},
{
"db": "BID",
"id": "98468"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "PACKETSTORM",
"id": "142510"
},
{
"db": "PACKETSTORM",
"id": "142509"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115182"
},
{
"db": "BID",
"id": "98468"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"db": "PACKETSTORM",
"id": "142510"
},
{
"db": "PACKETSTORM",
"id": "142509"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-115182"
},
{
"date": "2017-05-15T00:00:00",
"db": "BID",
"id": "98468"
},
{
"date": "2017-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"date": "2017-05-15T23:23:23",
"db": "PACKETSTORM",
"id": "142510"
},
{
"date": "2017-05-15T19:32:22",
"db": "PACKETSTORM",
"id": "142509"
},
{
"date": "2017-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"date": "2017-05-22T05:29:02.677000",
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-115182"
},
{
"date": "2017-05-23T16:28:00",
"db": "BID",
"id": "98468"
},
{
"date": "2017-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003805"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-971"
},
{
"date": "2024-11-21T03:30:54.637000",
"db": "NVD",
"id": "CVE-2017-6979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product IOSurface Component vulnerable to arbitrary code execution in privileged context",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003805"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-971"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.