var-201710-1380
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. Apple iOS is prone to multiple security vulnerabilities. Successful exploits will allow attackers to perform unauthorized actions, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Apple iOS 11 are vulnerable. MobileBackup is one of the system backup components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-09-19-1 iOS 11
iOS 11 is now available and addresses the following:
Exchange ActiveSync Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to erase a device during Exchange account setup Description: A validation issue existed in AutoDiscover V1. This issue was addressed through requiring TLS. CVE-2017-7088: Ilya Nesterov, Maxim Goncharov
iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7072: JAdrzej Krysztofiak
Mail MessageUI Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: A memory corruption issue was addressed with improved validation. CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital
Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted image may lead to a denial of service Description: A denial of service issue was addressed through improved validation. CVE-2017-7118: Kiki Jiang and Jason Tokoph
MobileBackup Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Backup may perform an unencrypted backup despite a requirement to perform only encrypted backups Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2017-7133: Don Sparks of HackediOS.com
Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. CVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify
WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "11".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZwVI3AAoJEIOj74w0bLRGSncQAMxcG5XB4dncEVU3cTFGO0e/ LVQJzWpK50Lwr7kM+1CV3Nh9oa9b6+3f2hh9vYJ34OHPJbUEasqrZmAFiDjbJoZn 46e34Rxwk7+oGXSFUS15SEAxAsctTCG3redczoZy/7k75q1z/lq1KZPD9WKCoieP m30OuTsEy3x9UZpJ5xcGJXTCy1LE6kFeGtcNBc7T2JBDXR2Y/4inQvIqhhj15Cg+ o6kvRVcUIysDTbeEB2WNRWQn6uKWw/Gl0eg9wei2dMzkbNUIEOSVhPoOCrnLLkQb Ud/YpIYCDn8Uy9on9bnVRa8ZOg0Yx52tuZJ920vu4+8xnSyBvkmSy7AtSU9IZ5SW QLHYuDSECo+nW7xPuFHce2KkUHcZrzAHKpJBGpruq2IX7Vfz5/1w0YJU93pwj5Sy A68JREYoThj/Ath+nPZAvUXUHR0sLXgRlBWUfwo1UsXt4lsVy+b7b0wQP/wX1atz 6/c72oChTp5c8VWlfajHadC6EmLRuBYoLW8HxlemyWU+RZDNjMMb11ytL/vg+VOL 51u+BjCs/6BIJI6+mirfG+XK/DVjStgy5W3atup5yEJXy8ouWyBT4vi1PJgjqQOh 0s4G3yE0J38pvtbCFtSb7VOJBh4ocFz7ggeZ5Z3tSQsawtSlcTfl3+93rJ87yRQG 4UIRwN/cWfzukSyrDAis =ufig -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (ipod touch first 6 generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad air",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11"
}
],
"sources": [
{
"db": "BID",
"id": "100892"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Nesterov, Maxim Goncharov, Jedrzej Krysztofiak, Kiki Jiang and Jason Tokoph, and Don Sparks of HackediOS.com",
"sources": [
{
"db": "BID",
"id": "100892"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7133",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-115336",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7133",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7133",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-980",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115336",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7133",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115336"
},
{
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"MobileBackup\" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. Apple iOS is prone to multiple security vulnerabilities. \nSuccessful exploits will allow attackers to perform unauthorized actions, or cause denial-of-service conditions; other attacks may also be possible. \nVersions prior to Apple iOS 11 are vulnerable. MobileBackup is one of the system backup components. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-09-19-1 iOS 11\n\niOS 11 is now available and addresses the following:\n\nExchange ActiveSync\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: An attacker in a privileged network position may be able to\nerase a device during Exchange account setup\nDescription: A validation issue existed in AutoDiscover V1. This\nissue was addressed through requiring TLS. \nCVE-2017-7088: Ilya Nesterov, Maxim Goncharov\n\niBooks\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7072: JAdrzej Krysztofiak\n\nMail MessageUI\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital\n\nMessages\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A denial of service issue was addressed through improved\nvalidation. \nCVE-2017-7118: Kiki Jiang and Jason Tokoph\n\nMobileBackup\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Backup may perform an unencrypted backup despite a\nrequirement to perform only encrypted backups\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2017-7133: Don Sparks of HackediOS.com\n\nSafari\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7085: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue existed in the handling of the parent-tab. \nThis issue was addressed with improved state management. \nCVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify\n\nWebKit\nAvailable for: iPhone 5s and later, iPad Air and later,\nand iPod touch 6th generation\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update will be \"11\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZwVI3AAoJEIOj74w0bLRGSncQAMxcG5XB4dncEVU3cTFGO0e/\nLVQJzWpK50Lwr7kM+1CV3Nh9oa9b6+3f2hh9vYJ34OHPJbUEasqrZmAFiDjbJoZn\n46e34Rxwk7+oGXSFUS15SEAxAsctTCG3redczoZy/7k75q1z/lq1KZPD9WKCoieP\nm30OuTsEy3x9UZpJ5xcGJXTCy1LE6kFeGtcNBc7T2JBDXR2Y/4inQvIqhhj15Cg+\no6kvRVcUIysDTbeEB2WNRWQn6uKWw/Gl0eg9wei2dMzkbNUIEOSVhPoOCrnLLkQb\nUd/YpIYCDn8Uy9on9bnVRa8ZOg0Yx52tuZJ920vu4+8xnSyBvkmSy7AtSU9IZ5SW\nQLHYuDSECo+nW7xPuFHce2KkUHcZrzAHKpJBGpruq2IX7Vfz5/1w0YJU93pwj5Sy\nA68JREYoThj/Ath+nPZAvUXUHR0sLXgRlBWUfwo1UsXt4lsVy+b7b0wQP/wX1atz\n6/c72oChTp5c8VWlfajHadC6EmLRuBYoLW8HxlemyWU+RZDNjMMb11ytL/vg+VOL\n51u+BjCs/6BIJI6+mirfG+XK/DVjStgy5W3atup5yEJXy8ouWyBT4vi1PJgjqQOh\n0s4G3yE0J38pvtbCFtSb7VOJBh4ocFz7ggeZ5Z3tSQsawtSlcTfl3+93rJ87yRQG\n4UIRwN/cWfzukSyrDAis\n=ufig\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7133"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "BID",
"id": "100892"
},
{
"db": "VULHUB",
"id": "VHN-115336"
},
{
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"db": "PACKETSTORM",
"id": "144267"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7133",
"trust": 3.0
},
{
"db": "BID",
"id": "100892",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1039385",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU99806334",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-115336",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7133",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144267",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115336"
},
{
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"db": "BID",
"id": "100892"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "PACKETSTORM",
"id": "144267"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"id": "VAR-201710-1380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115336"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:41:25.295000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT208112",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208112"
},
{
"title": "HT208112",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208112"
},
{
"title": "Apple iOS MobileBackup Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99693"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115336"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/100892"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht208112"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1039385"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7133"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7133"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99806334/index.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7072"
},
{
"trust": 0.1,
"url": "https://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7106"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115336"
},
{
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"db": "BID",
"id": "100892"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "PACKETSTORM",
"id": "144267"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115336"
},
{
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"db": "BID",
"id": "100892"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"db": "PACKETSTORM",
"id": "144267"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-115336"
},
{
"date": "2017-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"date": "2017-09-19T00:00:00",
"db": "BID",
"id": "100892"
},
{
"date": "2017-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"date": "2017-09-20T11:11:11",
"db": "PACKETSTORM",
"id": "144267"
},
{
"date": "2017-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"date": "2017-10-23T01:29:13.563000",
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-115336"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7133"
},
{
"date": "2017-09-19T00:00:00",
"db": "BID",
"id": "100892"
},
{
"date": "2017-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009362"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-980"
},
{
"date": "2024-11-21T03:31:14.467000",
"db": "NVD",
"id": "CVE-2017-7133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS of MobileBackup Vulnerabilities in which important plaintext information is obtained in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009362"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-980"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…