var-201711-0437
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS Vulnerabilities exist in the kernel component that prevent memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS High Sierra prior to 10.13.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11
tvOS 11 addresses the following:
802.1X Available for: Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2. CVE-2017-13832: an anonymous researcher Entry added October 31, 2017
CFNetwork Proxies Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
CoreAudio Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro
CoreText Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13825: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
file Available for: Apple TV (4th generation) Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.31. CVE-2017-13815 Entry added October 31, 2017
Fonts Available for: Apple TV (4th generation) Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13828: an anonymous researcher Entry added October 31, 2017
HFS Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum Entry added October 31, 2017
ImageIO Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-13814: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
ImageIO Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-2017-13831: an anonymous researcher Entry added October 31, 2017
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13817: Maxime Villard (m00nbsd) Entry added October 31, 2017
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13818: The UK's National Cyber Security Centre (NCSC) CVE-2017-13836: an anonymous researcher, an anonymous researcher CVE-2017-13841: an anonymous researcher CVE-2017-13840: an anonymous researcher CVE-2017-13842: an anonymous researcher CVE-2017-13782: Kevin Backhouse of Semmle Ltd. Entry added October 31, 2017
Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13843: an anonymous researcher Entry added October 31, 2017
Kernel Available for: Apple TV (4th generation) Impact: Processing a malformed mach binary may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved validation. CVE-2017-13834: Maxime Villard (m00nbsd) Entry added October 31, 2017
libarchive Available for: Apple TV (4th generation) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-13813: found by OSS-Fuzz CVE-2017-13816: found by OSS-Fuzz Entry added October 31, 2017
libarchive Available for: Apple TV (4th generation) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2017-13812: found by OSS-Fuzz Entry added October 31, 2017
libc Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google
libc Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373
libexpat Available for: Apple TV (4th generation) Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233
Quick Look Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13822: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
Security Available for: Apple TV (4th generation) Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation. CVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune
SQLite Available for: Apple TV (4th generation) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz
SQLite Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7081: Apple
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7087: Apple CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2017-7092: Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro's Zero Day Initiative CVE-2017-7096: Wei Yuan of Baidu Security Lab CVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica CVE-2017-7099: Apple CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53 CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7104: likemeng of Baidu Secutity Lab CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative CVE-2017-7117: lokihardt of Google Project Zero CVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security Lab
WebKit Available for: Apple TV (4th generation) Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. CVE-2017-7090: Apple
WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: Application Cache policy may be unexpectedly applied. CVE-2017-7109: avlidienbrunn
Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-11120: Gal Beniamini of Google Project Zero CVE-2017-11121: Gal Beniamini of Google Project Zero
Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7103: Gal Beniamini of Google Project Zero CVE-2017-7105: Gal Beniamini of Google Project Zero CVE-2017-7108: Gal Beniamini of Google Project Zero CVE-2017-7110: Gal Beniamini of Google Project Zero CVE-2017-7112: Gal Beniamini of Google Project Zero
Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: Multiple race conditions were addressed through improved validation. CVE-2017-7115: Gal Beniamini of Google Project Zero
Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7116: Gal Beniamini of Google Project Zero
zlib Available for: Apple TV (4th generation) Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7wpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZPHhAA qz3CZN0a8fyxUcIIJEM4CS/fJEH4fihEOIYlYKRYMWJAULwcXuh52Kp2psFFZDcX svG8yFTj/cE4b3KlDEAAlS68IBGClazBd4zjgNeXvhHjmzSrLGWORyfpCT94Tj7m F3S4MWqfXFCdarLdTCVgZs7k+5JzpZyJw53ivQWjLWMA8TUladsZM3aywTqXvN+Q D1Lkotpn3pcs78BONlsCwzrbqqnUGUevgcwGOwFirolMxDQ+TJzmljfTKsjNlCbo 5du9CVdQCE0K4aCYObTdMc683iLosxFhkcrO7pgPTy1cHBUueM8P2P4cKu4+68/y 7vcinEU3gocdToGf7gfaWPQJinKDBB7bMIIuDIjOQDhqh8Kb7/jGpK+QLO+Hattn J9AuVSKHkTA8kQ8ObpA09MZbcI9FRa+nBM58iPQVDu5fB2u7WD1yuodrWio4cIb7 yK7sjh5uEdej2esSy/hdTJOsJNdRXTe1DGCWizUVHiCtaqEjMAbVrxixEedbVP+h j7mHfi1VAYycKnMVYd5NF7z04HpSi0Pvh61CLsTBE7z94NPmTqJ77OTVr/UmYm4w LeJKr1Wkq3rptLwhZz6m552skCDblUD5k3BUHl5zTtLt0Zbz5rTyAdVwog7GD0K4 46yOKteEn88G0DQJd9VIYynPFBTG+WWnV8d095UN1P4= =9X9S -----END PGP SIGNATURE----- .
Alternatively, on your watch, select "My Watch > General > About"
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0437", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.13.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11.6" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.12.6" }, { "model": "mac os x", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "10.13.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "CNNVD", "id": "CNNVD-201711-397" }, { "db": "NVD", "id": "CVE-2017-13840" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010369" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "144837" }, { "db": "PACKETSTORM", "id": "144833" } ], "trust": 0.2 }, "cve": "CVE-2017-13840", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-13840", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-104503", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-13840", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-13840", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-13840", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201711-397", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-104503", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-13840", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-104503" }, { "db": "VULMON", "id": "CVE-2017-13840" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "CNNVD", "id": "CNNVD-201711-397" }, { "db": "NVD", "id": "CVE-2017-13840" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS Vulnerabilities exist in the kernel component that prevent memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS High Sierra prior to 10.13.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-11\nAdditional information for APPLE-SA-2017-09-20-3 tvOS 11\n\ntvOS 11 addresses the following:\n\n802.1X\nAvailable for: Apple TV (4th generation)\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\nDescription: A protocol security issue was addressed by enabling TLS\n1.1 and TLS 1.2. \nCVE-2017-13832: an anonymous researcher\nEntry added October 31, 2017\n\nCFNetwork Proxies\nAvailable for: Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7083: Abhinav Bansal of Zscaler Inc. \n\nCoreAudio\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed by updating to Opus\nversion 1.1.4. \nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend\nMicro\n\nCoreText\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-13825: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nfile\nAvailable for: Apple TV (4th generation)\nImpact: Multiple issues in file\nDescription: Multiple issues were addressed by updating to version\n5.31. \nCVE-2017-13815\nEntry added October 31, 2017\n\nFonts\nAvailable for: Apple TV (4th generation)\nImpact: Rendering untrusted text may lead to spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13828: an anonymous researcher\nEntry added October 31, 2017\n\nHFS\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\nEntry added October 31, 2017\n\nImageIO\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-13814: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nImageIO\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-2017-13831: an anonymous researcher\nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13817: Maxime Villard (m00nbsd)\nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13818: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2017-13836: an anonymous researcher, an anonymous researcher\nCVE-2017-13841: an anonymous researcher\nCVE-2017-13840: an anonymous researcher\nCVE-2017-13842: an anonymous researcher\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd. \nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13843: an anonymous researcher\nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: Processing a malformed mach binary may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed through improved\nvalidation. \nCVE-2017-13834: Maxime Villard (m00nbsd)\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: Apple TV (4th generation)\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-13813: found by OSS-Fuzz\nCVE-2017-13816: found by OSS-Fuzz\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: Apple TV (4th generation)\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed through improved input validation. \nCVE-2017-13812: found by OSS-Fuzz\nEntry added October 31, 2017\n\nlibc\nAvailable for: Apple TV (4th generation)\nImpact: A remote attacker may be able to cause a denial-of-service\nDescription: A resource exhaustion issue in glob() was addressed\nthrough an improved algorithm. \nCVE-2017-7086: Russ Cox of Google\n\nlibc\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-1000373\n\nlibexpat\nAvailable for: Apple TV (4th generation)\nImpact: Multiple issues in expat\nDescription: Multiple issues were addressed by updating to version\n2.2.1\nCVE-2016-9063\nCVE-2017-9233\n\nQuick Look\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13822: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nSecurity\nAvailable for: Apple TV (4th generation)\nImpact: A revoked certificate may be trusted\nDescription: A certificate validation issue existed in the handling\nof revocation data. This issue was addressed through improved\nvalidation. \nCVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven\nDriemecker of adesso mobile solutions gmbh, Rune Darrud\n(@theflyingcorpse) of BA|rum kommune\n\nSQLite\nAvailable for: Apple TV (4th generation)\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating to version\n3.19.3. \nCVE-2017-10989: found by OSS-Fuzz\nCVE-2017-7128: found by OSS-Fuzz\nCVE-2017-7129: found by OSS-Fuzz\nCVE-2017-7130: found by OSS-Fuzz\n\nSQLite\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7127: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7081: Apple\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7087: Apple\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend\nMicro\u0027s Zero Day Initiative\nCVE-2017-7092: Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team,\nSamuel Gro and Niklas Baumstark working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang\nTechnological University working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\nCVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica\nCVE-2017-7099: Apple\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang\nTechnological University\nCVE-2017-7104: likemeng of Baidu Secutity Lab\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang\nTechnological University\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com)\nworking with Trend Micro\u0027s Zero Day Initiative\nCVE-2017-7117: lokihardt of Google Project Zero\nCVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security\nLab\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Cookies belonging to one origin may be sent to another origin\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed by no longer returning\ncookies for custom URL schemes. \nCVE-2017-7090: Apple\n\nWebKit\nAvailable for: Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: Application Cache policy may be unexpectedly applied. \nCVE-2017-7109: avlidienbrunn\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-11120: Gal Beniamini of Google Project Zero\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nexecute arbitrary code with kernel privileges on the application\nprocessor\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7103: Gal Beniamini of Google Project Zero\nCVE-2017-7105: Gal Beniamini of Google Project Zero\nCVE-2017-7108: Gal Beniamini of Google Project Zero\nCVE-2017-7110: Gal Beniamini of Google Project Zero\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nexecute arbitrary code with kernel privileges on the application\nprocessor\nDescription: Multiple race conditions were addressed through improved\nvalidation. \nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for: Apple TV (4th generation)\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nread restricted kernel memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\nzlib\nAvailable for: Apple TV (4th generation)\nImpact: Multiple issues in zlib\nDescription: Multiple issues were addressed by updating to version\n1.2.11. \nCVE-2016-9840\nCVE-2016-9841\nCVE-2016-9842\nCVE-2016-9843\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7wpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZPHhAA\nqz3CZN0a8fyxUcIIJEM4CS/fJEH4fihEOIYlYKRYMWJAULwcXuh52Kp2psFFZDcX\nsvG8yFTj/cE4b3KlDEAAlS68IBGClazBd4zjgNeXvhHjmzSrLGWORyfpCT94Tj7m\nF3S4MWqfXFCdarLdTCVgZs7k+5JzpZyJw53ivQWjLWMA8TUladsZM3aywTqXvN+Q\nD1Lkotpn3pcs78BONlsCwzrbqqnUGUevgcwGOwFirolMxDQ+TJzmljfTKsjNlCbo\n5du9CVdQCE0K4aCYObTdMc683iLosxFhkcrO7pgPTy1cHBUueM8P2P4cKu4+68/y\n7vcinEU3gocdToGf7gfaWPQJinKDBB7bMIIuDIjOQDhqh8Kb7/jGpK+QLO+Hattn\nJ9AuVSKHkTA8kQ8ObpA09MZbcI9FRa+nBM58iPQVDu5fB2u7WD1yuodrWio4cIb7\nyK7sjh5uEdej2esSy/hdTJOsJNdRXTe1DGCWizUVHiCtaqEjMAbVrxixEedbVP+h\nj7mHfi1VAYycKnMVYd5NF7z04HpSi0Pvh61CLsTBE7z94NPmTqJ77OTVr/UmYm4w\nLeJKr1Wkq3rptLwhZz6m552skCDblUD5k3BUHl5zTtLt0Zbz5rTyAdVwog7GD0K4\n46yOKteEn88G0DQJd9VIYynPFBTG+WWnV8d095UN1P4=\n=9X9S\n-----END PGP SIGNATURE-----\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"", "sources": [ { "db": "NVD", "id": "CVE-2017-13840" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "VULHUB", "id": "VHN-104503" }, { "db": "VULMON", "id": "CVE-2017-13840" }, { "db": "PACKETSTORM", "id": "144837" }, { "db": "PACKETSTORM", "id": "144833" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-13840", "trust": 2.8 }, { "db": "SECTRACK", "id": "1039710", "trust": 1.2 }, { "db": "JVN", "id": "JVNVU99000953", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-010369", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201711-397", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-104503", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-13840", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144837", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144833", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104503" }, { "db": "VULMON", "id": "CVE-2017-13840" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "PACKETSTORM", "id": "144837" }, { "db": "PACKETSTORM", "id": "144833" }, { "db": "CNNVD", "id": "CNNVD-201711-397" }, { "db": "NVD", "id": "CVE-2017-13840" } ] }, "id": "VAR-201711-0437", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-104503" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:06:03.905000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple security updates", "trust": 0.8, "url": "https://support.apple.com/en-us/HT201222" }, { "title": "HT208221", "trust": 0.8, "url": "https://support.apple.com/en-us/HT208221" }, { "title": "HT208221", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT208221" }, { "title": "Apple macOS High Sierra Kernel Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76265" }, { "title": "Apple: watchOS 4", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ab83a1accc04e07941acff281502d6ab" }, { "title": "Apple: macOS High Sierra 10.13", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=dc5ef303c64758e2c6d76a32028764e1" }, { "title": "Apple: tvOS 11", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=74de8bbddd443742d386dabda32dc2ae" }, { "title": "Apple: iOS 11", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=041cce4eee20b18dc79e9460a53e8400" }, { "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d" } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-13840" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "CNNVD", "id": "CNNVD-201711-397" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104503" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "NVD", "id": "CVE-2017-13840" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://support.apple.com/ht208221" }, { "trust": 1.2, "url": "http://www.securitytracker.com/id/1039710" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13840" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13840" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99000953/index.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13782" }, { "trust": 0.2, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10989" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13817" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13831" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0381" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9842" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13832" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13830" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000373" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13828" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13836" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13814" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13825" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13816" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13834" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13818" }, { "trust": 0.2, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9840" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13813" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9841" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9843" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13812" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13815" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/200.html" }, { "trust": 0.1, "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-kernel-cve-2017-13840" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht208115" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11120" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11121" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht204641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13821" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13842" } ], "sources": [ { "db": "VULHUB", "id": "VHN-104503" }, { "db": "VULMON", "id": "CVE-2017-13840" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "PACKETSTORM", "id": "144837" }, { "db": "PACKETSTORM", "id": "144833" }, { "db": "CNNVD", "id": "CNNVD-201711-397" }, { "db": "NVD", "id": "CVE-2017-13840" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-104503" }, { "db": "VULMON", "id": "CVE-2017-13840" }, { "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "db": "PACKETSTORM", "id": "144837" }, { "db": "PACKETSTORM", "id": "144833" }, { "db": "CNNVD", "id": "CNNVD-201711-397" }, { "db": "NVD", "id": "CVE-2017-13840" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-13T00:00:00", "db": "VULHUB", "id": "VHN-104503" }, { "date": "2017-11-13T00:00:00", "db": "VULMON", "id": "CVE-2017-13840" }, { "date": "2017-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "date": "2017-11-01T16:15:56", "db": "PACKETSTORM", "id": "144837" }, { "date": "2017-11-01T15:54:08", "db": "PACKETSTORM", "id": "144833" }, { "date": "2017-11-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-397" }, { "date": "2017-11-13T03:29:02.207000", "db": "NVD", "id": "CVE-2017-13840" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-28T00:00:00", "db": "VULHUB", "id": "VHN-104503" }, { "date": "2017-11-28T00:00:00", "db": "VULMON", "id": "CVE-2017-13840" }, { "date": "2017-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010369" }, { "date": "2017-11-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-397" }, { "date": "2024-11-21T03:11:46.863000", "db": "NVD", "id": "CVE-2017-13840" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-397" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple macOS Vulnerability in the kernel component that bypasses memory read restrictions", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010369" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-397" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.