var-201711-0437
Vulnerability from variot

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS Vulnerabilities exist in the kernel component that prevent memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS High Sierra prior to 10.13.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11

tvOS 11 addresses the following:

802.1X Available for: Apple TV (4th generation) Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2. CVE-2017-13832: an anonymous researcher Entry added October 31, 2017

CFNetwork Proxies Available for: Apple TV (4th generation) Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc.

CoreAudio Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro

CoreText Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13825: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017

file Available for: Apple TV (4th generation) Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.31. CVE-2017-13815 Entry added October 31, 2017

Fonts Available for: Apple TV (4th generation) Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13828: an anonymous researcher Entry added October 31, 2017

HFS Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum Entry added October 31, 2017

ImageIO Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-13814: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017

ImageIO Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-2017-13831: an anonymous researcher Entry added October 31, 2017

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity

Kernel Available for: Apple TV (4th generation) Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13817: Maxime Villard (m00nbsd) Entry added October 31, 2017

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13818: The UK's National Cyber Security Centre (NCSC) CVE-2017-13836: an anonymous researcher, an anonymous researcher CVE-2017-13841: an anonymous researcher CVE-2017-13840: an anonymous researcher CVE-2017-13842: an anonymous researcher CVE-2017-13782: Kevin Backhouse of Semmle Ltd. Entry added October 31, 2017

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13843: an anonymous researcher Entry added October 31, 2017

Kernel Available for: Apple TV (4th generation) Impact: Processing a malformed mach binary may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved validation. CVE-2017-13834: Maxime Villard (m00nbsd) Entry added October 31, 2017

libarchive Available for: Apple TV (4th generation) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-13813: found by OSS-Fuzz CVE-2017-13816: found by OSS-Fuzz Entry added October 31, 2017

libarchive Available for: Apple TV (4th generation) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2017-13812: found by OSS-Fuzz Entry added October 31, 2017

libc Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google

libc Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373

libexpat Available for: Apple TV (4th generation) Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233

Quick Look Available for: Apple TV (4th generation) Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13822: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017

Security Available for: Apple TV (4th generation) Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation. CVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune

SQLite Available for: Apple TV (4th generation) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-10989: found by OSS-Fuzz CVE-2017-7128: found by OSS-Fuzz CVE-2017-7129: found by OSS-Fuzz CVE-2017-7130: found by OSS-Fuzz

SQLite Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7127: an anonymous researcher

WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7081: Apple

WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7087: Apple CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro's Zero Day Initiative CVE-2017-7092: Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro's Zero Day Initiative CVE-2017-7096: Wei Yuan of Baidu Security Lab CVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica CVE-2017-7099: Apple CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53 CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7104: likemeng of Baidu Secutity Lab CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative CVE-2017-7117: lokihardt of Google Project Zero CVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security Lab

WebKit Available for: Apple TV (4th generation) Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. CVE-2017-7090: Apple

WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: Application Cache policy may be unexpectedly applied. CVE-2017-7109: avlidienbrunn

Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-11120: Gal Beniamini of Google Project Zero CVE-2017-11121: Gal Beniamini of Google Project Zero

Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7103: Gal Beniamini of Google Project Zero CVE-2017-7105: Gal Beniamini of Google Project Zero CVE-2017-7108: Gal Beniamini of Google Project Zero CVE-2017-7110: Gal Beniamini of Google Project Zero CVE-2017-7112: Gal Beniamini of Google Project Zero

Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to execute arbitrary code with kernel privileges on the application processor Description: Multiple race conditions were addressed through improved validation. CVE-2017-7115: Gal Beniamini of Google Project Zero

Wi-Fi Available for: Apple TV (4th generation) Impact: Malicious code executing on the Wi-Fi chip may be able to read restricted kernel memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7116: Gal Beniamini of Google Project Zero

zlib Available for: Apple TV (4th generation) Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."

To check the current version of software, select "Settings -> General -> About."

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7wpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZPHhAA qz3CZN0a8fyxUcIIJEM4CS/fJEH4fihEOIYlYKRYMWJAULwcXuh52Kp2psFFZDcX svG8yFTj/cE4b3KlDEAAlS68IBGClazBd4zjgNeXvhHjmzSrLGWORyfpCT94Tj7m F3S4MWqfXFCdarLdTCVgZs7k+5JzpZyJw53ivQWjLWMA8TUladsZM3aywTqXvN+Q D1Lkotpn3pcs78BONlsCwzrbqqnUGUevgcwGOwFirolMxDQ+TJzmljfTKsjNlCbo 5du9CVdQCE0K4aCYObTdMc683iLosxFhkcrO7pgPTy1cHBUueM8P2P4cKu4+68/y 7vcinEU3gocdToGf7gfaWPQJinKDBB7bMIIuDIjOQDhqh8Kb7/jGpK+QLO+Hattn J9AuVSKHkTA8kQ8ObpA09MZbcI9FRa+nBM58iPQVDu5fB2u7WD1yuodrWio4cIb7 yK7sjh5uEdej2esSy/hdTJOsJNdRXTe1DGCWizUVHiCtaqEjMAbVrxixEedbVP+h j7mHfi1VAYycKnMVYd5NF7z04HpSi0Pvh61CLsTBE7z94NPmTqJ77OTVr/UmYm4w LeJKr1Wkq3rptLwhZz6m552skCDblUD5k3BUHl5zTtLt0Zbz5rTyAdVwog7GD0K4 46yOKteEn88G0DQJd9VIYynPFBTG+WWnV8d095UN1P4= =9X9S -----END PGP SIGNATURE----- .

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0437",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.13.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.13.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "144837"
      },
      {
        "db": "PACKETSTORM",
        "id": "144833"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2017-13840",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-13840",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-104503",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-13840",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-13840",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-13840",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-397",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-104503",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-13840",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS Vulnerabilities exist in the kernel component that prevent memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS High Sierra prior to 10.13.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-11\nAdditional information for APPLE-SA-2017-09-20-3 tvOS 11\n\ntvOS 11 addresses the following:\n\n802.1X\nAvailable for: Apple TV (4th generation)\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\nDescription: A protocol security issue was addressed by enabling TLS\n1.1 and TLS 1.2. \nCVE-2017-13832: an anonymous researcher\nEntry added October 31, 2017\n\nCFNetwork Proxies\nAvailable for:  Apple TV (4th generation)\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7083: Abhinav Bansal of Zscaler Inc. \n\nCoreAudio\nAvailable for:  Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed by updating to Opus\nversion 1.1.4. \nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend\nMicro\n\nCoreText\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-13825: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nfile\nAvailable for: Apple TV (4th generation)\nImpact: Multiple issues in file\nDescription: Multiple issues were addressed by updating to version\n5.31. \nCVE-2017-13815\nEntry added October 31, 2017\n\nFonts\nAvailable for: Apple TV (4th generation)\nImpact: Rendering untrusted text may lead to spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13828: an anonymous researcher\nEntry added October 31, 2017\n\nHFS\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\nEntry added October 31, 2017\n\nImageIO\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-13814: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nImageIO\nAvailable for: Apple TV (4th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-2017-13831: an anonymous researcher\nEntry added October 31, 2017\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13817: Maxime Villard (m00nbsd)\nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13818: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2017-13836: an anonymous researcher, an anonymous researcher\nCVE-2017-13841: an anonymous researcher\nCVE-2017-13840: an anonymous researcher\nCVE-2017-13842: an anonymous researcher\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd. \nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13843: an anonymous researcher\nEntry added October 31, 2017\n\nKernel\nAvailable for: Apple TV (4th generation)\nImpact: Processing a malformed mach binary may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed through improved\nvalidation. \nCVE-2017-13834: Maxime Villard (m00nbsd)\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: Apple TV (4th generation)\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-13813: found by OSS-Fuzz\nCVE-2017-13816: found by OSS-Fuzz\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: Apple TV (4th generation)\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed through improved input validation. \nCVE-2017-13812: found by OSS-Fuzz\nEntry added October 31, 2017\n\nlibc\nAvailable for:  Apple TV (4th generation)\nImpact: A remote attacker may be able to cause a denial-of-service\nDescription: A resource exhaustion issue in glob() was addressed\nthrough an improved algorithm. \nCVE-2017-7086: Russ Cox of Google\n\nlibc\nAvailable for:  Apple TV (4th generation)\nImpact: An application may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-1000373\n\nlibexpat\nAvailable for:  Apple TV (4th generation)\nImpact: Multiple issues in expat\nDescription: Multiple issues were addressed by updating to version\n2.2.1\nCVE-2016-9063\nCVE-2017-9233\n\nQuick Look\nAvailable for: Apple TV (4th generation)\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13822: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nSecurity\nAvailable for:  Apple TV (4th generation)\nImpact: A revoked certificate may be trusted\nDescription: A certificate validation issue existed in the handling\nof revocation data. This issue was addressed through improved\nvalidation. \nCVE-2017-7080: an anonymous researcher, an anonymous researcher, Sven\nDriemecker of adesso mobile solutions gmbh, Rune Darrud\n(@theflyingcorpse) of BA|rum kommune\n\nSQLite\nAvailable for:  Apple TV (4th generation)\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating to version\n3.19.3. \nCVE-2017-10989: found by OSS-Fuzz\nCVE-2017-7128: found by OSS-Fuzz\nCVE-2017-7129: found by OSS-Fuzz\nCVE-2017-7130: found by OSS-Fuzz\n\nSQLite\nAvailable for:  Apple TV (4th generation)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7127: an anonymous researcher\n\nWebKit\nAvailable for:  Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-7081: Apple\n\nWebKit\nAvailable for:  Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7087: Apple\nCVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend\nMicro\u0027s Zero Day Initiative\nCVE-2017-7092: Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team,\nSamuel Gro and Niklas Baumstark working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend\nMicro\u0027s Zero Day Initiative\nCVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group\nCVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang\nTechnological University working with Trend Micro\u0027s Zero Day\nInitiative\nCVE-2017-7096: Wei Yuan of Baidu Security Lab\nCVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica\nCVE-2017-7099: Apple\nCVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53\nCVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang\nTechnological University\nCVE-2017-7104: likemeng of Baidu Secutity Lab\nCVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang\nTechnological University\nCVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com)\nworking with Trend Micro\u0027s Zero Day Initiative\nCVE-2017-7117: lokihardt of Google Project Zero\nCVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security\nLab\n\nWebKit\nAvailable for:  Apple TV (4th generation)\nImpact: Cookies belonging to one origin may be sent to another origin\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed by no longer returning\ncookies for custom URL schemes. \nCVE-2017-7090: Apple\n\nWebKit\nAvailable for:  Apple TV (4th generation)\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: Application Cache policy may be unexpectedly applied. \nCVE-2017-7109: avlidienbrunn\n\nWi-Fi\nAvailable for:  Apple TV (4th generation)\nImpact: An attacker within range may be able to execute arbitrary\ncode on the Wi-Fi chip\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-11120: Gal Beniamini of Google Project Zero\nCVE-2017-11121: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for:  Apple TV (4th generation)\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nexecute arbitrary code with kernel privileges on the application\nprocessor\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7103: Gal Beniamini of Google Project Zero\nCVE-2017-7105: Gal Beniamini of Google Project Zero\nCVE-2017-7108: Gal Beniamini of Google Project Zero\nCVE-2017-7110: Gal Beniamini of Google Project Zero\nCVE-2017-7112: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for:  Apple TV (4th generation)\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nexecute arbitrary code with kernel privileges on the application\nprocessor\nDescription: Multiple race conditions were addressed through improved\nvalidation. \nCVE-2017-7115: Gal Beniamini of Google Project Zero\n\nWi-Fi\nAvailable for:  Apple TV (4th generation)\nImpact: Malicious code executing on the Wi-Fi chip may be able to\nread restricted kernel memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7116: Gal Beniamini of Google Project Zero\n\nzlib\nAvailable for:  Apple TV (4th generation)\nImpact: Multiple issues in zlib\nDescription: Multiple issues were addressed by updating to version\n1.2.11. \nCVE-2016-9840\nCVE-2016-9841\nCVE-2016-9842\nCVE-2016-9843\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u7wpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZPHhAA\nqz3CZN0a8fyxUcIIJEM4CS/fJEH4fihEOIYlYKRYMWJAULwcXuh52Kp2psFFZDcX\nsvG8yFTj/cE4b3KlDEAAlS68IBGClazBd4zjgNeXvhHjmzSrLGWORyfpCT94Tj7m\nF3S4MWqfXFCdarLdTCVgZs7k+5JzpZyJw53ivQWjLWMA8TUladsZM3aywTqXvN+Q\nD1Lkotpn3pcs78BONlsCwzrbqqnUGUevgcwGOwFirolMxDQ+TJzmljfTKsjNlCbo\n5du9CVdQCE0K4aCYObTdMc683iLosxFhkcrO7pgPTy1cHBUueM8P2P4cKu4+68/y\n7vcinEU3gocdToGf7gfaWPQJinKDBB7bMIIuDIjOQDhqh8Kb7/jGpK+QLO+Hattn\nJ9AuVSKHkTA8kQ8ObpA09MZbcI9FRa+nBM58iPQVDu5fB2u7WD1yuodrWio4cIb7\nyK7sjh5uEdej2esSy/hdTJOsJNdRXTe1DGCWizUVHiCtaqEjMAbVrxixEedbVP+h\nj7mHfi1VAYycKnMVYd5NF7z04HpSi0Pvh61CLsTBE7z94NPmTqJ77OTVr/UmYm4w\nLeJKr1Wkq3rptLwhZz6m552skCDblUD5k3BUHl5zTtLt0Zbz5rTyAdVwog7GD0K4\n46yOKteEn88G0DQJd9VIYynPFBTG+WWnV8d095UN1P4=\n=9X9S\n-----END PGP SIGNATURE-----\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "db": "PACKETSTORM",
        "id": "144837"
      },
      {
        "db": "PACKETSTORM",
        "id": "144833"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-13840",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1039710",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU99000953",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-104503",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13840",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144837",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144833",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144837"
      },
      {
        "db": "PACKETSTORM",
        "id": "144833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "id": "VAR-201711-0437",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:06:03.905000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "HT208221",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208221"
      },
      {
        "title": "HT208221",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208221"
      },
      {
        "title": "Apple macOS High Sierra Kernel Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76265"
      },
      {
        "title": "Apple: watchOS 4",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ab83a1accc04e07941acff281502d6ab"
      },
      {
        "title": "Apple: macOS High Sierra 10.13",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=dc5ef303c64758e2c6d76a32028764e1"
      },
      {
        "title": "Apple: tvOS 11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=74de8bbddd443742d386dabda32dc2ae"
      },
      {
        "title": "Apple: iOS 11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=041cce4eee20b18dc79e9460a53e8400"
      },
      {
        "title": "Apple: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=870f3f04ef17f7b183f74ae687a1561d"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208221"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1039710"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13840"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13840"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu99000953/index.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13782"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10989"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13817"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13831"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0381"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13832"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13830"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000373"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13828"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13836"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13814"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13825"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13816"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13818"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13813"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9841"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13812"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13815"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/apple-osx-kernel-cve-2017-13840"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht208115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11120"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13822"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11121"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13821"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13842"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144837"
      },
      {
        "db": "PACKETSTORM",
        "id": "144833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "db": "PACKETSTORM",
        "id": "144837"
      },
      {
        "db": "PACKETSTORM",
        "id": "144833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "date": "2017-11-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "date": "2017-11-01T16:15:56",
        "db": "PACKETSTORM",
        "id": "144837"
      },
      {
        "date": "2017-11-01T15:54:08",
        "db": "PACKETSTORM",
        "id": "144833"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "date": "2017-11-13T03:29:02.207000",
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104503"
      },
      {
        "date": "2017-11-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-13840"
      },
      {
        "date": "2017-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      },
      {
        "date": "2017-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      },
      {
        "date": "2024-11-21T03:11:46.863000",
        "db": "NVD",
        "id": "CVE-2017-13840"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS Vulnerability in the kernel component that bypasses memory read restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010369"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-397"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…