var-201711-0462
Vulnerability from variot
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. fsck_msdos is one of the file system checking tools. A security vulnerability exists in the fsck_msdos component of Apple macOS High Sierra prior to 10.13.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13
macOS High Sierra 10.13 addresses the following:
802.1X Available for: OS X Mountain Lion 10.8 and later Impact: An attacker may be able to exploit weaknesses in TLS 1.0 Description: A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2. CVE-2017-13832: an anonymous researcher Entry added October 31, 2017
apache Available for: OS X Mountain Lion 10.8 and later Impact: Multiple issues in Apache Description: Multiple issues were addressed by updating to version 2.4.27. CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788 CVE-2017-9789 Entry added October 31, 2017
apache Available for: OS X Mountain Lion 10.8 and later Impact: Multiple issues in Apache Description: Multiple issues existed in Apache. These were addressed by updating Apache to version 2.4.25. CVE-2016-736 CVE-2016-2161 CVE-2016-5387 CVE-2016-8740 CVE-2016-8743 Entry added October 31, 2017
AppleScript Available for: OS X Mountain Lion 10.8 and later Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution Description: A validation issue was addressed with improved input sanitization. CVE-2017-13809: an anonymous researcher Entry added October 31, 2017
Application Firewall Available for: OS X Lion v10.8 and later Impact: A previously denied application firewall setting may take effect after upgrading Description: An upgrade issue existed in the handling of firewall settings. This issue was addressed through improved handling of firewall settings during upgrades. CVE-2017-7084: an anonymous researcher
AppSandbox Available for: OS X Lion v10.8 and later Impact: An application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7074: Daniel Jalkut of Red Sweater Software
ATS Available for: OS X Mountain Lion 10.8 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved input validation. CVE-2017-13820: John Villamil, Doyensec Entry added October 31, 2017
Audio Available for: OS X Mountain Lion 10.8 and later Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team Entry added October 31, 2017
Captive Network Assistant Available for: OS X Lion v10.8 and later Impact: A local user may unknowingly send a password unencrypted over the network Description: The security state of the captive portal browser was not obvious. This issue was addressed with improved visibility of the captive portal browser security state. CVE-2017-7143: an anonymous researcher
CFNetwork Proxies Available for: OS X Lion v10.8 and later Impact: An attacker in a privileged network position may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
CFString Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13821: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
CoreAudio Available for: OS X Lion v10.8 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed by updating to Opus version 1.1.4. CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro
CoreText Available for: OS X Mountain Lion 10.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-13825: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
Directory Utility Available for: OS X Lion v10.8 and later Impact: A local attacker may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. This issue was addressed with improved access controls. CVE-2017-7138: an anonymous researcher
file Available for: OS X Lion v10.8 and later Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.30. CVE-2017-7121: found by OSS-Fuzz CVE-2017-7122: found by OSS-Fuzz CVE-2017-7123: found by OSS-Fuzz CVE-2017-7124: found by OSS-Fuzz CVE-2017-7125: found by OSS-Fuzz CVE-2017-7126: found by OSS-Fuzz
file Available for: OS X Mountain Lion 10.8 and later Impact: Multiple issues in file Description: Multiple issues were addressed by updating to version 5.31. CVE-2017-13815 Entry added October 31, 2017
Fonts Available for: OS X Mountain Lion 10.8 and later Impact: Rendering untrusted text may lead to spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-13828: an anonymous researcher Entry added October 31, 2017
fsck_msdos Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13811: an anonymous researcher Entry added October 31, 2017
HelpViewer Available for: OS X Mountain Lion 10.8 and later Impact: A quarantined HTML file may execute arbitrary JavaScript cross-origin Description: A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file. CVE-2017-13819: an anonymous researcher Entry added October 31, 2017
HFS Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum Entry added October 31, 2017
ImageIO Available for: OS X Mountain Lion 10.8 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-13814: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
ImageIO Available for: OS X Mountain Lion 10.8 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-2017-13831: an anonymous researcher Entry added October 31, 2017
Installer Available for: OS X Mountain Lion 10.8 and later Impact: A malicious application may be able to access the FileVault unlock key Description: This issue was addressed by removing additional entitlements. CVE-2017-13837: Patrick Wardle of Synack Entry added October 31, 2017
IOFireWireFamily Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7077: Brandon Azad
IOFireWireFamily Available for: OS X Lion v10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc., Benjamin Gnahm (@mitp0sh) of PDX
Kernel Available for: OS X Lion v10.8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
Kernel Available for: OS X Mountain Lion 10.8 and later Impact: A local user may be able to leak sensitive user information Description: A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation. CVE-2017-13810: an anonymous researcher Entry added October 31, 2017
Kernel Available for: OS X Mountain Lion 10.8 and later Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2017-13817: Maxime Villard (m00nbsd) Entry added October 31, 2017
Kernel Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13818: The UK's National Cyber Security Centre (NCSC) CVE-2017-13836: an anonymous researcher, an anonymous researcher CVE-2017-13841: an anonymous researcher CVE-2017-13840: an anonymous researcher CVE-2017-13842: an anonymous researcher CVE-2017-13782: Kevin Backhouse of Semmle Ltd. Entry added October 31, 2017
Kernel Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13843: an anonymous researcher Entry added October 31, 2017
Kernel Available for: OS X Mountain Lion 10.8 and later Impact: Processing a malformed mach binary may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved validation. CVE-2017-13834: Maxime Villard (m00nbsd) Entry added October 31, 2017
kext tools Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A logic error in kext loading was addressed with improved state handling. CVE-2017-13827: an anonymous researcher Entry added October 31, 2017
libarchive Available for: OS X Mountain Lion 10.8 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-13813: found by OSS-Fuzz CVE-2017-13816: found by OSS-Fuzz Entry added October 31, 2017
libarchive Available for: OS X Mountain Lion 10.8 and later Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation. CVE-2017-13812: found by OSS-Fuzz Entry added October 31, 2017
libarchive Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2016-4736: Proteas of Qihoo 360 Nirvan Team Entry added October 31, 2017
libc Available for: OS X Lion v10.8 and later Impact: A remote attacker may be able to cause a denial-of-service Description: A resource exhaustion issue in glob() was addressed through an improved algorithm. CVE-2017-7086: Russ Cox of Google
libc Available for: OS X Lion v10.8 and later Impact: An application may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-1000373
libexpat Available for: OS X Lion v10.8 and later Impact: Multiple issues in expat Description: Multiple issues were addressed by updating to version 2.2.1 CVE-2016-9063 CVE-2017-9233
Mail Available for: OS X Lion v10.8 and later Impact: The sender of an email may be able to determine the IP address of the recipient Description: Turning off "Load remote content in messages" did not apply to all mailboxes. This issue was addressed with improved setting propagation. CVE-2017-7141: an anonymous researcher
Mail Drafts Available for: OS X Lion v10.8 and later Impact: An attacker with a privileged network position may be able to intercept mail contents Description: An encryption issue existed in the handling of mail drafts. This issue was addressed with improved handling of mail drafts meant to be sent encrypted. CVE-2017-7078: an anonymous researcher, an anonymous researcher, an anonymous researcher
ntp Available for: OS X Lion v10.8 and later Impact: Multiple issues in ntp Description: Multiple issues were addressed by updating to version 4.2.8p10 CVE-2017-6451: Cure53 CVE-2017-6452: Cure53 CVE-2017-6455: Cure53 CVE-2017-6458: Cure53 CVE-2017-6459: Cure53 CVE-2017-6460: Cure53 CVE-2017-6462: Cure53 CVE-2017-6463: Cure53 CVE-2017-6464: Cure53 CVE-2016-9042: Matthew Van Gundy of Cisco
Open Scripting Architecture Available for: OS X Mountain Lion 10.8 and later Impact: Decompiling an AppleScript with osadecompile may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13824: an anonymous researcher Entry added October 31, 2017
PCRE Available for: OS X Mountain Lion 10.8 and later Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.40. CVE-2017-13846 Entry added October 31, 2017
Postfix Available for: OS X Mountain Lion 10.8 and later Impact: Multiple issues in Postfix Description: Multiple issues were addressed by updating to version 3.2.2. CVE-2017-13826: an anonymous researcher Entry added October 31, 2017
Quick Look Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13822: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
Quick Look Available for: OS X Mountain Lion 10.8 and later Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-7132: Australian Cyber Security Centre a Australian Signals Directorate Entry added October 31, 2017
QuickTime Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-13823: an anonymous researcher Entry added October 31, 2017
Remote Management Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13808: an anonymous researcher Entry added October 31, 2017
Sandbox Available for: OS X Mountain Lion 10.8 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13838: an anonymous researcher Entry added October 31, 2017
Screen Lock Available for: OS X Lion v10.8 and later Impact: Application Firewall prompts may appear over Login Window Description: A window management issue was addressed through improved state management. CVE-2017-7082: Tim Kingman
Security Available for: OS X Lion v10.8 and later Impact: A revoked certificate may be trusted Description: A certificate validation issue existed in the handling of revocation data. This issue was addressed through improved validation. CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune Darrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher, an anonymous researcher
Spotlight Available for: OS X Mountain Lion 10.8 and later Impact: Spotlight may display results for files not belonging to the user Description: An access issue existed in Spotlight. This issue was addressed through improved access restrictions. CVE-2017-13839: an anonymous researcher Entry added October 31, 2017
SQLite Available for: OS X Lion v10.8 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating to version 3.19.3. CVE-2017-7127: an anonymous researcher
WebKit Available for: OS X Lion v10.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2017-7144: an anonymous researcher
zlib Available for: OS X Lion v10.8 and later Impact: Multiple issues in zlib Description: Multiple issues were addressed by updating to version 1.2.11. CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
Installation note:
macOS High Sierra 10.13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8MpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaV7BAA oPmo5pAA/HORVC3jl7tvStUpsUUiiez204FhuoVFsvHq0w7eYjsYDilzw7f6yveV e9Xhlbz7jhFpa1SXQhtiK5SSA1aJqhXIzZPSSf4ex/6qBZCSUrAZi1vC05TuQFi2 bvZ9N2mr3Mwd4GlxN7XZ6DLi3BqQPaKIavmuxOLkUSCpkwj9npS1oPDvMCP8DX4q goywFq4QOgvSJnohH/G8IGSm2Txy/IES68vvxdPRUi3IzjGM7E88QHkwKBDiqZRG ozuhx8Zs+cEh8yIzLO2UoTJe5gVgz1si7J4tgCPTT65r3Uf2sizkOMMdX8PHmCCi WTs3adVyJgC8nNql24cvPpJ4UM7bia0adzNf7cjTf7KKtVomIzR6IFaa+V737a+A jESOB5J0iy1oqzfGN8/zf724N+rc5jp/QejM6tTvcNuc807Z4jVpR3CEr+GkMENz Hq1Vr06gnBolmwnwlhCHujYwOpJXJ2xllQavNoe6r57XTYid1rjuRG5KXNWPlEgw GyoB8rTLY+BzLszUtrQlhh5QXa8WaQLg0uPJJDHH3DUM7jEXRBrk7nhrz4z2qq7S j1hlkhZbW2HuYg9URLhgYtkMgVjbTneZkWhEqER+AIbqFKdwTkuNgu5sHnWCrXG0 N+hmcqhXbgblWwiT0ma/I7Yn0b7O9g9stN88cL9cr3I= =887+ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0462", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "mac os x", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.13.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.11.6" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "10.12.6" }, { "model": "mac os x", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "10.13.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "CNNVD", "id": "CNNVD-201709-163" }, { "db": "NVD", "id": "CVE-2017-13811" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010380" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "144862" } ], "trust": 0.1 }, "cve": "CVE-2017-13811", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2017-13811", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-104471", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-13811", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-13811", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-13811", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201709-163", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-104471", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-104471" }, { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "CNNVD", "id": "CNNVD-201709-163" }, { "db": "NVD", "id": "CVE-2017-13811" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"fsck_msdos\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. fsck_msdos is one of the file system checking tools. A security vulnerability exists in the fsck_msdos component of Apple macOS High Sierra prior to 10.13.1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-31-8\nAdditional information for APPLE-SA-2017-09-25-1\nmacOS High Sierra 10.13\n\nmacOS High Sierra 10.13 addresses the following:\n\n802.1X\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An attacker may be able to exploit weaknesses in TLS 1.0\nDescription: A protocol security issue was addressed by enabling TLS\n1.1 and TLS 1.2. \nCVE-2017-13832: an anonymous researcher\nEntry added October 31, 2017\n\napache\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Multiple issues in Apache\nDescription: Multiple issues were addressed by updating to version\n2.4.27. \nCVE-2017-3167\nCVE-2017-3169\nCVE-2017-7659\nCVE-2017-7668\nCVE-2017-7679\nCVE-2017-9788\nCVE-2017-9789\nEntry added October 31, 2017\n\napache\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Multiple issues in Apache\nDescription: Multiple issues existed in Apache. These were addressed\nby updating Apache to version 2.4.25. \nCVE-2016-736\nCVE-2016-2161\nCVE-2016-5387\nCVE-2016-8740\nCVE-2016-8743\nEntry added October 31, 2017\n\nAppleScript\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Decompiling an AppleScript with osadecompile may lead to\narbitrary code execution\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13809: an anonymous researcher\nEntry added October 31, 2017\n\nApplication Firewall\nAvailable for: OS X Lion v10.8 and later\nImpact: A previously denied application firewall setting may take\neffect after upgrading\nDescription: An upgrade issue existed in the handling of firewall\nsettings. This issue was addressed through improved handling of\nfirewall settings during upgrades. \nCVE-2017-7084: an anonymous researcher\n\nAppSandbox\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to cause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7074: Daniel Jalkut of Red Sweater Software\n\nATS\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2017-13820: John Villamil, Doyensec\nEntry added October 31, 2017\n\nAudio\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team\nEntry added October 31, 2017\n\nCaptive Network Assistant\nAvailable for: OS X Lion v10.8 and later\nImpact: A local user may unknowingly send a password unencrypted over\nthe network\nDescription: The security state of the captive portal browser was not\nobvious. This issue was addressed with improved visibility of the\ncaptive portal browser security state. \nCVE-2017-7143: an anonymous researcher\n\nCFNetwork Proxies\nAvailable for: OS X Lion v10.8 and later\nImpact: An attacker in a privileged network position may be able to\ncause a denial of service\nDescription: Multiple denial of service issues were addressed through\nimproved memory handling. \nCVE-2017-7083: Abhinav Bansal of Zscaler Inc. \n\nCFString\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13821: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nCoreAudio\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed by updating to Opus\nversion 1.1.4. \nCVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend\nMicro\n\nCoreText\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-13825: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nDirectory Utility\nAvailable for: OS X Lion v10.8 and later\nImpact: A local attacker may be able to determine the Apple ID of the\nowner of the computer\nDescription: A permissions issue existed in the handling of the Apple\nID. This issue was addressed with improved access controls. \nCVE-2017-7138: an anonymous researcher\n\nfile\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in file\nDescription: Multiple issues were addressed by updating to version\n5.30. \nCVE-2017-7121: found by OSS-Fuzz\nCVE-2017-7122: found by OSS-Fuzz\nCVE-2017-7123: found by OSS-Fuzz\nCVE-2017-7124: found by OSS-Fuzz\nCVE-2017-7125: found by OSS-Fuzz\nCVE-2017-7126: found by OSS-Fuzz\n\nfile\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Multiple issues in file\nDescription: Multiple issues were addressed by updating to version\n5.31. \nCVE-2017-13815\nEntry added October 31, 2017\n\nFonts\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Rendering untrusted text may lead to spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-13828: an anonymous researcher\nEntry added October 31, 2017\n\nfsck_msdos\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13811: an anonymous researcher\nEntry added October 31, 2017\n\nHelpViewer\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: A quarantined HTML file may execute arbitrary JavaScript\ncross-origin\nDescription: A cross-site scripting issue existed in HelpViewer. This\nissue was addressed by removing the affected file. \nCVE-2017-13819: an anonymous researcher\nEntry added October 31, 2017\n\nHFS\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum\nEntry added October 31, 2017\n\nImageIO\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed through improved\ninput validation. \nCVE-2017-13814: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nImageIO\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An information disclosure issue existed in the\nprocessing of disk images. This issue was addressed through improved\nmemory management. \nCVE-2017-13831: an anonymous researcher\nEntry added October 31, 2017\n\nInstaller\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: A malicious application may be able to access the FileVault\nunlock key\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2017-13837: Patrick Wardle of Synack\nEntry added October 31, 2017\n\nIOFireWireFamily\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7077: Brandon Azad\n\nIOFireWireFamily\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,\nBenjamin Gnahm (@mitp0sh) of PDX\n\nKernel\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-7114: Alex Plaskett of MWR InfoSecurity\n\nKernel\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: A local user may be able to leak sensitive user information\nDescription: A permissions issue existed in kernel packet counters. \nThis issue was addressed through improved permission validation. \nCVE-2017-13810: an anonymous researcher\nEntry added October 31, 2017\n\nKernel\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-2017-13817: Maxime Villard (m00nbsd)\nEntry added October 31, 2017\n\nKernel\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13818: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2017-13836: an anonymous researcher, an anonymous researcher\nCVE-2017-13841: an anonymous researcher\nCVE-2017-13840: an anonymous researcher\nCVE-2017-13842: an anonymous researcher\nCVE-2017-13782: Kevin Backhouse of Semmle Ltd. \nEntry added October 31, 2017\n\nKernel\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13843: an anonymous researcher\nEntry added October 31, 2017\n\nKernel\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Processing a malformed mach binary may lead to arbitrary code\nexecution\nDescription: A memory corruption issue was addressed through improved\nvalidation. \nCVE-2017-13834: Maxime Villard (m00nbsd)\nEntry added October 31, 2017\n\nkext tools\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A logic error in kext loading was addressed with\nimproved state handling. \nCVE-2017-13827: an anonymous researcher\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: A buffer overflow issue was addressed through improved\nmemory handling. \nCVE-2017-13813: found by OSS-Fuzz\nCVE-2017-13816: found by OSS-Fuzz\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed through improved input validation. \nCVE-2017-13812: found by OSS-Fuzz\nEntry added October 31, 2017\n\nlibarchive\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2016-4736: Proteas of Qihoo 360 Nirvan Team\nEntry added October 31, 2017\n\nlibc\nAvailable for: OS X Lion v10.8 and later\nImpact: A remote attacker may be able to cause a denial-of-service\nDescription: A resource exhaustion issue in glob() was addressed\nthrough an improved algorithm. \nCVE-2017-7086: Russ Cox of Google\n\nlibc\nAvailable for: OS X Lion v10.8 and later\nImpact: An application may be able to cause a denial of service\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-1000373\n\nlibexpat\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in expat\nDescription: Multiple issues were addressed by updating to version\n2.2.1\nCVE-2016-9063\nCVE-2017-9233\n\nMail\nAvailable for: OS X Lion v10.8 and later\nImpact: The sender of an email may be able to determine the IP\naddress of the recipient\nDescription: Turning off \"Load remote content in messages\" did not\napply to all mailboxes. This issue was addressed with improved\nsetting propagation. \nCVE-2017-7141: an anonymous researcher\n\nMail Drafts\nAvailable for: OS X Lion v10.8 and later\nImpact: An attacker with a privileged network position may be able to\nintercept mail contents\nDescription: An encryption issue existed in the handling of mail\ndrafts. This issue was addressed with improved handling of mail\ndrafts meant to be sent encrypted. \nCVE-2017-7078: an anonymous researcher, an anonymous researcher, an\nanonymous researcher\n\nntp\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in ntp\nDescription: Multiple issues were addressed by updating to version\n4.2.8p10\nCVE-2017-6451: Cure53\nCVE-2017-6452: Cure53\nCVE-2017-6455: Cure53\nCVE-2017-6458: Cure53\nCVE-2017-6459: Cure53\nCVE-2017-6460: Cure53\nCVE-2017-6462: Cure53\nCVE-2017-6463: Cure53\nCVE-2017-6464: Cure53\nCVE-2016-9042: Matthew Van Gundy of Cisco\n\nOpen Scripting Architecture\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Decompiling an AppleScript with osadecompile may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13824: an anonymous researcher\nEntry added October 31, 2017\n\nPCRE\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Multiple issues in pcre\nDescription: Multiple issues were addressed by updating to version\n8.40. \nCVE-2017-13846\nEntry added October 31, 2017\n\nPostfix\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Multiple issues in Postfix\nDescription: Multiple issues were addressed by updating to version\n3.2.2. \nCVE-2017-13826: an anonymous researcher\nEntry added October 31, 2017\n\nQuick Look\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13822: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nQuick Look\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Parsing a maliciously crafted office document may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory consumption issue was addressed through\nimproved memory handling. \nCVE-2017-7132: Australian Cyber Security Centre a Australian Signals\nDirectorate\nEntry added October 31, 2017\n\nQuickTime\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2017-13823: an anonymous researcher\nEntry added October 31, 2017\n\nRemote Management\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13808: an anonymous researcher\nEntry added October 31, 2017\n\nSandbox\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2017-13838: an anonymous researcher\nEntry added October 31, 2017\n\nScreen Lock\nAvailable for: OS X Lion v10.8 and later\nImpact: Application Firewall prompts may appear over Login Window\nDescription: A window management issue was addressed through improved\nstate management. \nCVE-2017-7082: Tim Kingman\n\nSecurity\nAvailable for: OS X Lion v10.8 and later\nImpact: A revoked certificate may be trusted\nDescription: A certificate validation issue existed in the handling\nof revocation data. This issue was addressed through improved\nvalidation. \nCVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune\nDarrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher,\nan anonymous researcher\n\nSpotlight\nAvailable for: OS X Mountain Lion 10.8 and later\nImpact: Spotlight may display results for files not belonging to the\nuser\nDescription: An access issue existed in Spotlight. This issue was\naddressed through improved access restrictions. \nCVE-2017-13839: an anonymous researcher\nEntry added October 31, 2017\n\nSQLite\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating to version\n3.19.3. \nCVE-2017-7127: an anonymous researcher\n\nWebKit\nAvailable for: OS X Lion v10.8 and later\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. This issue was addressed with improved restrictions. \nCVE-2017-7144: an anonymous researcher\n\nzlib\nAvailable for: OS X Lion v10.8 and later\nImpact: Multiple issues in zlib\nDescription: Multiple issues were addressed by updating to version\n1.2.11. \nCVE-2016-9840\nCVE-2016-9841\nCVE-2016-9842\nCVE-2016-9843\n\nInstallation note:\n\nmacOS High Sierra 10.13 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8MpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaV7BAA\noPmo5pAA/HORVC3jl7tvStUpsUUiiez204FhuoVFsvHq0w7eYjsYDilzw7f6yveV\ne9Xhlbz7jhFpa1SXQhtiK5SSA1aJqhXIzZPSSf4ex/6qBZCSUrAZi1vC05TuQFi2\nbvZ9N2mr3Mwd4GlxN7XZ6DLi3BqQPaKIavmuxOLkUSCpkwj9npS1oPDvMCP8DX4q\ngoywFq4QOgvSJnohH/G8IGSm2Txy/IES68vvxdPRUi3IzjGM7E88QHkwKBDiqZRG\nozuhx8Zs+cEh8yIzLO2UoTJe5gVgz1si7J4tgCPTT65r3Uf2sizkOMMdX8PHmCCi\nWTs3adVyJgC8nNql24cvPpJ4UM7bia0adzNf7cjTf7KKtVomIzR6IFaa+V737a+A\njESOB5J0iy1oqzfGN8/zf724N+rc5jp/QejM6tTvcNuc807Z4jVpR3CEr+GkMENz\nHq1Vr06gnBolmwnwlhCHujYwOpJXJ2xllQavNoe6r57XTYid1rjuRG5KXNWPlEgw\nGyoB8rTLY+BzLszUtrQlhh5QXa8WaQLg0uPJJDHH3DUM7jEXRBrk7nhrz4z2qq7S\nj1hlkhZbW2HuYg9URLhgYtkMgVjbTneZkWhEqER+AIbqFKdwTkuNgu5sHnWCrXG0\nN+hmcqhXbgblWwiT0ma/I7Yn0b7O9g9stN88cL9cr3I=\n=887+\n-----END PGP SIGNATURE-----\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2017-13811" }, { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "VULHUB", "id": "VHN-104471" }, { "db": "PACKETSTORM", "id": "144862" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-13811", "trust": 2.6 }, { "db": "SECTRACK", "id": "1039710", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU99000953", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-010380", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201709-163", "trust": 0.7 }, { "db": "VULHUB", "id": "VHN-104471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "144862", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104471" }, { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "PACKETSTORM", "id": "144862" }, { "db": "CNNVD", "id": "CNNVD-201709-163" }, { "db": "NVD", "id": "CVE-2017-13811" } ] }, "id": "VAR-201711-0462", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-104471" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T20:23:11.601000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple security updates", "trust": 0.8, "url": "https://support.apple.com/en-us/HT201222" }, { "title": "HT208221", "trust": 0.8, "url": "https://support.apple.com/en-us/HT208221" }, { "title": "HT208221", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT208221" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010380" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104471" }, { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "NVD", "id": "CVE-2017-13811" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/ht208221" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1039710" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13811" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13811" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu99000953/index.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13810" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13809" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10989" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0381" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000373" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9042" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13816" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13813" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13807" }, { "trust": 0.1, "url": "https://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13812" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-13815" } ], "sources": [ { "db": "VULHUB", "id": "VHN-104471" }, { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "PACKETSTORM", "id": "144862" }, { "db": "CNNVD", "id": "CNNVD-201709-163" }, { "db": "NVD", "id": "CVE-2017-13811" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-104471" }, { "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "db": "PACKETSTORM", "id": "144862" }, { "db": "CNNVD", "id": "CNNVD-201709-163" }, { "db": "NVD", "id": "CVE-2017-13811" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-13T00:00:00", "db": "VULHUB", "id": "VHN-104471" }, { "date": "2017-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "date": "2017-11-02T23:36:12", "db": "PACKETSTORM", "id": "144862" }, { "date": "2017-08-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201709-163" }, { "date": "2017-11-13T03:29:01.270000", "db": "NVD", "id": "CVE-2017-13811" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-11-27T00:00:00", "db": "VULHUB", "id": "VHN-104471" }, { "date": "2017-12-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-010380" }, { "date": "2017-11-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201709-163" }, { "date": "2024-11-21T03:11:43.020000", "db": "NVD", "id": "CVE-2017-13811" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201709-163" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple macOS of fsck_msdos Component vulnerable to arbitrary code execution in privileged context", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-010380" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201709-163" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.