CVE-2017-11103
CVSS6.8
发布时间 :2017-07-13 09:29:00
修订时间 :2017-11-13 21:29:00
NP    

[原文]Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-345 [对数据真实性的验证不充分]

- CPE (受影响的平台与产品)

cpe:/a:h5l:heimdal:0.0a
cpe:/a:h5l:heimdal:0.8
cpe:/a:h5l:heimdal:1.0
cpe:/a:h5l:heimdal:1.0.1
cpe:/a:h5l:heimdal:1.0.2
cpe:/a:h5l:heimdal:1.1
cpe:/a:h5l:heimdal:1.2
cpe:/a:h5l:heimdal:1.2.1
cpe:/a:h5l:heimdal:1.3.0
cpe:/a:h5l:heimdal:1.3.1
cpe:/a:h5l:heimdal:1.3.2
cpe:/a:h5l:heimdal:1.3.3
cpe:/a:h5l:heimdal:1.4
cpe:/a:h5l:heimdal:1.5
cpe:/a:h5l:heimdal:1.5.1
cpe:/a:h5l:heimdal:1.5.2
cpe:/a:h5l:heimdal:7.1.0
cpe:/a:h5l:heimdal:7.2.0
cpe:/a:h5l:heimdal:7.3.0
cpe:/a:samba:samba:4.0.0Samba 4.0.0
cpe:/a:samba:samba:4.0.1Samba 4.0.1
cpe:/a:samba:samba:4.0.2Samba 4.0.2
cpe:/a:samba:samba:4.0.3
cpe:/a:samba:samba:4.0.4
cpe:/a:samba:samba:4.0.5
cpe:/a:samba:samba:4.0.6
cpe:/a:samba:samba:4.0.7
cpe:/a:samba:samba:4.0.8
cpe:/a:samba:samba:4.0.9
cpe:/a:samba:samba:4.0.10
cpe:/a:samba:samba:4.0.11
cpe:/a:samba:samba:4.0.12
cpe:/a:samba:samba:4.0.13
cpe:/a:samba:samba:4.0.14
cpe:/a:samba:samba:4.0.15
cpe:/a:samba:samba:4.0.16
cpe:/a:samba:samba:4.0.17
cpe:/a:samba:samba:4.0.18
cpe:/a:samba:samba:4.0.19
cpe:/a:samba:samba:4.0.20
cpe:/a:samba:samba:4.0.21
cpe:/a:samba:samba:4.0.22
cpe:/a:samba:samba:4.0.23
cpe:/a:samba:samba:4.0.24
cpe:/a:samba:samba:4.0.25
cpe:/a:samba:samba:4.0.26
cpe:/a:samba:samba:4.1.0
cpe:/a:samba:samba:4.1.1
cpe:/a:samba:samba:4.1.2
cpe:/a:samba:samba:4.1.3
cpe:/a:samba:samba:4.1.4
cpe:/a:samba:samba:4.1.5
cpe:/a:samba:samba:4.1.6
cpe:/a:samba:samba:4.1.7
cpe:/a:samba:samba:4.1.8
cpe:/a:samba:samba:4.1.9
cpe:/a:samba:samba:4.1.10
cpe:/a:samba:samba:4.1.11
cpe:/a:samba:samba:4.1.12
cpe:/a:samba:samba:4.1.13
cpe:/a:samba:samba:4.1.14
cpe:/a:samba:samba:4.1.15
cpe:/a:samba:samba:4.1.16
cpe:/a:samba:samba:4.1.17
cpe:/a:samba:samba:4.1.18
cpe:/a:samba:samba:4.1.19
cpe:/a:samba:samba:4.1.20
cpe:/a:samba:samba:4.1.21
cpe:/a:samba:samba:4.1.22
cpe:/a:samba:samba:4.1.23
cpe:/a:samba:samba:4.2.0:rc1
cpe:/a:samba:samba:4.2.0:rc2
cpe:/a:samba:samba:4.2.0:rc3
cpe:/a:samba:samba:4.2.0:rc4
cpe:/a:samba:samba:4.2.1
cpe:/a:samba:samba:4.2.2
cpe:/a:samba:samba:4.2.3
cpe:/a:samba:samba:4.2.4
cpe:/a:samba:samba:4.2.5
cpe:/a:samba:samba:4.2.6
cpe:/a:samba:samba:4.2.7
cpe:/a:samba:samba:4.2.8
cpe:/a:samba:samba:4.2.9
cpe:/a:samba:samba:4.2.10
cpe:/a:samba:samba:4.2.11
cpe:/a:samba:samba:4.2.12
cpe:/a:samba:samba:4.2.13
cpe:/a:samba:samba:4.2.14
cpe:/a:samba:samba:4.3.0
cpe:/a:samba:samba:4.3.1
cpe:/a:samba:samba:4.3.2
cpe:/a:samba:samba:4.3.3
cpe:/a:samba:samba:4.3.4
cpe:/a:samba:samba:4.3.5
cpe:/a:samba:samba:4.3.6
cpe:/a:samba:samba:4.3.7
cpe:/a:samba:samba:4.3.8
cpe:/a:samba:samba:4.3.9
cpe:/a:samba:samba:4.3.10
cpe:/a:samba:samba:4.3.11
cpe:/a:samba:samba:4.4.0:rc1
cpe:/a:samba:samba:4.4.0:rc2
cpe:/a:samba:samba:4.4.0:rc3
cpe:/a:samba:samba:4.4.1
cpe:/a:samba:samba:4.4.2
cpe:/a:samba:samba:4.4.3
cpe:/a:samba:samba:4.4.4
cpe:/o:freebsd:freebsd:-

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11103
(官方数据源) NVD

- 其它链接及资源

http://www.debian.org/security/2017/dsa-3912
(UNKNOWN)  DEBIAN  DSA-3912
http://www.h5l.org/advisories.html?show=2017-07-11
(VENDOR_ADVISORY)  CONFIRM  http://www.h5l.org/advisories.html?show=2017-07-11
http://www.securityfocus.com/bid/99551
(VENDOR_ADVISORY)  BID  99551
http://www.securitytracker.com/id/1038876
(VENDOR_ADVISORY)  SECTRACK  1038876
http://www.securitytracker.com/id/1039427
(UNKNOWN)  SECTRACK  1039427
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
(VENDOR_ADVISORY)  CONFIRM  https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0
https://support.apple.com/HT208112
(UNKNOWN)  CONFIRM  https://support.apple.com/HT208112
https://support.apple.com/HT208144
(UNKNOWN)  CONFIRM  https://support.apple.com/HT208144
https://support.apple.com/HT208221
(UNKNOWN)  CONFIRM  https://support.apple.com/HT208221
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
(VENDOR_ADVISORY)  CONFIRM  https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc
https://www.orpheus-lyre.info/
(VENDOR_ADVISORY)  MISC  https://www.orpheus-lyre.info/
https://www.samba.org/samba/security/CVE-2017-11103.html
(VENDOR_ADVISORY)  CONFIRM  https://www.samba.org/samba/security/CVE-2017-11103.html

- 漏洞信息 (F143371)

Ubuntu Security Notice USN-3353-2 (PacketStormID:F143371)
2017-07-14 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote
linux,ubuntu
CVE-2017-11103
[点击下载]

Ubuntu Security Notice 3353-2 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks.

==========================================================================
Ubuntu Security Notice USN-3353-2
July 14, 2017

samba vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Samba could allow unintended access to network services.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3353-1 fixed a vulnerability in Heimdal. This update provides
the corresponding update for Samba.

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Samba clients incorrectly trusted unauthenticated portions of
Kerberos tickets. A remote attacker could use this to impersonate
trusted network servers or perform other attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  samba-libs                      2:4.5.8+dfsg-0ubuntu0.17.04.4

Ubuntu 16.10:
  samba-libs                      2:4.4.5+dfsg-2ubuntu5.8

Ubuntu 16.04 LTS:
  samba-libs                      2:4.3.11+dfsg-0ubuntu0.16.04.9

Ubuntu 14.04 LTS:
  samba-libs                      2:4.3.11+dfsg-0ubuntu0.14.04.10

In general, a standard system update will make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3353-2
  https://www.ubuntu.com/usn/usn-3353-1
  CVE-2017-11103

Package Information:
  https://launchpad.net/ubuntu/+source/samba/2:4.5.8+dfsg-0ubuntu0.17.04.4
  https://launchpad.net/ubuntu/+source/samba/2:4.4.5+dfsg-2ubuntu5.8
  https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.9
  https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.14.04.10

    

- 漏洞信息 (F143370)

Ubuntu Security Notice USN-3353-1 (PacketStormID:F143370)
2017-07-14 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote
linux,ubuntu
CVE-2017-11103
[点击下载]

Ubuntu Security Notice 3353-1 - Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Heimdal clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks.

==========================================================================
Ubuntu Security Notice USN-3353-1
July 14, 2017

heimdal vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Heimdal could allow unintended access to network services.

Software Description:
- heimdal: Heimdal Kerberos Network Authentication Protocol

Details:

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Heimdal clients incorrectly trusted unauthenticated portions
of Kerberos tickets. A remote attacker could use this to impersonate
trusted network services or perform other attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libkrb5-26-heimdal              7.1.0+dfsg-9ubuntu1.1

Ubuntu 16.10:
  libkrb5-26-heimdal              1.7~git20150920+dfsg-4ubuntu1.16.10.1

Ubuntu 16.04 LTS:
  libkrb5-26-heimdal              1.7~git20150920+dfsg-4ubuntu1.16.04.1

Ubuntu 14.04 LTS:
  libkrb5-26-heimdal              1.6~git20131207+dfsg-1ubuntu1.2

After a standard system update you need to restart any applications
using Heimdal libraries to make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3353-1
  CVE-2017-11103

Package Information:
  https://launchpad.net/ubuntu/+source/heimdal/7.1.0+dfsg-9ubuntu1.1
  https://launchpad.net/ubuntu/+source/heimdal/1.7~git20150920+dfsg-4ubuntu1.16.10.1
  https://launchpad.net/ubuntu/+source/heimdal/1.7~git20150920+dfsg-4ubuntu1.16.04.1
  https://launchpad.net/ubuntu/+source/heimdal/1.6~git20131207+dfsg-1ubuntu1.2

    

- 漏洞信息 (F143456)

Ubuntu Security Notice USN-3353-4 (PacketStormID:F143456)
2017-07-24 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote
linux,ubuntu
CVE-2017-11103
[点击下载]

Ubuntu Security Notice 3353-4 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Samba. Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network services or perform other attacks. Various other issues were also addressed.

===========================================================================
Ubuntu Security Notice USN-3353-4
July 24, 2017

samba vulnerability
===========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Samba could allow unintended access to network services.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

USN-3353-1 fixed a vulnerability in Heimdal. This update provides the
corresponding update for Samba.

Original advisory details:

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Samba clients incorrectly trusted unauthenticated portions
of Kerberos tickets. A remote attacker could use this to impersonate
trusted network services or perform other attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
 libsmbclient2:3.6.25-0ubuntu0.12.04.12

In general, a standard system update will make all the necessary
changes.

References:
 https://www.ubuntu.com/usn/usn-3353-4
 https://www.ubuntu.com/usn/usn-3353-1
 CVE-2017-11103

    

- 漏洞信息 (F143453)

Ubuntu Security Notice USN-3353-3 (PacketStormID:F143453)
2017-07-24 00:00:00
Ubuntu  security.ubuntu.com
advisory
linux,ubuntu
CVE-2017-11103
[点击下载]

Ubuntu Security Notice 3353-3 - USN-3353-1 fixed a vulnerability in Heimdal. This update provides the corresponding update for Ubuntu 12.04 ESM.

===========================================================================
Ubuntu Security Notice USN-3353-3
July 24, 2017

heimdal vulnerability
===========================================================================


A security issue affects these releases of Ubuntu and its derivatives:

    Ubuntu 12.04 LTS

Summary

Heimdal could allow unintended access to network services.
Software description

    heimdal - Heimdal Kerberos Network Authentication Protocol

Details

USN-3353-1 fixed a vulnerability in Heimdal. This update provides
the corresponding updade for Ubuntu 12.04 ESM.

Original advisory details:

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered
that Heimdal clients incorrectly trusted unauthenticated portions
of Kerberos tickets. A remote attacker could use this to impersonate
trusted network services or perform other attacks.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:
    libkrb5-26-heimdal 1.6~git20120311.dfsg.1-2ubuntu0.2 

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications
using Heimdal libraries to make all the necessary changes.

References

https://www.ubuntu.com/usn/usn-3353-3
https://www.ubuntu.com/usn/usn-3353-1
CVE-2017-11103 
    

- 漏洞信息 (F144369)

Apple Security Advisory 2017-09-25-4 (PacketStormID:F144369)
2017-09-28 00:00:00
Apple  apple.com
advisory,denial of service,vulnerability
cisco,apple,ios
CVE-2016-9063,CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843,CVE-2017-0381,CVE-2017-1000373,CVE-2017-10989,CVE-2017-11103,CVE-2017-11120,CVE-2017-11121,CVE-2017-7072,CVE-2017-7078,CVE-2017-7080,CVE-2017-7081,CVE-2017-7083,CVE-2017-7085,CVE-2017-7086,CVE-2017-7087,CVE-2017-7088,CVE-2017-7089,CVE-2017-7090,CVE-2017-7091,CVE-2017-7092,CVE-2017-7093,CVE-2017-7094,CVE-2017-7095,CVE-2017-7096
[点击下载]

Apple Security Advisory 2017-09-25-4 - iOS 11 addresses denial of service, service impersonation, and various other vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-25-4
Additional information for APPLE-SA-2017-09-19-1 iOS 11

iOS 11 addresses the following:

Bluetooth
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to access restricted files
Description: A privacy issue existed in the handling of Contact
cards. This was addressed with improved state management.
CVE-2017-7131: Dominik Conrads of Federal Office for Information
Security, an anonymous researcher, Elvis (@elvisimprsntr), an
anonymous researcher
Entry added September 25, 2017

CFNetwork Proxies
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.
Entry added September 25, 2017

CoreAudio
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro
Entry added September 25, 2017

Exchange ActiveSync
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This was
addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is
now supported.
CVE-2017-7088: Ilya Nesterov, Maxim Goncharov

Heimdal
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
impersonate a service
Description: A validation issue existed in the handling of the KDC-
REP service name. This issue was addressed through improved
validation.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams
Entry added September 25, 2017

iBooks
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to a
persistent denial-of-service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7072: JAdrzej Krysztofiak
Entry added September 25, 2017

Kernel
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity
Entry added September 25, 2017

Keyboard Suggestions
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Keyboard autocorrect suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed with improved heuristics.
CVE-2017-7140: an anonymous researcher
Entry added September 25, 2017

libc
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google
Entry added September 25, 2017

libc
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373
Entry added September 25, 2017

libexpat
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233
Entry added September 25, 2017

Location Framework
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in the handling of the
location variable. This was addressed with additional ownership
checks.
CVE-2017-7148: an anonymous researcher, an anonymous researcher
Entry added September 25, 2017

Mail Drafts
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher
Entry added September 25, 2017

Mail MessageUI
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A memory corruption issue was addressed with improved
validation.
CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital

Messages
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A denial of service issue was addressed through improved
validation.
CVE-2017-7118: Kiki Jiang and Jason Tokoph

MobileBackup
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Backup may perform an unencrypted backup despite a
requirement to perform only encrypted backups
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2017-7133: Don Sparks of HackediOS.com

Phone
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A screenshot of secure content may be taken when locking an
iOS device
Description: A timing issue existed in the handling of locking. This
issue was addressed by disabling screenshots while locking.
CVE-2017-7139: an anonymous researcher
Entry added September 25, 2017

Safari
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)

Security
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: an anonymous researcher, an anonymous researcher,
Sven Driemecker of adesso mobile solutions gmbh,
Rune Darrud (@theflyingcorpse) of BA|rum kommune
Entry added September 25, 2017

Security
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A permission checking issue existed in the handling of
an app's Keychain data. This issue was addressed with improved
permission checking.
CVE-2017-7146: an anonymous researcher
Entry added September 25, 2017

SQLite
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to
version 3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz
Entry added September 25, 2017

SQLite
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher
Entry added September 25, 2017

Time
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: "Setting Time Zone" may incorrectly indicate that it is using
location
Description: A permissions issue existed in the process that handles
time zone information. The issue was resolved by modifying
permissions.
CVE-2017-7145: an anonymous researcher
Entry added September 25, 2017

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7081: Apple
Entry added September 25, 2017

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7087: Apple
CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend
Microas Zero Day Initiative
CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend
Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360
Vulcan Team
CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend
Microas Zero Day Initiative
CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group
CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University working with Trend Microas Zero Day
Initiative
CVE-2017-7096: Wei Yuan of Baidu Security Lab
CVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica
CVE-2017-7099: Apple
CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53
CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7104: likemeng of Baidu Secutity Lab
CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com)
working with Trend Micro's Zero Day Initiative
CVE-2017-7117: lokihardt of Google Project Zero
CVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security
Lab
Entry added September 25, 2017

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of the parent-tab.
This issue was addressed with improved state management.
CVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify
Entry added September 25, 2017

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Cookies belonging to one origin may be sent to another origin
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed by no longer returning
cookies for custom URL schemes.
CVE-2017-7090: Apple
Entry added September 25, 2017

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: Application Cache policy may be unexpectedly applied.
CVE-2017-7109: avlidienbrunn
Entry added September 25, 2017

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher
Entry added September 25, 2017

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-11120: Gal Beniamini of Google Project Zero
CVE-2017-11121: Gal Beniamini of Google Project Zero
Entry added September 25, 2017

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7103: Gal Beniamini of Google Project Zero
CVE-2017-7105: Gal Beniamini of Google Project Zero
CVE-2017-7108: Gal Beniamini of Google Project Zero
CVE-2017-7110: Gal Beniamini of Google Project Zero
CVE-2017-7112: Gal Beniamini of Google Project Zero

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: Multiple race conditions were addressed through improved
validation.
CVE-2017-7115: Gal Beniamini of Google Project Zero

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
read restricted kernel memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7116: Gal Beniamini of Google Project Zero

zlib
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
Entry added September 25, 2017

Additional recognition

Security
We would like to acknowledge Abhinav Bansal of Zscaler, Inc.
for their assistance.

Webkit
We would like to acknowledge xisigr of Tencent's Xuanwu Lab
(tencent.com) for their assistance.

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGvBgQAJIF/+cKGy/7YWEugFrwr8A3
rNzHU/yZ3X976fmlYM8l+VUJEn2khu5huPsQzYUvEdbHOWkUGThKil+NzDr3YP6V
YYRIi+6i9KJEATGQAdR9YW6bcqJCu7S2xxNBnXtOxR/1TzO4LvVQsWJo0c5z91dD
Aid3uYhx1SPwcaF5O5CfRQcp1JSLOWKZOaxO+u+DmtYIM746jrz3FOrfEN8mQp0q
CwUSE/Vum7ImOsNUO308QnGmL7s/FGkp86/JtNTbAxJ47Rhqu5lcXj3q1ntrlLdX
VFC+K7mNdwNtc1vqB03W5gamyD1qVcTvvwJ3D9cpQAySTDyRFF9cGw+TrzaDl48B
8iiY7D/KkhHuY4jskCF6xyjzloK9RfgKg2FzEBndoESt7bEw4eufF9wnrfV/M1xw
6U4DSjZxgqUwV7YqMX/VnpcEuxg5q9emCQmBfudnVIPKuOITg8x1oyE1e036MDo5
zon/cRIxqaSt8K6rI7TafxQIwpM541N89O/VZbcVey5JFIu1kew4G/gMivMOyroE
+xqxLmeGgD10LMZOgoRsNBiKDy8JLJa2lO2dVTZMV4bdtCngeDikDNLqYUcW8lfa
5ZsQBceoCI6abj4PV35N7dHVATFudhrZmhY0epHt13xmRHUFTywOktu/TkOZM8HR
eU2TBtOsDF6N5SFunvAC
=s5yy
-----END PGP SIGNATURE-----



    

- 漏洞信息 (F144366)

Apple Security Advisory 2017-09-25-1 (PacketStormID:F144366)
2017-09-28 00:00:00
Apple  apple.com
advisory,denial of service,vulnerability
apple
CVE-2016-9042,CVE-2016-9063,CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843,CVE-2017-0381,CVE-2017-1000373,CVE-2017-10989,CVE-2017-11103,CVE-2017-6451,CVE-2017-6452,CVE-2017-6455,CVE-2017-6458,CVE-2017-6459,CVE-2017-6460,CVE-2017-6462,CVE-2017-6463,CVE-2017-6464,CVE-2017-7074,CVE-2017-7077,CVE-2017-7078,CVE-2017-7080,CVE-2017-7082,CVE-2017-7083,CVE-2017-7084,CVE-2017-7086,CVE-2017-7114
[点击下载]

Apple Security Advisory 2017-09-25-1 - macOS High Sierra 10.13 is now available and addresses denial of service, insecure transit, and various other vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-09-25-1 macOS High Sierra 10.13

macOS High Sierra 10.13 is now available and addresses the following:

Application Firewall
Available for:  OS X Lion v10.8 and later
Impact: A previously denied application firewall setting may take
effect after upgrading
Description: An upgrade issue existed in the handling of firewall
settings. This issue was addressed through improved handling of
firewall settings during upgrades.
CVE-2017-7084: an anonymous researcher

AppSandbox
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7074: Daniel Jalkut of Red Sweater Software

Captive Network Assistant
Available for:  OS X Lion v10.8 and later
Impact: A local user may unknowingly send a password unencrypted over
the network
Description: The security state of the captive portal browser was not
obvious. This issue was addressed with improved visibility of the
captive portal browser security state.
CVE-2017-7143: an anonymous researcher

CFNetwork Proxies
Available for:  OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.

CoreAudio
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro

Directory Utility
Available for:  OS X Lion v10.8 and later
Impact: A local attacker may be able to determine the Apple ID of the
owner of the computer
Description: A permissions issue existed in the handling of the Apple
ID. This issue was addressed with improved access controls.
CVE-2017-7138: an anonymous researcher

file
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.30.
CVE-2017-7121: found by OSS-Fuzz
CVE-2017-7122: found by OSS-Fuzz
CVE-2017-7123: found by OSS-Fuzz
CVE-2017-7124: found by OSS-Fuzz
CVE-2017-7125: found by OSS-Fuzz
CVE-2017-7126: found by OSS-Fuzz

Heimdal
Available for:  OS X Lion v10.8 and later
Impact: An attacker in a privileged network position may be able to
impersonate a service
Description: A validation issue existed in the handling of the KDC-
REP service name. This issue was addressed through improved
validation.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams

IOFireWireFamily
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7077: Brandon Azad

IOFireWireFamily
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7119: Xiaolong Bai, Min (Spark) Zheng of Alibaba Inc.,
Benjamin Gnahm (@mitp0sh) of PDX

Kernel
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity

libc
Available for:  OS X Lion v10.8 and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google

libc
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373

libexpat
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233

Mail
Available for:  OS X Lion v10.8 and later
Impact: The sender of an email may be able to determine the IP
address of the recipient
Description: Turning off "Load remote content in messages" did not
apply to all mailboxes. This issue was addressed with improved
setting propagation.
CVE-2017-7141: an anonymous researcher

Mail Drafts
Available for:  OS X Lion v10.8 and later
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher

ntp
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in ntp
Description: Multiple issues were addressed by updating to version
4.2.8p10
CVE-2017-6451: Cure53
CVE-2017-6452: Cure53
CVE-2017-6455: Cure53
CVE-2017-6458: Cure53
CVE-2017-6459: Cure53
CVE-2017-6460: Cure53
CVE-2017-6462: Cure53
CVE-2017-6463: Cure53
CVE-2017-6464: Cure53
CVE-2016-9042: Matthew Van Gundy of Cisco

Screen Lock
Available for:  OS X Lion v10.8 and later
Impact: Application Firewall prompts may appear over Login Window
Description: A window management issue was addressed through improved
state management.
CVE-2017-7082: Tim Kingman

Security
Available for:  OS X Lion v10.8 and later
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: Sven Driemecker of adesso mobile solutions gmbh, Rune
Darrud (@theflyingcorpse) of BA|rum kommune, an anonymous researcher,
an anonymous researcher

SQLite
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to version
3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz

SQLite
Available for:  OS X Lion v10.8 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher

WebKit
Available for:  OS X Lion v10.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher

zlib
Available for:  OS X Lion v10.8 and later
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Additional recognition

Security
We would like to acknowledge Abhinav Bansal of Zscaler, Inc.
for their assistance.

Installation note:

macOS 10.13 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRGmSEP/0wgqASRSNneoBx/AMLk0Qac
mZhI8HuyJRTFwCOT7P7vkZTmoxtyOOdh4XaInvKMsW5I2G64YEmW86pcofHwdOTz
TSWIAdus34xErUZ13rMzfg8Z3XAberG1E31QU2y2EXenpJSZIL8nzLgt8ySPVyzu
PrQJxGxCMq1WAOSemGe+4rK2rMwpw5UDZyTbNPDi6lfKz0ZmtfvBzrgBq2xhA9iF
/2NVs5rRog38N6F6xR6GNqi0dVoZmh1umQINh9nzTn8crbSuI3ixRtQYxstxU91/
0wrgV03YF297n6bwVhawEDPU8obZzFgQRiKOjghE6h4YBVccWxMI9n42PwVc+G/Z
X48wuSavpOEV6WEC+hWtALl/W73uH3jF2iK8rPBcDENheRlFi/y5+XeOK8TGJftS
6raj+IgbgERaY3uXcRoi0mLflpzxvGBYlTiJRRj7H7HFZO6v14hYyEMVrWmhFUiZ
Xgy/qxHdWd/NW4AZz8Ke+ZMaJr21DozzI8ejug9shD7O/N31ZNq2qsNmxEweCPvt
yMauTPAUutApHTEUXfwCdOy+ZGgTtWDnOC+g3ezkAOdigvjFcwlFH0Sbjxnhxbbp
LVLz7tHwyKa5Xcwet0ZRH3WCHBsTzzkpsgxoyEMabE2KGS461uZw20t2uZozNsV0
bniy26PJZ5xGrFOSZYUa
=wBKW
-----END PGP SIGNATURE-----



    

- 漏洞信息 (F144832)

Apple Security Advisory 2017-10-31-9 (PacketStormID:F144832)
2017-11-01 00:00:00
Apple  apple.com
advisory,denial of service,arbitrary,vulnerability,code execution
cisco,apple,ios
CVE-2016-9063,CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843,CVE-2017-0381,CVE-2017-1000373,CVE-2017-10989,CVE-2017-11103,CVE-2017-11120,CVE-2017-11121,CVE-2017-13782,CVE-2017-13812,CVE-2017-13813,CVE-2017-13814,CVE-2017-13815,CVE-2017-13816,CVE-2017-13817,CVE-2017-13818,CVE-2017-13821,CVE-2017-13822,CVE-2017-13825,CVE-2017-13828,CVE-2017-13830,CVE-2017-13831,CVE-2017-13832,CVE-2017-13834
[点击下载]

Apple Security Advisory 2017-10-31-9 - iOS 11 addresses TLS weaknesses, denial of service, arbitrary code execution, and various other vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-9
Additional information for APPLE-SA-2017-09-19-1 iOS 11

iOS 11 addresses the following:

802.1X
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS
1.1 and TLS 1.2.
CVE-2017-13832: an anonymous researcher
Entry added October 31, 2017

Bluetooth
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to access restricted files
Description: A privacy issue existed in the handling of Contact
cards. This was addressed with improved state management.
CVE-2017-7131: Dominik Conrads of Federal Office for Information
Security, an anonymous researcher, Elvis (@elvisimprsntr), an
anonymous researcher

CFNetwork Proxies
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7083: Abhinav Bansal of Zscaler Inc.

CFString
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13821: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017

CoreAudio
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed by updating to Opus
version 1.1.4.
CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, Trend
Micro

CoreText
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13825: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017

Exchange ActiveSync
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
erase a device during Exchange account setup
Description: A validation issue existed in AutoDiscover V1. This was
addressed by requiring TLS for AutoDiscover V1. AutoDiscover V2 is
now supported.
CVE-2017-7088: Ilya Nesterov, Maxim Goncharov

file
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.31.
CVE-2017-13815
Entry added October 31, 2017

Fonts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13828: an anonymous researcher
Entry added October 31, 2017

Heimdal
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able
to impersonate a service
Description: A validation issue existed in the handling of
the KDC-REP service name. This issue was addressed through improved
validation.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams

HFS
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum
Entry added October 31, 2017

iBooks
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Parsing a maliciously crafted iBooks file may lead to a
persistent denial-of-service
Description: Multiple denial of service issues were addressed through
improved memory handling.
CVE-2017-7072: JAdrzej Krysztofiak

ImageIO
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-13814: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017

ImageIO
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-2017-13831: an anonymous researcher
Entry added October 31, 2017

Kernel
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7114: Alex Plaskett of MWR InfoSecurity

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13817: Maxime Villard (m00nbsd)
Entry added October 31, 2017

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13818: The UK's National Cyber Security Centre (NCSC)
CVE-2017-13836: an anonymous researcher, an anonymous researcher
CVE-2017-13841: an anonymous researcher
CVE-2017-13840: an anonymous researcher
CVE-2017-13842: an anonymous researcher
CVE-2017-13782: Kevin Backhouse of Semmle Ltd.
Entry added October 31, 2017

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13843: an anonymous researcher
Entry added October 31, 2017

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a malformed mach binary may lead to arbitrary code
execution
Description: A memory corruption issue was addressed through improved
validation.
CVE-2017-13834: Maxime Villard (m00nbsd)
Entry added October 31, 2017

Keyboard Suggestions
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Keyboard autocorrect suggestions may reveal sensitive
information
Description: The iOS keyboard was inadvertently caching sensitive
information. This issue was addressed with improved heuristics.
CVE-2017-7140: an anonymous researcher

libarchive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-13813: found by OSS-Fuzz
CVE-2017-13816: found by OSS-Fuzz
Entry added October 31, 2017

libarchive
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2017-13812: found by OSS-Fuzz
Entry added October 31, 2017

libc
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause a denial-of-service
Description: A resource exhaustion issue in glob() was addressed
through an improved algorithm.
CVE-2017-7086: Russ Cox of Google

libc
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to cause a denial of service
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-1000373

libexpat
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in expat
Description: Multiple issues were addressed by updating to version
2.2.1
CVE-2016-9063
CVE-2017-9233

Location Framework
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to read sensitive location
information
Description: A permissions issue existed in the handling of the
location variable. This was addressed with additional ownership
checks.
CVE-2017-7148: an anonymous researcher, an anonymous researcher

Mail Drafts
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker with a privileged network position may be able to
intercept mail contents
Description: An encryption issue existed in the handling of mail
drafts. This issue was addressed with improved handling of mail
drafts meant to be sent encrypted.
CVE-2017-7078: an anonymous researcher, an anonymous researcher, an
anonymous researcher

Mail MessageUI
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A memory corruption issue was addressed with improved
validation.
CVE-2017-7097: Xinshu Dong and Jun Hao Tan of Anquan Capital

Messages
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A denial of service issue was addressed through improved
validation.
CVE-2017-7118: Kiki Jiang and Jason Tokoph

MobileBackup
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Backup may perform an unencrypted backup despite a
requirement to perform only encrypted backups
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2017-7133: Don Sparks of HackediOS.com

Phone
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A screenshot of secure content may be taken when locking an
iOS device
Description: A timing issue existed in the handling of locking. This
issue was addressed by disabling screenshots while locking.
CVE-2017-7139: an anonymous researcher

Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13822: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017

Quick Look
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7132: Australian Cyber Security Centre a Australian Signals
Directorate
Entry added October 31, 2017

Safari
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7085: xisigr of Tencent's Xuanwu Lab (tencent.com)

Security
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A revoked certificate may be trusted
Description: A certificate validation issue existed in the handling
of revocation data. This issue was addressed through improved
validation.
CVE-2017-7080: an anonymous researcher, an anonymous researcher,
Sven Driemecker of adesso mobile solutions gmbh,
Rune Darrud (@theflyingcorpse) of BA|rum kommune

Security
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A malicious app may be able to track users between installs
Description: A permission checking issue existed in the handling of
an app's Keychain data. This issue was addressed with improved
permission checking.
CVE-2017-7146: an anonymous researcher

SQLite
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating to
version 3.19.3.
CVE-2017-10989: found by OSS-Fuzz
CVE-2017-7128: found by OSS-Fuzz
CVE-2017-7129: found by OSS-Fuzz
CVE-2017-7130: found by OSS-Fuzz

SQLite
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7127: an anonymous researcher

Time
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: "Setting Time Zone" may incorrectly indicate that it is using
location
Description: A permissions issue existed in the process that handles
time zone information. The issue was resolved by modifying
permissions.
CVE-2017-7145: an anonymous researcher

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-7081: Apple

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7087: Apple
CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend
Micro's Zero Day Initiative
CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend
Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360
Vulcan Team
CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend
Micro's Zero Day Initiative
CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group
CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University working with Trend Micro's Zero Day
Initiative
CVE-2017-7096: Wei Yuan of Baidu Security Lab
CVE-2017-7098: Felipe Freitas of Instituto TecnolA3gico de AeronA!utica
CVE-2017-7099: Apple
CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53
CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7104: likemeng of Baidu Secutity Lab
CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang
Technological University
CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com)
working with Trend Micro's Zero Day Initiative
CVE-2017-7117: lokihardt of Google Project Zero
CVE-2017-7120: chenqin (ee|) of Ant-financial Light-Year Security
Lab

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue existed in the handling of the parent-tab.
This issue was addressed with improved state management.
CVE-2017-7089: Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Cookies belonging to one origin may be sent to another origin
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed by no longer returning
cookies for custom URL schemes.
CVE-2017-7090: Apple

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7106: Oliver Paukstadt of Thinking Objects GmbH (to.com)

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: Application Cache policy may be unexpectedly applied.
CVE-2017-7109: avlidienbrunn

WebKit
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: A permissions issue existed in the handling of web
browser cookies. This issue was addressed with improved restrictions.
CVE-2017-7144: an anonymous researcher

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-11120: Gal Beniamini of Google Project Zero
CVE-2017-11121: Gal Beniamini of Google Project Zero

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7103: Gal Beniamini of Google Project Zero
CVE-2017-7105: Gal Beniamini of Google Project Zero
CVE-2017-7108: Gal Beniamini of Google Project Zero
CVE-2017-7110: Gal Beniamini of Google Project Zero
CVE-2017-7112: Gal Beniamini of Google Project Zero

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
execute arbitrary code with kernel privileges on the application
processor
Description: Multiple race conditions were addressed through improved
validation.
CVE-2017-7115: Gal Beniamini of Google Project Zero

Wi-Fi
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Malicious code executing on the Wi-Fi chip may be able to
read restricted kernel memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7116: Gal Beniamini of Google Project Zero

zlib
Available for:  iPhone 5s and later, iPad Air and later,
and iPod touch 6th generation
Impact: Multiple issues in zlib
Description: Multiple issues were addressed by updating to version
1.2.11.
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "11".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u8QpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEb3gRAA
mkMtw5g6ZpDFNK4MpKwfTbwIK7rNjxEh2VGvv+1VNTJJRewGiXcbl/cf5EefPJFR
RpH+8u2jjl7rgEDwRPLYY4EixRTwvOVs46MS5lzkNKjwaIhBswH6ubFIkw2MRgn9
zBbAmixTDb2HVaG2vMtmDm1PmXMq7QMau4W+G0m40bwiNBAyrqcttiiJ1NxdZsBl
LouPNKhaOCLPuDeHG6oJmPRcZCyIvNpXJGE9UA/LMKL5yPbZQpqJvYBznof/SVXq
QxvLw1D60Ki+2L2ItXEVAaAfkKh50+cn34m7rhb4ZIv3/hE86BpoFRGaAhni+QGJ
ugJ2FYciTPnbLttpZlBYfj29BMqqkYQ1HJ+xEQf3krKiQmGKWcRV4858h2GZRGkW
wwd9l1Ym4vDTNK+0yVnN58XTyOjJh/dH8t+Bzp63OUFTLiab6/3kfccozlobbivF
pZWt6fFqbn/e6Re62Xj0VfxlST5TjGqxZq0qgNJiWG9s5z0To3YcDXhJSsTyjtIj
cLM13UTPFAPj+ReTaA0wczvjoq4J6EyVD2bDOHv/iKY+7xOO9+5vTYGD3nhKjdAo
GFBCbpCtBrrrlAd6TtW1D15QBJ+/e/5uJYd9r2BIR/w3l5I7IAnNHtYV9zu/wvuM
odr7Q4DNa5UQq0VMLbsd2avIoYX+xxKQg4WUv8BbkZI=
=NYhG
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F144827)

Apple Security Advisory 2017-10-31-2 (PacketStormID:F144827)
2017-11-01 00:00:00
Apple  apple.com
advisory,vulnerability
apple
CVE-2016-2161,CVE-2016-4736,CVE-2016-5387,CVE-2016-8740,CVE-2016-8743,CVE-2017-1000100,CVE-2017-1000101,CVE-2017-11103,CVE-2017-11108,CVE-2017-11541,CVE-2017-11542,CVE-2017-11543,CVE-2017-12893,CVE-2017-12894,CVE-2017-12895,CVE-2017-12896,CVE-2017-12897,CVE-2017-12898,CVE-2017-12899,CVE-2017-12900,CVE-2017-12901,CVE-2017-12902,CVE-2017-12985,CVE-2017-12986,CVE-2017-12987,CVE-2017-1298
[点击下载]

Apple Security Advisory 2017-10-31-2 - macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address TLS weaknesses, issues in Apache, and many more vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1,
Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan

macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security
Update 2017-004 El Capitan are now available and address the
following:

802.1X
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker may be able to exploit weaknesses in TLS 1.0
Description: A protocol security issue was addressed by enabling TLS
1.1 and TLS 1.2.
CVE-2017-13832: an anonymous researcher

apache
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Apache
Description: Multiple issues were addressed by updating to version
2.4.27.
CVE-2016-736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789

APFS
Available for: macOS High Sierra 10.13
Impact: A malicious Thunderbolt adapter may be able to recover
unencrypted APFS filesystem data
Description: An issue existed in the handling of DMA. This issue was
addressed by limiting the time the FileVault decryption buffers are
DMA mapped to the duration of the I/O operation.
CVE-2017-13786: an anonymous researcher

APFS
Available for: macOS High Sierra 10.13
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13800: Sergej Schumilo of Ruhr-University Bochum

AppleScript
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to
arbitrary code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13809: an anonymous researcher

ATS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2017-13820: John Villamil, Doyensec

Audio
Available for: macOS Sierra 10.12.6
Impact: Parsing a maliciously crafted QuickTime file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13807: Yangkang (@dnpushme) of Qihoo 360 Qex Team

CFString
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13821: Australian Cyber Security Centre a Australian Signals
Directorate

CoreText
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-13825: Australian Cyber Security Centre a Australian Signals
Directorate

curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El
Capitan 10.11.6
Impact: Uploading using TFTP to a maliciously crafted URL with
libcurl may disclose application memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-1000100: Even Rouault, found by OSS-Fuzz

curl
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El
Capitan 10.11.6
Impact: Processing a maliciously crafted URL with libcurl may cause
unexpected application termination or read process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-1000101: Brian Carpenter, Yongji Ouyang

Dictionary Widget
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El
Capitan 10.11.6
Impact: Searching pasted text in the Dictionary widget may lead to
compromise of user information
Description: A validation issue existed which allowed local file
access. This was addressed with input sanitization.
CVE-2017-13801: xisigr of Tencent's Xuanwu Lab (tencent.com)

file
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in file
Description: Multiple issues were addressed by updating to version
5.31.
CVE-2017-13815

Fonts
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Rendering untrusted text may lead to spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-13828: an anonymous researcher

fsck_msdos
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13811: an anonymous researcher

Heimdal
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An attacker in a privileged network position may be able
to impersonate a service
Description: A validation issue existed in the handling of
the KDC-REP service name. This issue was addressed through improved
validation.
CVE-2017-11103: Jeffrey Altman, Viktor Duchovni, and Nico Williams

HelpViewer
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A quarantined HTML file may execute arbitrary JavaScript
cross-origin
Description: A cross-site scripting issue existed in HelpViewer. This
issue was addressed by removing the affected file.
CVE-2017-13819: an anonymous researcher

HFS
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13830: Sergej Schumilo of Ruhr-University Bochum

ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2017-13814: Australian Cyber Security Centre a Australian Signals
Directorate

ImageIO
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An information disclosure issue existed in the
processing of disk images. This issue was addressed through improved
memory management.
CVE-2017-13831: an anonymous researcher

Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to leak sensitive user information
Description: A permissions issue existed in kernel packet counters.
This issue was addressed through improved permission validation.
CVE-2017-13810: an anonymous researcher

Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed through improved
input validation.
CVE-2017-13817: Maxime Villard (m00nbsd)

Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13818: The UK's National Cyber Security Centre (NCSC)
CVE-2017-13836: an anonymous researcher, an anonymous researcher
CVE-2017-13841: an anonymous researcher
CVE-2017-13840: an anonymous researcher
CVE-2017-13842: an anonymous researcher
CVE-2017-13782: Kevin Backhouse of Semmle Ltd.

Kernel
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13799: an anonymous researcher

Kernel
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13843: an anonymous researcher

Kernel
Available for: macOS Sierra 10.12.6
Impact: Processing a malformed mach binary may lead to arbitrary code
execution
Description: A memory corruption issue was addressed through improved
validation.
CVE-2017-13834: Maxime Villard (m00nbsd)

libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-13813: found by OSS-Fuzz
CVE-2017-13816: found by OSS-Fuzz

libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in libarchive.
These issues were addressed through improved input validation.
CVE-2017-13812: found by OSS-Fuzz

libarchive
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2016-4736: Proteas of Qihoo 360 Nirvan Team

Open Scripting Architecture
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Decompiling an AppleScript with osadecompile may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13824: an anonymous researcher

PCRE
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.40.
CVE-2017-13846

Postfix
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Multiple issues in Postfix
Description: Multiple issues were addressed by updating to version
3.2.2.
CVE-2017-13826: an anonymous researcher

Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13822: Australian Cyber Security Centre a Australian Signals
Directorate

Quick Look
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7132: Australian Cyber Security Centre a Australian Signals
Directorate

QuickTime
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13823: an anonymous researcher

Remote Management
Available for: macOS Sierra 10.12.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13808: an anonymous researcher

Sandbox
Available for: macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13838: an anonymous researcher

StreamingZip
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El
Capitan 10.11.6
Impact: A malicious zip file may be able modify restricted areas of
the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2017-13804: @qwertyoruiopz at KJC Research Intl. S.R.L.

tcpdump
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6
Impact: Multiple issues in tcpdump
Description: Multiple issues were addressed by updating to version
4.9.2.
CVE-2017-11108
CVE-2017-11541
CVE-2017-11542
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725

Wi-Fi
Available for: macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El
Capitan 10.11.6
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

macOS High Sierra 10.13.1 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAln4u74pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEZL1A//
WjcVy4745VcW+I0+qKZta734BUyZNPmQ+Jq5t5wt5tJN87UjQGfxNOtw8/BMC2hy
bd9FOtfIPzPvEyjiVJCE2LZPNAIh/DUWzo8XozKHgbjjN4vxodnVwLXQ3rMMXqBI
yiQseOurBofRKXyQwi+6nx6DhzvX63d0dsdXHfnpEKYDjPLRWDQOk92d6SxJqtYM
tpYWiDJkssYEIS/oTlffOfwSvo2P5qffSEgsKjS4MvXLmG98IEAacEGmszpddeDZ
8SALW7QFrlYQNXi8YY0U9jc9em2aiaLKs0icuCKSxrcnvkB1T/8b23tG/SmnZ6vu
yaFKFdMShtnmtMOr2FRg6tvQOn0traIbUMbh+7MDpr7IZIq2Nj5PanqMvQZ3R/tQ
wfIN7buS/HACZycceaJu7y5GNjL3u2y3fsNLcMzUADkf5Z1LwcihPuh3563uzlho
HcGolNk19S0Q/+ixWYDvJoLEaQmA7PPOdsCIlj8IGJgw42P78iuE+NBhQuttn/35
siLGxUUpWyXlFWoZvbLVM1jk7SUnrCSQWyRTvnh80Gdq+zym5N986uP7+9/GUIZ/
4e4I5edR85eC1Nfhqbceg4U0wc2/Ox+l9Cah+awIbemt1MtigjT9Hkwd+xUMwTN6
/49TlNfE12+rdM9LB5L7+zgUPbhsQzH/l23fK6mIPAs=
=pFCC
-----END PGP SIGNATURE-----
    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站