95728

1037668

GLSA-201706-15

https://support.apple.com/HT207482

https://support.apple.com/HT207484

https://support.apple.com/HT207485

https://support.apple.com/HT207487

41449

This update for webkit2gtk3 fixes the following issues :

Update to version 2.18.5 :

  + Disable SharedArrayBuffers from Web API.

  + Reduce the precision of 'high' resolution time to 1ms.

  + bsc#1075419 - Security fixes: includes improvements to     mitigate the effects of Spectre and Meltdown     (CVE-2017-5753 and CVE-2017-5715).

Update to version 2.18.4 :

  + Make WebDriver implementation more spec compliant.

  + Fix a bug when trying to remove cookies before a web     process is spawned.

  + WebKitWebDriver process no longer links to     libjavascriptcoregtk.

  + Fix several memory leaks in GStreamer media backend.

  + bsc#1073654 - Security fixes: CVE-2017-13866,     CVE-2017-13870, CVE-2017-7156, CVE-2017-13856.

Update to version 2.18.3 :

  + Improve calculation of font metrics to prevent     scrollbars from being shown unnecessarily in some cases.

  + Fix handling of null capabilities in WebDriver     implementation.

  + Security fixes: CVE-2017-13798, CVE-2017-13788,     CVE-2017-13803.

Update to version 2.18.2 :

  + Fix rendering of arabic text.

  + Fix a crash in the web process when decoding GIF images.

  + Fix rendering of wind in Windy.com.

  + Fix several crashes and rendering issues.

Update to version 2.18.1 :

  + Improve performance of GIF animations.

  + Fix garbled display in GMail.

  + Fix rendering of several material design icons when     using the web font.

  + Fix flickering when resizing the window in Wayland.

  + Prevent default kerberos authentication credentials from     being used in ephemeral sessions.

  + Fix a crash when webkit_web_resource_get_data() is     cancelled.

  + Correctly handle touchmove and touchend events in     WebKitWebView.

  + Fix the build with enchant 2.1.1.

  + Fix the build in HPPA and Alpha.

  + Fix several crashes and rendering issues.

  + Security fixes: CVE-2017-7081, CVE-2017-7087,     CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,     CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,     CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,     CVE-2017-7099, CVE-2017-7100, CVE-2017-7102,     CVE-2017-7104, CVE-2017-7107, CVE-2017-7109,     CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,     CVE-2017-7142.

  - Enable gold linker on s390/s390x on SLE15/Tumbleweed.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5 :

  + Disable SharedArrayBuffers from Web API.

  + Reduce the precision of 'high' resolution time to 1ms.

  + bsc#1075419 - Security fixes: includes improvements to     mitigate the effects of Spectre and Meltdown     (CVE-2017-5753 and CVE-2017-5715). Update to version     2.18.4 :

  + Make WebDriver implementation more spec compliant.

  + Fix a bug when trying to remove cookies before a web     process is spawned.

  + WebKitWebDriver process no longer links to     libjavascriptcoregtk.

  + Fix several memory leaks in GStreamer media backend.

  + bsc#1073654 - Security fixes: CVE-2017-13866,     CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. Update to     version 2.18.3 :

  + Improve calculation of font metrics to prevent     scrollbars from being shown unnecessarily in some cases.

  + Fix handling of null capabilities in WebDriver     implementation.

  + Security fixes: CVE-2017-13798, CVE-2017-13788,     CVE-2017-13803. Update to version 2.18.2 :

  + Fix rendering of arabic text.

  + Fix a crash in the web process when decoding GIF images.

  + Fix rendering of wind in Windy.com.

  + Fix several crashes and rendering issues. Update to     version 2.18.1 :

  + Improve performance of GIF animations.

  + Fix garbled display in GMail.

  + Fix rendering of several material design icons when     using the web font.

  + Fix flickering when resizing the window in Wayland.

  + Prevent default kerberos authentication credentials from     being used in ephemeral sessions.

  + Fix a crash when webkit_web_resource_get_data() is     cancelled.

  + Correctly handle touchmove and touchend events in     WebKitWebView.

  + Fix the build with enchant 2.1.1.

  + Fix the build in HPPA and Alpha.

  + Fix several crashes and rendering issues.

  + Security fixes: CVE-2017-7081, CVE-2017-7087,     CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,     CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,     CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,     CVE-2017-7099, CVE-2017-7100, CVE-2017-7102,     CVE-2017-7104, CVE-2017-7107, CVE-2017-7109,     CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,     CVE-2017-7142.

  - Enable gold linker on s390/s390x on SLE15/Tumbleweed.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for webkit2gtk3 to version 2.18.0 fixes the following issues :

These security issues were fixed :

  - CVE-2017-7039: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7018: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7030: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7037: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7034: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7055: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7056: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7064: An issue was fixed that allowed remote     attackers to bypass intended memory-read restrictions     via a crafted app (bsc#1050469).

  - CVE-2017-7061: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7048: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7046: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-2538: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1045460)

  - CVE-2017-2496: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2539: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2510: An issue was fixed that allowed remote     attackers to conduct Universal XSS (UXSS) attacks via a     crafted website that improperly interacts with pageshow     events.

  - CVE-2017-2365: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2366: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2373: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2363: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2362: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2354: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749).

  - CVE-2017-2355: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (uninitialized memory access and application     crash) via a crafted website (bsc#1024749)

  - CVE-2017-2356: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2371: An issue was fixed that allowed remote     attackers to launch popups via a crafted website     (bsc#1024749)

  - CVE-2017-2364: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site     (bsc#1024749)

  - CVE-2017-2369: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2016-7656: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7635: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7654: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7639: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7645: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7652: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7641: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7632: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7599: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted web site that used     HTTP redirects (bsc#1020950)

  - CVE-2016-7592: An issue was fixed that allowed remote     attackers to obtain sensitive information via crafted     JavaScript prompts on a website (bsc#1020950)

  - CVE-2016-7589: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7623: An issue was fixed that allowed remote     attackers to obtain sensitive information via a blob URL     on a website (bsc#1020950)

  - CVE-2016-7586: An issue was fixed that allowed remote     attackers to obtain sensitive information via a crafted     website (bsc#1020950)

For other non-security fixes please check the changelog.

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for webkit2gtk3 to version 2.18.0 fixes the following issues: These security issues were fixed :

  - CVE-2017-7039: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7018: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7030: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7037: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7034: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7055: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7056: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7064: An issue was fixed that allowed remote     attackers to bypass intended memory-read restrictions     via a crafted app (bsc#1050469).

  - CVE-2017-7061: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7048: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-7046: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1050469).

  - CVE-2017-2538: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1045460)

  - CVE-2017-2496: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2539: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website.

  - CVE-2017-2510: An issue was fixed that allowed remote     attackers to conduct Universal XSS (UXSS) attacks via a     crafted website that improperly interacts with pageshow     events.

  - CVE-2017-2365: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2366: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2373: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2363: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2362: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2350: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2354: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749).

  - CVE-2017-2355: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (uninitialized memory access and application     crash) via a crafted website (bsc#1024749)

  - CVE-2017-2356: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2017-2371: An issue was fixed that allowed remote     attackers to launch popups via a crafted website     (bsc#1024749)

  - CVE-2017-2364: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website     (bsc#1024749)

  - CVE-2017-2369: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1024749)

  - CVE-2016-7656: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7635: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7654: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7639: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7645: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7652: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7641: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7632: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7599: An issue was fixed that allowed remote     attackers to bypass the Same Origin Policy and obtain     sensitive information via a crafted website that used     HTTP redirects (bsc#1020950)

  - CVE-2016-7592: An issue was fixed that allowed remote     attackers to obtain sensitive information via crafted     JavaScript prompts on a web site (bsc#1020950)

  - CVE-2016-7589: An issue was fixed that allowed remote     attackers to execute arbitrary code or cause a denial of     service (memory corruption and application crash) via a     crafted website (bsc#1020950)

  - CVE-2016-7623: An issue was fixed that allowed remote     attackers to obtain sensitive information via a blob URL     on a website (bsc#1020950)

  - CVE-2016-7586: An issue was fixed that allowed remote     attackers to obtain sensitive information via a crafted     website (bsc#1020950) For other non-security fixes     please check the changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201706-15 (WebKitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebKitGTK+. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attack can use multiple vectors to execute arbitrary code or       cause a denial of service condition.
  Workaround :

    There is no known workaround at this time.

This update addresses the following vulnerabilities :

  -     [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2350),     [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2354),     [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2355),     [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2356),     [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2362),     [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2363),     [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2364),     [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2365),     [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2366),     [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2369),     [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2371),     [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cg     i?name=CVE-2017-2373)

Additional fixes :

  - Make accelerating compositing mode on-demand again. By     default it will only be used for websites that require     it, saving a lot of memory on websites that don&rsquo;t     need it.

  - Release unused UpdateAtlas and reduce the tile coverage     on memory pressure.

  - The media backend now stores preloaded media in /var/tmp     instead of user cache dir.

  - Make inspector work again when accelerated compositing     support is disabled.

  - Fix a deadlock when the media player is destroyed.

  - Fix network process crashes when loading custom URI     schemes.

  - Fix overlay scrollbars that are over a subframe.

  - Fix a crash in GraphicsContext3D::drawArrays when using     OpenGL 3.2 core profile.

  - Fix BadDamage X errors happening when resizing the     WebView.

  - Fix several crashes and rendering issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of Apple TV earlier than 10.1.1 are affected by multiple vulnerabilities in the following components :

 - CoreText
 - Kernel 
 - syslog
 - WebKit

Versions of Safari prior to 10.0.3 are affected by multiple vulnerabilities :

 - A prototype access flaw exists that is triggered when handling exceptions. With specially crafted web content, a context-dependent attacker may exfiltrate cross-origin data. (CVE-2017-2350)
 - A type confusion flaw exists that is triggered as input is not properly validated when handling SearchInputType objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2354)
 - An unspecified memory initialization flaw exists that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided. (CVE-2017-2355)
 - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2356)
 - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2359)
 - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2362, CVE-2017-2366, CVE-2017-2369)
 - A flaw exists that is triggered as input is not properly validated when handling page loading. This may allow a context-dependent attacker to exfiltrate cross-origin data. (CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2373)

According to its banner, the version of Apple TV on the remote device is prior to 10.1.1. It is, therefore, affected by multiple vulnerabilities :

  - A stack-based buffer overflow condition exists in     libarchive in the bsdtar_expand_char() function within     file util.c due to improper validation of certain     unspecified input. An unauthenticated, remote attacker     can exploit this, via a specially crafted archive, to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2016-8687)

  - A prototype access flaw exists in WebKit when handling     exceptions. An unauthenticated, remote attacker can     exploit this, via specially crafted web content, to     disclose cross-origin data. (CVE-2017-2350)

  - A type confusion error exists in WebKit when handling     SearchInputType objects due to improper validation of     certain unspecified input. An unauthenticated, remote     attacker can exploit this, via specially crafted web     content, to execute arbitrary code. (CVE-2017-2354)

  - An unspecified memory initialization flaw exists in     WebKit that allows an unauthenticated, remote attacker     to execute arbitrary code via specially crafted web     content. (CVE-2017-2355)

  - Multiple memory corruption issues exist in WebKit due to     improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit these, via     specially crafted web content, to execute arbitrary     code. (CVE-2017-2356, CVE-2017-2362, CVE-2017-2369,     CVE-2017-2373)

  - A use-after-free error exists in the host_self_trap mach     trap. A local attacker can exploit this, via a specially     crafted application, to dereference already freed memory     and thereby execute arbitrary code with kernel     privileges. (CVE-2017-2360)

  - A flaw exists in WebKit when handling page loading due     to improper validation of certain unspecified input.
    An unauthenticated, remote attacker can exploit this,     via specially crafted web content, to disclose     cross-origin data. (CVE-2017-2363)

  - A flaw exists in WebKit when handling variables due     to improper validation of certain unspecified input.
    An unauthenticated, remote attacker can exploit this,     via specially crafted web content, to disclose     cross-origin data. (CVE-2017-2365)

  - A heap buffer overflow condition exists in the     mach_voucher_extract_attr_recipe_trap() function due to     improper validation of certain unspecified input. A     local attacker can exploit this, via a specially     crafted application, to cause a denial of service     condition or the execution of arbitrary code with     kernel privileges. (CVE-2017-2370)

Note that only 4th generation models are affected by these vulnerabilities.

The version of iOS running on the mobile device is prior to 10.2.1, and is affected by multiple vulnerabilities :

 - A prototype access flaw exists that is triggered when handling exceptions. With specially crafted web content, a context-dependent attacker may exfiltrate cross-origin data. (CVE-2017-2350)
 - A flaw exists in WiFi that is triggered when handling user input. This may allow a physically present attacker to bypass the lock and briefly access the home screen. (CVE-2017-2351)
 - A logic flaw exists related to state management in Auto Unlock. This may allow a physically present attacker to potentially unlock a watch when it is off the user's wrist. (CVE-2017-2352)
 - A type confusion flaw exists that is triggered as input is not properly validated when handling 'SearchInputType' objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2354)
 - An unspecified memory initialization flaw exists that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided. (CVE-2017-2355)
 - A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2356, CVE-2017-2362, CVE-2017-2366, CVE-2017-2369, CVE-2017-2373)
 - A use-after-free error exists in the 'host_self_trap' mach trap. This may allow a local attacker to dereference already freed memory and gain elevated privileges. (CVE-2017-2360)
 - A flaw exists that is triggered as input is not properly validated when handling page loading. This may allow a context-dependent attacker to exfiltrate cross-origin data. (CVE-2017-2363, CVE-2017-2364)
 - A flaw exists that is triggered as input is not properly validated when handling variables. This may allow a context-dependent attacker to exfiltrate cross-origin data. (CVE-2017-2365)
 - A flaw exists in Contacts that is triggered as input is not properly validated during the handling of a specially crafted contact card. This may allow a context-dependent attacker to crash the system. (CVE-2017-2368)
 - An overflow condition exists in the 'mach_voucher_extract_attr_recipe_trap()' function that is triggered as certain input is not properly validated. This may allow a local attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-2370)
 - An unspecified flaw exists that may allow a context-dependent attacker to bypass popup restrictions via a specially crafted website. No further details have been provided. (CVE-2017-2371)

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.0.3. It is, therefore, affected by multiple vulnerabilities :

  - A prototype access flaw exists in WebKit when handling     exceptions. An unauthenticated, remote attacker can     exploit this, via specially crafted web content, to     disclose cross-origin data. (CVE-2017-2350)

  - Multiple memory corruption issues exist in WebKit due to     improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit these, via     specially crafted web content, to corrupt memory,     resulting in the execution of arbitrary code.
    (CVE-2017-2354, CVE-2017-2356, CVE-2017-2362,     CVE-2017-2366, CVE-2017-2369, CVE-2017-2373)

  - An unspecified memory initialization flaw exists in     WebKit that allows an unauthenticated, remote attacker     to execute arbitrary code. (CVE-2017-2355)

  - An unspecified state management flaw exists that allows     an unauthenticated, remote attacker to spoof the address     bar. (CVE-2017-2359)

  - Multiple flaws exist in WebKit when handling page     loading due to improper validation of certain     unspecified input. An unauthenticated, remote attacker     can exploit these, via specially crafted web content, to     disclose cross-origin data. (CVE-2017-2363,     CVE-2017-2364)

  - A flaw exists in WebKit when handling variables due to     improper validation of certain unspecified input. An     unauthenticated, remote attacker can exploit this, via     specially crafted web content, to disclose cross-origin     data. (CVE-2017-2365)

The version of Apple iOS running on the mobile device is prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities in multiple components, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - Auto Unlock
  - Contacts
  - Kernel
  - libarchive
  - WebKit
  - WiFi

ID	Name	Product	Family	Severity
106549	openSUSE Security Update : webkit2gtk3 (openSUSE-2018-118) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106370	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2018:0219-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
104526	openSUSE Security Update : webkit2gtk3 (openSUSE-2017-1268)	Nessus	SuSE Local Security Checks	medium
104428	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2017:2933-1)	Nessus	SuSE Local Security Checks	medium
100675	GLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
97448	Fedora 25 : webkitgtk4 (2017-0beb752b6e)	Nessus	Fedora Local Security Checks	medium
97428	Fedora 24 : webkitgtk4 (2017-b1abcbe695)	Nessus	Fedora Local Security Checks	medium
97222	Ubuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3200-1)	Nessus	Ubuntu Local Security Checks	medium
9932	Apple TV < 10.1.1 Multiple Vulnerabilities	Nessus Network Monitor	Internet Services	high
9931	Safari < 10.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
96877	Apple TV < 10.1.1 Multiple Vulnerabilities	Nessus	Misc.	high
9929	Apple iOS < 10.2.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
96798	macOS : Apple Safari < 10.0.3 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
96730	Apple iOS < 10.2.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2017-2363

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Tenable Plugins