97147

1038138

https://support.apple.com/HT207615

https://support.apple.com/HT207617

The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - apache
  - apache_mod_php
  - AppleGraphicsPowerManagement
  - AppleRAID
  - Audio
  - Bluetooth
  - Carbon
  - CoreGraphics
  - CoreMedia
  - CoreText
  - curl
  - EFI
  - FinderKit
  - FontParser
  - HTTPProtocol
  - Hypervisor
  - iBooks
  - ImageIO
  - Intel Graphics Driver
  - IOATAFamily
  - IOFireWireAVC
  - IOFireWireFamily
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - LibreSSL
  - MCX Client
  - Menus
  - Multi-Touch
  - OpenSSH
  - OpenSSL
  - Printing
  - python
  - QuickTime
  - Security
  - SecurityFoundation
  - sudo
  - System Integrity Protection
  - tcpdump
  - tiffutil
  - WebKit

The version of Apple iOS running on the mobile device is prior to 10.3. It is, therefore, affected by multiple vulnerabilities in multiple components, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows :

  - Accounts
  - Audio
  - Carbon
  - CoreGraphics
  - CoreText
  - DataAccess
  - FontParser
  - HomeKit
  - HTTPProtocol
  - ImageIO
  - iTunes Store
  - JavaScriptCore
  - Kernel
  - Keyboards
  - libarchive
  - libc++abi
  - libxslt
  - Pasteboard
  - Phone
  - Profiles
  - Quick Look
  - Safari
  - Safari Reader
  - SafariViewController
  - Security
  - Siri
  - WebKit
  - WebKit JavaScript Bindings
  - WebKit Web Inspector

The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities :

 - An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)
 - An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)
 - A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391)
 - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)

Additional flaws exist in the following components :

 - Carbon (CVE-2017-2379)
 - CoreGraphics (CVE-2017-2417)
 - DataAccess (CVE-2017-2414)
 - FontParser (CVE-2017-2406, CVE-2017-2407)
 - iCloud (CVE-2017-2397)
 - ImageIO (CVE-2017-2416)
 - iTunes Store (CVE-2017-2412)
 - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490)
 - libarchive (CVE-2017-2390)
 - Pasteboard (CVE-2017-2399)
 - Quick Look (CVE-2017-2404)
 - Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400)
 - Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)

The remote host is running a version of Mac OS X version 10.x prior to 10.12.4 , and is affected by multiple vulnerabilities :

 - A format string flaw exists that is triggered as string format specifiers (e.g. %s and %x) are not properly used when handling IPP(S) links. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2403)
 - A flaw exists in the 'SecKeyRawVerify()' function that is triggered as parameters are not properly validated during the handling of cryptographic API call. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
 - A type confusion flaw exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2430)
 - A use-after-free flaw exists in 'libc++' that is triggered when demangling C++ applications. This may allow a malicious application to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2441)
 - A flaw exists as OTR packets are not properly validated. By spoofing the TLS/SSL server via a packet that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data. (CVE-2017-2448)
 - An overflow condition exists that is triggered as certain input is not properly validated when parsing specially crafted M4A audio files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing execution of arbitrary code. (CVE-2017-2462)
 - An unspecified flaw exists that is triggered as certain input is not properly validated when parsing X.509 certificates. This may allow a context dependent-attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2485)

Additional flaws exist in the following components :

 - AppleGraphicsPowerManagement (CVE-2017-2421)
 - AppleRAID (CVE-2017-2438)
 - Bluetooth (CVE-2017-2420, CVE-2017-2427, CVE-2017-2449)
 - Carbon (CVE-2017-2379)
 - CoreGraphics (CVE-2017-2417)
 - CoreMedia (2017-2431)
 - CoreText (CVE-2017-2435, CVE-2017-2450, CVE-2017-2461)
 - EFI (CVE-2016-7585)
 - Finderkit (CVE-2017-2429)
 - FontParser (CVE-2017-2406, CVE-2017-2407, CVE-2017-2439, CVE-2017-2487)
 - Hypervisor (CVE-2017-2418)
 - iBooks (CVE-2017-2426)
 - IOATAFamily (CVE-2017-2408)
 - IOFireWireAVC (CVE-2017-2436, CVE-2017-2437)
 - IOFireWireFamily (CVE-2017-2388)
 - ImageIO (CVE-2017-2416, CVE-2017-2432, CVE-2017-2467)
 - Intel Graphics (CVE-2017-2443)
 - Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2410, 2017-2440, 2017-2456, CVE-2017-2472, CVE-2017-2473, CVE-2017-2474, CVE-2017-2478, CVE-2017-2482, CVE-2017-2483, CVE-2017-2489, CVE-2017-2490)
 - Keyboards (CVE-2017-2458)
 - libarchive (CVE-2017-2390)
 - libxslt (CVE-2017-2477)
 - MCX (CVE-2017-2402)
 - Menus (CVE-2017-2409)
 - Multi-touch (CVE-2017-2422)
 - nghttp2 (CVE-2017-2428)
 - QuickTime (2017-2413)
 - Security (2017-2451, 2017-6974)
 - SecurityFoundation (CVE-2017-2425)
 - sudo (CVE-2017-2381)
 - WebKit (CVE-2017-2392, CVE-2017-2457, CVE-2017-2486)

ID	Name	Product	Family	Severity
99134	macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)	Nessus	MacOS X Local Security Checks	critical
99127	Apple iOS < 10.3 Multiple Vulnerabilities	Nessus	Mobile Devices	critical
700034	Apple iOS < 10.3 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
700032	Mac OS X 10.x < 10.12.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical

CVE-2017-2423

critical

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

high

critical