https://github.com/Quindecim/Orbis-Exploit-5.x

https://support.apple.com/HT207798

https://support.apple.com/HT207801

https://support.apple.com/HT207804

42188

The version of Apple iOS running on the mobile device is prior to 10.3.2. It is, therefore, affected by multiple vulnerabilities :

  - Multiple memory corruption issues exist in the WebKit     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     these issues, by convincing a user to visit a specially     crafted website, to execute arbitrary code.
    (CVE-2017-2496, CVE-2017-2505, CVE-2017-2506,     CVE-2017-2514, CVE-2017-2515, CVE-2017-2521,     CVE-2017-2525, CVE-2017-2526, CVE-2017-2530,     CVE-2017-2531, CVE-2017-2538, CVE-2017-2539,     CVE-2017-2544, CVE-2017-2547, CVE-2017-6980,     CVE-2017-6984)

  - A security bypass vulnerability exists in the Security     component in the certificate trust policy. An     unauthenticated, remote attacker can exploit this to     cause untrusted certificates to be treated at trusted.
    (CVE-2017-2498)

  - A memory corruption issue exists in the WebKit Web     Inspector component that allows an unauthenticated,     remote attacker to execute arbitrary code.
    (CVE-2017-2499)

  - An unspecified flaw exists in the Safari component in     the history menu functionality. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition. (CVE-2017-2495)

  - A state management flaw exists in the iBooks component     due to improper handling of URLs. An unauthenticated,     remote attacker can exploit this, via a specially     crafted book, to open arbitrary websites without user     permission. (CVE-2017-2497)

  - A local privilege escalation vulnerability exists in the     Kernel component due to a race condition. A local     attacker can exploit this to execute arbitrary code with     kernel-level privileges. (CVE-2017-2501)

  - An information disclosure vulnerability exists in the     CoreAudio component due to improper sanitization of     user-supplied input. A local attacker can exploit this     to read the contents of restricted memory.
    (CVE-2017-2502)

  - Multiple universal cross-site scripting (XSS)     vulnerabilities exist in WebKit due to improper handling     of WebKit Editor commands, container nodes, pageshow     events, frame loading, and cached frames. An     unauthenticated, remote attacker can exploit this, via a     specially crafted web page, to execute arbitrary script     code in a user's browser session. (CVE-2017-2504,     CVE-2017-2508, CVE-2017-2510, CVE-2017-2528,     CVE-2017-2549)

  - Multiple information disclosure vulnerabilities exist     in the Kernel component due to improper sanitization of     user-supplied input. A local attacker can exploit these     to read the contents of restricted memory.
    (CVE-2017-2507, CVE-2017-6987)

  - A use-after-free error exists in the SQLite component     when handling SQL queries. An unauthenticated, remote     attacker can exploit this to deference already freed     memory, resulting in the execution of arbitrary code.
    (CVE-2017-2513)

  - Multiple buffer overflow conditions exist in the SQLite     component due to the improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit these, via a specially crafted SQL query, to     execute arbitrary code. (CVE-2017-2518, CVE-2017-2520)

  - A memory corruption issue exists in the SQLite component     when handling SQL queries. An unauthenticated, remote     attacker can exploit this, via a specially crafted SQL     query, to execute arbitrary code. (CVE-2017-2519)

  - An unspecified memory corruption issue exists in the     TextInput component when parsing specially crafted data.
    An unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2017-2524)

  - Multiple unspecified flaws exist in WebKit that allow     an unauthenticated, remote attacker to corrupt memory     and execute arbitrary code by using specially crafted     web content. (CVE-2017-2536)

  - An unspecified flaw exists in the IOSurface component     that allows a local attacker to corrupt memory and     execute arbitrary code with kernel-level privileges.
    (CVE-2017-6979)

  - A logic error exists in the iBooks component due to     improper path validation for symlinks. A local attacker     can exploit this to execute arbitrary code with root     privileges. (CVE-2017-6981)

  - An unspecified flaw exists in the Notifications     component that allows a local attacker to cause a denial     of service condition via a specially crafted     application. (CVE-2017-6982)

  - Multiple memory corruption issues exist in SQLite due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these, by     convincing a user to visit a specially crafted website,     to execute arbitrary code.
    (CVE-2017-6983, CVE-2017-6991)

  - An unspecified flaw exists in the AVEVideoEncoder     component that allows a local attacker, via a specially     crafted application, to corrupt memory and execute     arbitrary code with kernel-level privileges.
    (CVE-2017-6989)

  - Multiple type confusion flaws exist in SQLite due to     improper validation of user-supplied input to 'snippet',     'offsets', and 'matchinfo'. An unauthenticated, remote     attacker can exploit these, by convincing a user to     visit a specially crafted website, to execute arbitrary     code. (CVE-2017-7000, CVE-2017-7001, CVE-2017-7002)

  - A denial of service vulnerability exists in the     CoreText component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to crash     an application. (CVE-2017-7003)

  - A race condition exists when performing userspace     entitlement checks. A local attacker can exploit this to     bypass restrictions and send privileged XPC messages     without entitlements. (CVE-2017-7004)

  - A memory corruption issue exists in the JavaScriptCore     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this, via specially crafted web content, to cause a     denial of service condition or the execution of     arbitrary code. (CVE-2017-7005)

According to its banner, the version of Apple TV on the remote device is prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities :

  - A memory corruption issue exists in the WebKit Web     Inspector component that allows an unauthenticated,     remote attacker to execute arbitrary code.
    (CVE-2017-2499)

  - An unspecified race condition exists in the Kernel     component that allows a local attacker to execute     arbitrary code with kernel-level privileges.
    (CVE-2017-2501)

  - An information disclosure vulnerability exists in the     CoreAudio component due to improper sanitization of     certain input. A local attacker can exploit this to read     the contents of restricted memory. (CVE-2017-2502)

  - A universal cross-site scripting (XSS) vulnerability     exists in WebKit due to a logic flaw when handling     WebKit Editor commands. An unauthenticated, remote     attacker can exploit this, via a specially crafted web     page, to execute arbitrary script code in a user's     browser session. (CVE-2017-2504)

  - Multiple memory corruption issues exist in WebKit due to     improper validation of certain input. An     unauthenticated, remote attacker can exploit these to     execute arbitrary code. (CVE-2017-2505, CVE-2017-2515,     CVE-2017-2521, CVE-2017-2530, CVE-2017-2531,     CVE-2017-6980, CVE-2017-6984)

  - Multiple information disclosure vulnerabilities exist     in the Kernel component due to improper sanitization of     certain input. A local attacker can exploit these to     read the contents of restricted memory. (CVE-2017-2507,     CVE-2017-6987)

  - A use-after-free error exists in the SQLite component     when handling SQL queries. An unauthenticated, remote     attacker can exploit this to deference already freed     memory, resulting in the execution of arbitrary code.
    (CVE-2017-2513)

  - Multiple buffer overflow conditions exist in the SQLite     component due to the improper validation of certain     input. An unauthenticated, remote attacker can exploit     these, via a specially crafted SQL query, to execute     arbitrary code. (CVE-2017-2518, CVE-2017-2520)

  - A memory corruption issue exists in the SQLite component     when handling SQL queries. An unauthenticated, remote     attacker can exploit this, via a specially crafted     query, to execute arbitrary code. (CVE-2017-2519)

  - An unspecified memory corruption issue exists in the     TextInput component when parsing specially crafted data.
    An unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2017-2524)

  - A use-after-free error exists in WebKit when handling     RenderLayer objects. An unauthenticated, remote attacker     can exploit this, via a specially crafted web page, to     deference already freed memory, resulting in the     execution of arbitrary code. (CVE-2017-2525)

  - Multiple unspecified flaws exist in WebKit that allow     an unauthenticated, remote attacker to corrupt memory     and execute arbitrary code by using specially crafted     web content. (CVE-2017-2536)

  - A universal cross-site scripting (XSS) vulnerability     exists in WebKit due to a logic error when handling     frame loading. An unauthenticated, remote attacker can     exploit this, via a specially crafted web page, to     execute arbitrary code in a user's browser session.
    (CVE-2017-2549)

  - An unspecified flaw exists in the IOSurface component     that allows a local attacker to corrupt memory and     execute arbitrary code with kernel-level privileges.
    (CVE-2017-6979)

  - An unspecified flaw exists in the AVEVideoEncoder     component that allows a local attacker, via a specially     crafted application, to corrupt memory and execute     arbitrary code with kernel-level privileges.
    (CVE-2017-6989)

  - A denial of service vulnerability exists in the     CoreText component due to improper validation of     user-supplied input. An unauthenticated, remote attacker     can exploit this, via a specially crafted file, to crash     an application. (CVE-2017-7003)

  - A memory corruption issue exists in the JavaScriptCore     component due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this, via specially crafted web content, to cause a     denial of service condition or the execution of     arbitrary code. (CVE-2017-7005)

Note that only 4th generation models are affected by these vulnerabilities.

ID	Name	Product	Family	Severity
100269	Apple iOS < 10.3.2 Multiple Vulnerabilities	Nessus	Mobile Devices	high
100256	Apple TV < 10.2.1 Multiple Vulnerabilities	Nessus	Misc.	high

CVE-2017-7005

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

high