Apple iOS < 10.3.2 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The version of Apple iOS running on the mobile device is affected by
multiple vulnerabilities.

Description :

The version of Apple iOS running on the mobile device is prior to
10.3.2. It is, therefore, affected by multiple vulnerabilities :

- Multiple memory corruption issues exist in the WebKit
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
these issues, by convincing a user to visit a specially
crafted website, to execute arbitrary code.
(CVE-2017-2496, CVE-2017-2505, CVE-2017-2506,
CVE-2017-2514, CVE-2017-2515, CVE-2017-2521,
CVE-2017-2525, CVE-2017-2526, CVE-2017-2530,
CVE-2017-2531, CVE-2017-2538, CVE-2017-2539,
CVE-2017-2544, CVE-2017-2547, CVE-2017-6980,
CVE-2017-6984)

- A security bypass vulnerability exists in the Security
component in the certificate trust policy. An
unauthenticated, remote attacker can exploit this to
cause untrusted certificates to be treated at trusted.
(CVE-2017-2498)

- A memory corruption issue exists in the WebKit Web
Inspector component that allows an unauthenticated,
remote attacker to execute arbitrary code.
(CVE-2017-2499)

- An unspecified flaw exists in the Safari component in
the history menu functionality. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition. (CVE-2017-2495)

- A state management flaw exists in the iBooks component
due to improper handling of URLs. An unauthenticated,
remote attacker can exploit this, via a specially
crafted book, to open arbitrary websites without user
permission. (CVE-2017-2497)

- A local privilege escalation vulnerability exists in the
Kernel component due to a race condition. A local
attacker can exploit this to execute arbitrary code with
kernel-level privileges. (CVE-2017-2501)

- An information disclosure vulnerability exists in the
CoreAudio component due to improper sanitization of
user-supplied input. A local attacker can exploit this
to read the contents of restricted memory.
(CVE-2017-2502)

- Multiple universal cross-site scripting (XSS)
vulnerabilities exist in WebKit due to improper handling
of WebKit Editor commands, container nodes, pageshow
events, frame loading, and cached frames. An
unauthenticated, remote attacker can exploit this, via a
specially crafted web page, to execute arbitrary script
code in a user's browser session. (CVE-2017-2504,
CVE-2017-2508, CVE-2017-2510, CVE-2017-2528,
CVE-2017-2549)

- Multiple information disclosure vulnerabilities exist
in the Kernel component due to improper sanitization of
user-supplied input. A local attacker can exploit these
to read the contents of restricted memory.
(CVE-2017-2507, CVE-2017-6987)

- A use-after-free error exists in the SQLite component
when handling SQL queries. An unauthenticated, remote
attacker can exploit this to deference already freed
memory, resulting in the execution of arbitrary code.
(CVE-2017-2513)

- Multiple buffer overflow conditions exist in the SQLite
component due to the improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit these, via a specially crafted SQL query, to
execute arbitrary code. (CVE-2017-2518, CVE-2017-2520)

- A memory corruption issue exists in the SQLite component
when handling SQL queries. An unauthenticated, remote
attacker can exploit this, via a specially crafted SQL
query, to execute arbitrary code. (CVE-2017-2519)

- An unspecified memory corruption issue exists in the
TextInput component when parsing specially crafted data.
An unauthenticated, remote attacker can exploit this to
execute arbitrary code. (CVE-2017-2524)

- Multiple unspecified flaws exist in WebKit that allow
an unauthenticated, remote attacker to corrupt memory
and execute arbitrary code by using specially crafted
web content. (CVE-2017-2536)

- An unspecified flaw exists in the IOSurface component
that allows a local attacker to corrupt memory and
execute arbitrary code with kernel-level privileges.
(CVE-2017-6979)

- A logic error exists in the iBooks component due to
improper path validation for symlinks. A local attacker
can exploit this to execute arbitrary code with root
privileges. (CVE-2017-6981)

- An unspecified flaw exists in the Notifications
component that allows a local attacker to cause a denial
of service condition via a specially crafted
application. (CVE-2017-6982)

- Multiple memory corruption issues exist in SQLite due to
improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit these, by
convincing a user to visit a specially crafted website,
to execute arbitrary code.
(CVE-2017-6983, CVE-2017-6991)

- An unspecified flaw exists in the AVEVideoEncoder
component that allows a local attacker, via a specially
crafted application, to corrupt memory and execute
arbitrary code with kernel-level privileges.
(CVE-2017-6989)

- Multiple type confusion flaws exist in SQLite due to
improper validation of user-supplied input to 'snippet',
'offsets', and 'matchinfo'. An unauthenticated, remote
attacker can exploit these, by convincing a user to
visit a specially crafted website, to execute arbitrary
code. (CVE-2017-7000, CVE-2017-7001, CVE-2017-7002)

- An denial of service vulnerability exists in the
CoreText component due to improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit this, via a specially crafted file, to crash
an application. (CVE-2017-7003)

- A race condition exists when performing userspace
entitlement checks. A local attacker can exploit this to
bypass restrictions and send privileged XPC messages
without entitlements. (CVE-2017-7004)

- A memory corruption issue exists in the JavaScriptCore
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via specially crafted web content, to cause a
denial of service condition or the execution of
arbitrary code. (CVE-2017-7005)

See also :

https://support.apple.com/en-us/HT207798
http://seclists.org/fulldisclosure/2017/May/48

Solution :

Upgrade to Apple iOS version 10.3.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)