Apple iOS < 10.3.3 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The version of Apple iOS running on the mobile device is affected by
multiple vulnerabilities.

Description :

The version of Apple iOS running on the mobile device is prior to
10.3.3. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in Safari due to inconsistent user
interface behavior. An unauthenticated, remote attacker
can exploit this, via a malicious website, to spoof the
address bar. (CVE-2017-2517)

- An information disclosure vulnerability exists in the
WebKit component due to improper handling of SVG
filters. An unauthenticated, remote attacker can exploit
this, via a timing side-channel attack, to disclose
sensitive cross-domain information. (CVE-2017-7006)

- A denial of service vulnerability exists in the
EventKitUI component that allows an unauthenticated,
remote attacker to exhaust available resources, causing
an application to terminate. (CVE-2017-7007)

- A remote code execution vulnerability exists in the
CoreAudio component due to improper validation of
user-supplied input when handling movie files. An
unauthenticated, remote attacker can exploit this, by
convincing a user to play a specially crafted movie
file, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2017-7008)

- A memory corruption issue exists in the IOUSBFamily
component due to improper validation of user-supplied
input. A local attacker can exploit this, via a
specially crafted application, to cause a denial of
service condition or the execution of arbitrary code.
(CVE-2017-7009)

- Multiple out-of-bounds read errors exist in the libxml2
component due to improper handling of specially crafted
XML documents. An unauthenticated, remote attacker can
exploit these to disclose user information.
(CVE-2017-7010, CVE-2017-7013)

- A unspecified flaw exists in the Webkit component that
allows an unauthenticated, remote attacker to spoof the
address bar via a malicious website. (CVE-2017-7011)

- Multiple memory corruption issues exist in the Webkit
Web Inspector component due to improper validation of
user-supplied input. An unauthenticated, remote attacker
can exploit these, via a specially crafted web page, to
corrupt memory, resulting in the execution of arbitrary
code. (CVE-2017-7012)

- Multiple memory corruption issues exist in the WebKit
component due to improper validation of input. An
unauthenticated, remote attacker can exploit these
issues, via a specially crafted web page, to execute
arbitrary code. (CVE-2017-7018, CVE-2017-7020,
CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
CVE-2017-7039, CVE-2017-7040, CVE-2017-7041,
CVE-2017-7042, CVE-2017-7043, CVE-2017-7046,
CVE-2017-7048, CVE-2017-7049, CVE-2017-7052,
CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)

- A memory corruption issue exists in the 'WebKit Page
Loading' component due to improper validation of input.
An unauthenticated, remote attacker can exploit this,
via a specially crafted web page, to execute arbitrary
code. (CVE-2017-7019)

- Multiple memory corruption issues exist in the kernel
due to improper validation of input. A local attacker
can exploit these issues to cause a denial of service
condition or the execution of arbitrary code with system
privileges. (CVE-2017-7022, CVE-2017-7024,
CVE-2017-7026)

- Multiple memory corruption issues exist in the kernel
due to improper validation of input. A local attacker
can exploit these issues to cause a denial of service
condition or the execution of arbitrary code with kernel
privileges. (CVE-2017-7023, CVE-2017-7025,
CVE-2017-7027, CVE-2017-7069)

- Multiple unspecified flaws exist in the kernel due to a
failure to properly sanitize input. A local attacker can
exploit these issues, via a specially crafted
application, to disclose restricted memory.
(CVE-2017-7028, CVE-2017-7029)

- Multiple cross-site scripting (XSS) vulnerabilities
exist in the WebKit component in the DOMParser due to
improper validation of user-supplied input before
returning it to users. An unauthenticated, remote
attacker can exploit these issue, via a specially
crafted URL, to execute arbitrary script code in a
user's browser session. (CVE-2017-7038, CVE-2017-7059)

- A memory corruption issue exists in the libxpc component
due to improper validation of input. A local attacker
can exploit this issue, via a specifically crafted
application, to cause a denial of service condition or
the execution of arbitrary code with system privileges.
(CVE-2017-7047)

- An information disclosure vulnerability exists due to
the device displaying notifications on the lock screen
even when disabled. A local attacker can exploit this to
gain potentially sensitive information. (CVE-2017-7058)

- A denial of service vulnerability exists in Safari
printing when handling a specially crafted web page that
results in creating an infinite number of print dialogs.
An unauthenticated, remote attacker can exploit this
to cause a user to believe that the browser has locked
up. (CVE-2017-7060)

- A buffer overflow condition exists in the Contacts
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this to cause a denial of service condition or the
execution of arbitrary code. (CVE-2017-7062)

- A denial of service vulnerability exists in the Messages
component due to improper handling of memory. An
unauthenticated, remote attacker can exploit this to
consume excessive resources, resulting in an unexpected
application termination. (CVE-2017-7063)

- An unspecified memory initialization issue exists in
Webkit. A local attacker can exploit this, via a
specially crafted application, to disclose the contents
of restricted memory. (CVE-2017-7064)

- A buffer overflow condition exists in the libarchive
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this, via a specially crafted archive file, to cause a
denial of service condition or the execution of
arbitrary code. (CVE-2017-7068)

- A memory corruption issue exists in the Telephony
component due to improper validation of user-supplied
input. A man-in-the-middle attacker can exploit this to
cause a denial of service condition or the execution of
arbitrary code. (CVE-2017-8248)

- A memory corruption issue exists in the Broadcom BCM43xx
family Wi-Fi Chips component that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2017-9417)

See also :

https://support.apple.com/en-us/HT207923
http://www.zerodayinitiative.com/advisories/ZDI-17-489/

Solution :

Upgrade to Apple iOS version 10.3.3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)