TTCSIRT-057.110217: TT-CSIRT Advisory – Apple Security Updates

TTCSIRT-057.110217: TT-CSIRT Advisory – Apple Security Updates

Multiple vulnerabilities have been discovered in iCloud for Windows, iOS, iTunes for Windows, macOS High Sierra, Siera, El Capitan, Safari, tvOS and watchOS, the most severe of which could allow for arbitrary code execution.

Details of these vulnerabilities are as follows:

– Multiple memory corruption issues were addressed with improved memory handling – (CVE-2017-7132)

– A denial of service issue was addressed through improved memory handling – (CVE-2017-13849)

– A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management – (CVE-2017-13844)

– An issue existed with Siri permissions. This was addressed with improved permission (CVE-2017-13805)

– A path handling issue was addressed with improved validation – (CVE-2017-13804)

– The characters in a secure text field were revealed during focus change events. This issue was addressed through improved state management – (CVE-2017-7113)

– A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2 – (CVE-2017-13832)

– Multiple issues were addressed by updating to Apache version 2.4.27 – (CVE-2016-0736)

– An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation – (CVE-2017-13786)

– A validation issue was addressed with improved input sanitization – (CVE-2017-13809)

– Multiple memory corruption issues were addressed with improved input validation – (CVE-2017-13820, CVE-2017-13834)

– An out-of-bounds read was addressed with improved bounds checking – (CVE-2017-1000100, CVE-2017-1000101)

– A validation issue existed which allowed local file access. This was addressed with input sanitization – (CVE-2017-13801)

– Multiple issues were addressed by updating to file version 5.31 – (CVE-2017-13815)

– An inconsistent user interface issue was addressed with improved state management – (CVE-2017-13828)

– A validation issue existed in the handling of the KDC-REP service name. This issue was addressed through improved validation – (CVE-2017-11103)

– A cross-site scripting issue existed in HelpViewer. This issue was addressed by removing the affected file – (CVE-2017-13819)

– An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management – (CVE-2017-13831)

– A permissions issue existed in kernel packet counters. This issue was addressed through improved permission validation – (CVE-2017-13810)

– An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation – (CVE-2017-13817)

– validation issue was addressed with improved input sanitization – (CVE-2017-13818)

– A buffer overflow issue was addressed through improved memory handling – (CVE-2017-13813, CVE-2017-13816)

– Multiple memory corruption issues existed in libarchive. These issues were addressed through improved input validation – (CVE-2017-13812)

– Multiple validation issues were addressed with improved input sanitization – (CVE-2016-4736)

– Multiple issues were addressed by updating to PCRE version 8.40 – (CVE-2017-13846)

– Multiple issues were addressed by updating to Postfix version 3.2.2 – (CVE-2017-13826)

– Multiple issues were addressed by updating to tcpdump version 4.9.2 – (CVE-2017-11108)

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2017-106/