SB2017120703 - Multiple vulnerabilities in Apple iOS

Description

This security bulletin contains information about 14 secuirty vulnerabilities.

1) Key management errors (CVE-ID: CVE-2017-13080)

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

2) Out-of-bounds read (CVE-ID: CVE-2017-13833)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read in the kernel component. A local attacker can use a specially crafted application, trigger out-of-bounds read error and read arbitrary files.

3) Memory corruption (CVE-ID: CVE-2017-13847)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the IOKit component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2017-13855)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to memory handling error in the kernel component. A local attacker can use a specially crafted application, trigger memory handling error and read arbitrary files.

5) Information disclosure (CVE-ID: CVE-2017-13860)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to encryption error. A remote attacker in a privileged network position can trigger an encryption error with S/MIME credentials in the Mail Drafts component to intercept mail.

6) Memory corruption (CVE-ID: CVE-2017-13861)

The vulnerability allows a local attacker to execute arbitrary code o the target system.

The weakness exists due to boundary error in IOSurface. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Memory corruption (CVE-ID: CVE-2017-13862)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

8) Improper input validation (CVE-ID: CVE-2017-13865)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

9) Memory corruption (CVE-ID: CVE-2017-13867)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

10) Improper input validation (CVE-ID: CVE-2017-13868)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

11) Improper input validation (CVE-ID: CVE-2017-13869)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper input validation in the kernel component. A local attacker can use a specially crafted application, trigger input validation flaw and read arbitrary files.

12) Security restrictions bypass (CVE-ID: CVE-2017-13874)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to a S/MIME issue in the handling of encrypted email. A local attacker can cause incorrect certificate to be used for encryption.

13) Memory corruption (CVE-ID: CVE-2017-13876)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the kernel component. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

14) Memory corruption (CVE-ID: CVE-2017-13879)

The vulnerability allows a local attacker to execute arbitrary code o the target system.

The weakness exists due to boundary error in IOMobileFrameBuffer. A local attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT208334