exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2017-07-19-1

Apple Security Advisory 2017-07-19-1
Posted Jul 20, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-07-19-1 - iOS 10.3.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | cisco, apple, ios
advisories | CVE-2017-2517, CVE-2017-7006, CVE-2017-7007, CVE-2017-7008, CVE-2017-7009, CVE-2017-7010, CVE-2017-7011, CVE-2017-7012, CVE-2017-7013, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7022, CVE-2017-7023, CVE-2017-7024, CVE-2017-7025, CVE-2017-7026, CVE-2017-7027, CVE-2017-7028, CVE-2017-7029, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042
SHA-256 | a2d4b5826b831607a1a8366303cee291dd5ca20677f208e056fb175e2afb1cea

Apple Security Advisory 2017-07-19-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-1 iOS 10.3.3

iOS 10.3.3 is now available and addresses the following:

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A buffer overflow issue was addressed through improved
memory handling.
CVE-2017-7062: Shashank (@cyberboyIndia)

CoreAudio
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
bounds checking.
CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team

EventKitUI
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may cause an unexpected application
termination
Description: A resource exhaustion issue was addressed through
improved input validation.
CVE-2017-7007: JosA(c) Antonio Esteban (@Erratum_) of Sapsi Consultores

IOUSBFamily
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7022: an anonymous researcher
CVE-2017-7024: an anonymous researcher
CVE-2017-7026: an anonymous researcher

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7023: an anonymous researcher
CVE-2017-7025: an anonymous researcher
CVE-2017-7027: an anonymous researcher
CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-7028: an anonymous researcher
CVE-2017-7029: an anonymous researcher

libarchive
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: A buffer overflow was addressed through improved bounds
checking.
CVE-2017-7068: found by OSS-Fuzz

libxml2
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user information
Description: An out-of-bounds read was addressed through improved
bounds checking.
CVE-2017-7010: Apple
CVE-2017-7013: found by OSS-Fuzz

libxpc
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-7047: Ian Beer of Google Project Zero

Messages
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may cause an unexpected application
termination
Description: A memory consumption issue was addressed through
improved memory handling.
CVE-2017-7063: Shashank (@cyberboyIndia)

Notifications
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Notifications may appear on the lock screen when disabled
Description: A lock screen issue was addressed with improved state
management.
CVE-2017-7058: Beyza SevinASS of SA1/4leyman Demirel Aniversitesi

Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-2517: xisigr of Tencent's Xuanwu Lab (tencent.com)

Safari
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to an
infinite number of print dialogs
Description: An issue existed where a malicious or compromised
website could show infinite print dialogs and make users believe
their browser was locked. The issue was addressed through throttling
of print dialogs.
CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana

Telephony
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-8248

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A malicious website may exfiltrate data cross-origin
Description: Processing maliciously crafted web content may allow
cross-origin data to be exfiltrated by using SVG filters to conduct a
timing side-channel attack. This issue was addressed by not painting
the cross-origin buffer into the frame that gets filtered.
CVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous
researcher

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A state management issue was addressed with improved
frame handling.
CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7018: lokihardt of Google Project Zero
CVE-2017-7020: likemeng of Baidu Security Lab
CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab
(eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?)
CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab
(eeeaea*'ae-aa1'a(r)a"a(r)eaa(r)$?)
CVE-2017-7037: lokihardt of Google Project Zero
CVE-2017-7039: Ivan Fratric of Google Project Zero
CVE-2017-7040: Ivan Fratric of Google Project Zero
CVE-2017-7041: Ivan Fratric of Google Project Zero
CVE-2017-7042: Ivan Fratric of Google Project Zero
CVE-2017-7043: Ivan Fratric of Google Project Zero
CVE-2017-7046: Ivan Fratric of Google Project Zero
CVE-2017-7048: Ivan Fratric of Google Project Zero
CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
CVE-2017-7056: lokihardt of Google Project Zero
CVE-2017-7061: lokihardt of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-7064: lokihardt of Google Project Zero

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content with DOMParser may
lead to cross site scripting
Description: A logic issue existed in the handling of DOMParser. This
issue was addressed with improved state management.
CVE-2017-7038: Egor Karbutov (@ShikariSenpai) of Digital Security and
Egor Saltykov (@ansjdnakjdnajkd) of Digital Security, Neil Jenkins of
FastMail Pty Ltd
CVE-2017-7059: an anonymous researcher

WebKit
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-7049: Ivan Fratric of Google Project Zero

WebKit Page Loading
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department

WebKit Web Inspector
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7012: Apple

Wi-Fi
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "10.3.3".

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGpo4QAJ2hfs2yF+Iia3g7giHDBfd2
j8FJ8HvENOOaKGn1RkF6AR7l5QJI25LvnO0pjQh7pzUUCDLXg3e/eb0DNiVtVg5J
shJOVSRGR7tq3V+OUZ1QNwsG6YRjxE+vseThHalVy1loox072N6qilEHvGY4RWIr
yFPLCvSDKERldls2cVsaOiNo9VTPCj1tJyLHbqShFDzuR4jYgIgnS6kb8nvgbjIo
Cnl+VwDClj7aMBG2Hq4QkEq6zUW261fU8DN4VM/qtISV2H4VkrOxrTwDQCKihQ+l
qa+ylvg+PTQ2dvjgBxxm+znmiB6gpa2kPJcU9VgujjEUAoaZgE2Hopay65JPw9G0
nrtBvyMPtv+StxgD/UCm2J5PiIZfMrzHxt+GlauUwrGXdRJYJ6FsJla55wVygxd4
WsrUj03qS/jc6B2wkF1smOsHPgUUVlK05PvuK6bTmDwRPH9/ybIIIlUFx5mXj4jS
wSiVHe0DRaJkWxcLx6p2HJaY2OnUJAFGfOfLBcTkxCoPkt/Wdain8k2eAtrIGCs1
AFCOqXxOo30aaUD9qUkX42fr6bE1N8gfMN36f8VGyv5e4gz5snljQ8arAD1+eFyh
vE+N3JdR/rfM4KnCTAmOQcyEIZXB48rEwWOVnHVqYf6qyyw2W5+pseKEkU5+4R/a
GcaYRxNitIzBC6tAXWPF
=LiU+
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close