Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Apple Updates Everything. Again. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple Updates Everything. Again.

After a rushed release of iOS 11.2 over the weekend to fix a "December 2nd Crash" bug, and last weeks special update to fix the passwordless root authentication bypass in macOS, Apple today released its official set of security updates. With this, we also received details about the security issues patched in iOS this weekend. Apple's different operating systems share a lot of code with each other, and as a result, they also share some vulnerabilities. I am trying to organize the details in a table below (starting with macOS. Others will be added soon)

Apple's security updates can be found here: https://support.apple.com/en-us/HT201222

Overview

Component CVE MacOS, OS X iOS tvOS watchOS
Mail Drafts CVE 2017-13860 X X    
IOKit CVE 2017-13847 X X    
Kernel CVE 2017-13862 X X X X
Kernel CVE 2017-13876 X X X X
Kernel CVE 2017-13867 X X X X
Kernel CVE 2017-13869 X X X X
OpenSSL CVE 2017-3735 X      
Kernel CVE 2017-13868 X X X X
Mail CVE 2017-13874   X    
Kernel CVE 2017-13833 X X X X
Wi-Fi CVE 2017-13080   X X X
Kernel CVE 2017-13865 X X X X
IOKit CVE 2017-13858 X      
IOAcceleratorFamily CVE 2017-13844 X      
Intel Graphics Driver CVE 2017-13883 X      
Kernel CVE 2017-13855 X X X X
curl CVE 2017-1000254 X      
Intel Graphics Driver CVE 2017-13878 X      
Directory Utility CVE 2017-13872 X      
Intel Graphics Driver CVE 2017-13875 X      
IOKit CVE 2017-13848 X      
Mail CVE 2017-13871 X      
IOMobileFrameBuffer CVE 2017-13879   X    
apache CVE 2017-9798 X      
IOSurface CVE 2017-13861   X X X
Screen Sharing Server CVE 2017-13826 X      

MacOS / OS X

Component High Sierra Sierra El Capitan Impact Description CVE
Apache x x x Processing a maliciously crafted Apache configuration directive may result in the disclosure of process memory Multiple issues were addressed by updating to version 2.4.28. CVE 2017-9798
cURL x x x Malicious FTP servers may be able to cause the client to read out-of-bounds memory An out-of-bounds read issue existed in the FTP PWD response parsing. This issue was addressed with improved bounds checking. CVE 2017-1000254
Directory Utility x     An attacker may be able to bypass administrator authentication without supplying the administrator’s password

A logic error existed in the validation of credentials. This was addressed with improved credential validation.
(this is the "password-less root" patch released last week)

CVE 2017-13872
Intel Graphics Driver x     An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13883
Intel Graphics Driver x     A local user may be able to cause unexpected system termination or read kernel memory An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE 2017-13878
Intel Graphics Driver x     An application may be able to execute arbitrary code with system privileges An out-of-bounds read was addressed through improved bounds checking. CVE 2017-13875
IOAcceleratorFamily x x x An application may be able to execute arbitrary code with system privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13844
IOKit x     An application may be able to execute arbitrary code with system privileges An input validation issue existed in the kernel. This issue was addressed through improved input validation. CVE 2017-13848,CVE 2017-13858
IOKit x x x An application may be able to execute arbitrary code with system privileges Multiple memory corruption issues were addressed through improved state management. CVE 2017-13847
Kernel x x x An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13862
Kernel x x x An application may be able to read restricted memory An out-of-bounds read was addressed with improved bounds checking. CVE 2017-13833
Kernel x     An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13876
Kernel x x x An application may be able to read restricted memory A type confusion issue was addressed with improved memory handling. CVE 2017-13855
Kernel x x x A malicious application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13867
Kernel x     An application may be able to read restricted memory A validation issue was addressed with improved input sanitization. CVE 2017-13865
Kernel x x x An application may be able to read restricted memory A validation issue was addressed with improved input sanitization. CVE 2017-13868,CVE 2017-13869
Mail x     A S/MIME encrypted email may be inadvertently sent unencrypted if the receiver's S/MIME certificate is not installed An inconsistent user interface issue was addressed with improved state management. CVE 2017-13871
Mail Drafts x     An attacker with a privileged network position may be able to intercept mail An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE 2017-13860
OpenSSL x x x An application may be able to read restricted memory An out-of-bounds read issue existed in X.509 IPAddressFamily parsing. This issue was addressed with improved bounds checking. CVE 2017-3735

iOS

Component Affected Models Impact Description CVE
IOKit iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to execute arbitrary code with system privileges Multiple memory corruption issues were addressed through improved state management. CVE 2017-13847
IOMobileFrameBuffer iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to execute arbitrary code with kernel privilege A memory corruption issue was addressed with improved memory handling. CVE 2017-13879
IOSurface iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13861
Kernel iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13862,CVE 2017-13876
Kernel iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to read restricted memory An out-of-bounds read was addressed with improved bounds checking. CVE 2017-13833
Kernel iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to read restricted memory A type confusion issue was addressed with improved memory handling. CVE 2017-13855
Kernel iPhone 5s and later, iPad Air and later, and iPod touch 6th generation A malicious application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13867
Kernel iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An application may be able to read restricted memory Multiple validation issues were addressed with improved input sanitization. CVE 2017-13865,CVE 2017-13868,CVE 2017-13869
Mail iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Incorrect certificate is used for encryption A S/MIME issue existed in the handling of encrypted email. This issue was addressed through improved selection of the encryption certificate. CVE 2017-13874
Mail Drafts iPhone 5s and later, iPad Air and later, and iPod touch 6th generation An attacker with a privileged network position may be able to intercept mail An encryption issue existed with S/MIME credetials. The issue was addressed with additional checks and user control. CVE 2017-13860
Wi-Fi iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, 12.9-inch iPad Pro 1st generation, iPad Air 2, iPad Air, iPad 5th generation, iPad mini 4, iPad mini 3, iPad mini 2, and iPod touch 6th generation
Released for iPhone 7 and later and iPad Pro 9.7-inch (early 2016) and later in iOS 11.1.
An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE 2017-13080

Apple TV

Component Affected Models Impact Description CVE
IOSurface Apple TV 4K and Apple TV (4th generation) An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13861
Kernel Apple TV 4K and Apple TV (4th generation) An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13862,CVE 2017-13876
Kernel Apple TV 4K and Apple TV (4th generation) An application may be able to read restricted memory An out-of-bounds read was addressed with improved bounds checking. CVE 2017-13833
Kernel Apple TV 4K and Apple TV (4th generation) An application may be able to read restricted memory A type confusion issue was addressed with improved memory handling. CVE 2017-13855
Kernel Apple TV 4K and Apple TV (4th generation) A malicious application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13867
Kernel Apple TV 4K and Apple TV (4th generation) An application may be able to read restricted memory Multiple validation issues were addressed with improved input sanitization. CVE 2017-13865,CVE 2017-13868,CVE 2017-13869
Wi-Fi Apple TV (4th generation) An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE 2017-13080

Watch OS

Component Affected Models Impact Description CVE
IOSurface All  An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13861
Kernel All  An application may be able to execute arbitrary code with kernel privileges A memory corruption issue was addressed with improved memory handling. CVE 2017-13862,CVE 2017-13876
Kernel All  An application may be able to read restricted memory An out-of-bounds read was addressed with improved bounds checking. CVE 2017-13833
Kernel All  An application may be able to read restricted memory A type confusion issue was addressed with improved memory handling. CVE 2017-13855
Kernel All    A memory corruption issue was addressed with improved memory handling. CVE 2017-13867
Kernel All  An application may be able to read restricted memory A validation issue was addressed with improved input sanitization. CVE 2017-13865,CVE 2017-13868,CVE 2017-13869
Wi-Fi 1st Gen and
Series 3
An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE 2017-13080

 

---
Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute
STI|Twitter|

 
 
 
 
 
 
 
 
 
 
 
 
Johannes

3129 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!