CVE-2017-2456
published 2017-04-02CVE-2017-2456: An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before…
PriorityP343high7CVSS 3.0
AVLACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
4.24%
89.8th percentile
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 10.2.1 | — |
| apple | mac_os_x | <= 10.12.3 | — |
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| apple | tvos | <= 10.1.1 | — |
| apple | tvos | — | — |
| apple | watchos | <= 3.1.3 | — |
| apple | watchos | — | — |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2017-2456: iOS 10.3
vendor_apple·2017-03-27·CVSS 7.0
CVE-2017-2456 [HIGH] CVE-2017-2456: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2017-2456
Component: Kernel
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: A race condition was addressed through improved memory handling.
Apple
CVE-2017-2456: tvOS 10.2
vendor_apple·2017-03-27·CVSS 7.0
CVE-2017-2456 [HIGH] CVE-2017-2456: tvOS 10.2
Apple Security Update: About the security content of tvOS 10.2
Product: tvOS
Version: 10.2
CVE: CVE-2017-2456
Component: Kernel
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: A race condition was addressed through improved memory handling.
Apple
CVE-2017-2456: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 7.0
CVE-2017-2456 [HIGH] CVE-2017-2456: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2017-2456
Component: Kernel
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: A race condition was addressed through improved memory handling.
Apple
CVE-2017-2456: watchOS 3.2
vendor_apple·2017-03-27·CVSS 7.0
CVE-2017-2456 [HIGH] CVE-2017-2456: watchOS 3.2
Apple Security Update: About the security content of watchOS 3.2
Product: watchOS
Version: 3.2
CVE: CVE-2017-2456
Component: Kernel
Impact: A malicious application may be able to execute arbitrary code with root privileges
Description: A race condition was addressed through improved memory handling.
GHSA
GHSA-7vvv-74qg-3w2h: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-14
CVE-2017-2456 [HIGH] CWE-362 GHSA-7vvv-74qg-3w2h: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Project0
Splitting atoms in XNU - Project Zero
project_zero·2019-04-01
CVE-2017-2456 Splitting atoms in XNU - Project Zero
Posted by Ian Beer, Google Project Zero
##
TL;DR
A locking bug in the XNU virtual memory subsystem allowed violation of the preconditions required for the correctness of an optimized virtual memory operation. This was abused to create shared memory where it wasn't expected, allowing the creation of a time-of-check-time-of-use bug where one wouldn't usually exist. This was exploited to cause a heap overflow in XPC, which was used to trigger the execution of a jump-oriented payload which chained together arbitrary function calls in an unsandboxed root process, even in the presence of Apple's implementation of ARM's latest Pointer Authentication Codes (PAC) hardware mitigation. The payload opened a privileged socket and sent the file descriptor back to the sandboxed process, where it was u
No detection rules found.
Bugzilla
CVE-2017-7809 Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19)
bugzilla·2017-08-09·CVSS 9.8
CVE-2017-7809 [CRITICAL] CVE-2017-7809 Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19)
CVE-2017-7809 Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19)
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7809
Discussion:
Acknowledgments:
Name: The Mozilla Project
Upstream: Nils
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://access.
Bugzilla
CVE-2017-7792 Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 9.8
CVE-2017-7792 [CRITICAL] CVE-2017-7792 Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
CVE-2017-7792 Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
A buffer overflow with occur when viewing a certificate in the certificate manager if the certificate has a very long object identifier (OID). This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7792
Acknowledgements:
Name: the Mozilla project
Upstream: Fraser Tweedale
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://acces
Bugzilla
CVE-2017-7801 Mozilla: Use-after-free with marquee during window resizing
bugzilla·2017-08-08·CVSS 9.8
CVE-2017-7801 [CRITICAL] CVE-2017-7801 Mozilla: Use-after-free with marquee during window resizing
CVE-2017-7801 Mozilla: Use-after-free with marquee during window resizing
A use-after-free vulnerability while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7801
Acknowledgements:
Name: the Mozilla project
Upstream: Nils
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://access.redha
Bugzilla
CVE-2017-7802 Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 9.8
CVE-2017-7802 [CRITICAL] CVE-2017-7802 Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
CVE-2017-7802 Mozilla: Use-after-free resizing image elements (MFSA 2017-19)
A use-after-free vulnerability when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7802
Acknowledgements:
Name: the Mozilla project
Upstream: Nils
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linu
Bugzilla
CVE-2017-7791 Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 5.3
CVE-2017-7791 [MEDIUM] CVE-2017-7791 Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
CVE-2017-7791 Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
The `data:` protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, allowing for the spoofing of the origin of the iframe content.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7791
Acknowledgements:
Name: the Mozilla project
Upstream: Jose María Acuña
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2
Bugzilla
CVE-2017-7800 Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 9.8
CVE-2017-7800 [CRITICAL] CVE-2017-7800 Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)
CVE-2017-7800 Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19)
A use-after-free vulnerability in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7800
Acknowledgements:
Name: the Mozilla project
Upstream: Looben Yang
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://access.redhat.com/errat
Bugzilla
CVE-2017-7784 Mozilla: Use-after-free with image observers (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 9.8
CVE-2017-7784 [CRITICAL] CVE-2017-7784 Mozilla: Use-after-free with image observers (MFSA 2017-19)
CVE-2017-7784 Mozilla: Use-after-free with image observers (MFSA 2017-19)
A use-after-free vulnerability when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7784
Acknowledgements:
Name: the Mozilla project
Upstream: Nils
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://access.redhat.com/errata/RHSA-2017:2534
Bugzilla
CVE-2017-7798 Mozilla: XUL injection in the style editor in devtools (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 8.8
CVE-2017-7798 [HIGH] CVE-2017-7798 Mozilla: XUL injection in the style editor in devtools (MFSA 2017-19)
CVE-2017-7798 Mozilla: XUL injection in the style editor in devtools (MFSA 2017-19)
The Developer Tools feature suffered from XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case this could allow arbitrary code execution when opening a malicious page with the style editor tool.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798
Acknowledgements:
Name: the Mozilla project
Upstream: Frederik Braun
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
Bugzilla
CVE-2017-7803 Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 7.5
CVE-2017-7803 [HIGH] CVE-2017-7803 Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)
CVE-2017-7803 Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19)
When a page’s content security policy (CSP) header contains a `sandbox` directive other directives are ignored. This results in the incorrect enforcement of CSP directives.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7803
Acknowledgements:
Name: the Mozilla project
Upstream: Rhys Enniks
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://access.redhat.co
Bugzilla
CVE-2017-7786 Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 9.8
CVE-2017-7786 [CRITICAL] CVE-2017-7786 Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
CVE-2017-7786 Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7786
Acknowledgements:
Name: the Mozilla project
Upstream: Nils
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534 https://access.redhat.com/errata/RHSA-2017:2534
---
Honestly impr
Bugzilla
CVE-2017-7807 Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
bugzilla·2017-08-08·CVSS 8.1
CVE-2017-7807 [HIGH] CVE-2017-7807 Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
CVE-2017-7807 Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7807
Acknowledgements:
Name: the Mozilla project
Upstream: Mathias Karlsson
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Via RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2456
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:2534
http://www.securityfocus.com/bid/97137http://www.securitytracker.com/id/1038138https://bugs.chromium.org/p/project-zero/issues/detail?id=1083https://support.apple.com/HT207601https://support.apple.com/HT207602https://support.apple.com/HT207615https://support.apple.com/HT207617https://www.exploit-db.com/exploits/41778/http://www.securityfocus.com/bid/97137http://www.securitytracker.com/id/1038138https://bugs.chromium.org/p/project-zero/issues/detail?id=1083https://support.apple.com/HT207601https://support.apple.com/HT207602https://support.apple.com/HT207615https://support.apple.com/HT207617https://www.exploit-db.com/exploits/41778/
2017-04-02
Published