Tenable700034.PRMApple iOS < 10.3 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.7%
The version of iOS running on the mobile device is prior to 10.3, and is affected by multiple vulnerabilities :
- An unspecified state management flaw exists that may allow a context-dependent attacker to spoof the address bar. No further details have been provided. (CVE-2017-2376)
- An unspecified flaw exists in the handling of HTTP authentication. This may allow a context-dependent attacker to display authentication sheets on arbitrary web sites and cause a denial of service. (CVE-2017-2389)
- A flaw exists in the password-protected PDF export feature that is triggered as a weak encryption algorithm is used. This may allow an attacker with access to a password-protected document to potentially disclose the document content. (CVE-2017-2391)
- A flaw exists in the ‘SecKeyRawVerify()’ function that is triggered as parameters are not properly validated during the handling of cryptographic API calls. This may allow a remote attacker to have an empty signature be accepted as valid. (CVE-2017-2423)
Additional flaws exist in the following components :
- Carbon (CVE-2017-2379)
- CoreGraphics (CVE-2017-2417)
- DataAccess (CVE-2017-2414)
- FontParser (CVE-2017-2406, CVE-2017-2407)
- iCloud (CVE-2017-2397)
- ImageIO (CVE-2017-2416)
- iTunes Store (CVE-2017-2412)
- Kernel (CVE-2017-2398, CVE-2017-2401, CVE-2017-2490)
- libarchive (CVE-2017-2390)
- Pasteboard (CVE-2017-2399)
- Quick Look (CVE-2017-2404)
- Safari (CVE-2017-2384, CVE-2017-2393, CVE-2017-2400)
- Webkit (CVE-2017-2367, CVE-2017-2378, CVE-2017-2386, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2424, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2476, CVE-2017-2481)
Binary data 700034.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2396
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2430
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2461
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2462
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2464
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2465
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2467
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2469
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2471
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2472
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2473
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2474
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2475
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2476
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2486
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2490
support.apple.com/en-us/HT207600
support.apple.com/en-us/HT207601
support.apple.com/en-us/HT207602
support.apple.com/en-us/HT207617
threatpost.com/apple-fixes-223-vulnerabilities-across-macos-ios-safari/124599
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.7%