CVE-2017-2501 – Apple macOS/iOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
https://notcve.org/view.php?id=CVE-2017-2501
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • https://www.exploit-db.com/exploits/42054 http://www.securityfocus.com/bid/98468 http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 https://support.apple.com/HT207798 https://support.apple.com/HT207800 https://support.apple.com/HT207801 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-2513
https://notcve.org/view.php?id=CVE-2017-2513
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement. Un problema fue descubierto en ciertos productos de Apple. iOS versión anterior a 10.3.2 se ve afectado. MacOS versión anterior a 10.12.5 se ve afectado. • http://www.securityfocus.com/bid/98468 http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 https://support.apple.com/HT207798 https://support.apple.com/HT207800 https://support.apple.com/HT207801 • CWE-416: Use After Free •
CVE-2017-2527 – Apple macOS/iOS - 'CAMediaTimingFunctionBuiltin' NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking
https://notcve.org/view.php?id=CVE-2017-2527
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • https://www.exploit-db.com/exploits/42052 http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2542 – Apple macOS AppleMultitouchDevice Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-2542
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-2537 – Apple macOS WindowServer Dragging Space Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-2537
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se descubrió un problema en ciertos productos de Apple. MacOS anterior a versión 10.12.5 está afectado. • http://www.securitytracker.com/id/1038484 https://support.apple.com/HT207797 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •