CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13903
https://notcve.org/view.php?id=CVE-2017-13903
An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 11.2.1 y las versiones de tvOS anteriores a la 11.2.1. • http://www.securityfocus.com/bid/102182 http://www.securitytracker.com/id/1040008 https://support.apple.com/HT208357 https://support.apple.com/HT208359 https://www.engadget.com/2017/12/21/apple-ignored-a-major-homekit-security-flaw-for-six-weeks •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2017-13861 – Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
https://notcve.org/view.php?id=CVE-2017-13861
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de tvOS anteriores a la 11.2 y las versiones de watchOS anteriores a la 4.2 se han visto afectadas. • https://www.exploit-db.com/exploits/43320 http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html http://www.securityfocus.com/bid/102134 http://www.securitytracker.com/id/1039952 http://www.securitytracker.com/id/1039953 https://support.apple.com/HT208325 https://support.apple.com/HT208327 https://support.apple.com/HT208334 https://github.com/saelo/cve-2018-4233 https://github.com/phoenhex/files/tree/master/exploits/ios-11.3.1 https://bugs& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-13855 – Apple macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
https://notcve.org/view.php?id=CVE-2017-13855
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las versiones de tvOS anteriores a la 11.2 y las versiones de watchOS anteriores a la 4.2 se han visto afectadas. • https://www.exploit-db.com/exploits/43318 http://www.securityfocus.com/bid/102100 http://www.securitytracker.com/id/1039952 http://www.securitytracker.com/id/1039953 http://www.securitytracker.com/id/1039966 https://support.apple.com/HT208325 https://support.apple.com/HT208327 https://support.apple.com/HT208331 https://support.apple.com/HT208334 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13862
https://notcve.org/view.php?id=CVE-2017-13862
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las versiones de tvOS anteriores a la 11.2 y las versiones de watchOS anteriores a la 4.2 se han visto afectadas. • http://www.securityfocus.com/bid/102100 http://www.securitytracker.com/id/1039952 http://www.securitytracker.com/id/1039953 http://www.securitytracker.com/id/1039966 https://support.apple.com/HT208325 https://support.apple.com/HT208327 https://support.apple.com/HT208331 https://support.apple.com/HT208334 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 3CVE-2017-13868 – Apple macOS High Sierra 10.13 - 'ctl_ctloutput-leak' Information Leak
https://notcve.org/view.php?id=CVE-2017-13868
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.2, las versiones de macOS anteriores a la 10.13.2, las versiones de tvOS anteriores a la 11.2 y las versiones de watchOS anteriores a la 4.2 se han visto afectadas. • https://www.exploit-db.com/exploits/44234 http://www.securityfocus.com/bid/102100 http://www.securitytracker.com/id/1039952 http://www.securitytracker.com/id/1039953 http://www.securitytracker.com/id/1039966 https://bazad.github.io/2018/03/a-fun-xnu-infoleak https://github.com/bazad/ctl_ctloutput-leak https://support.apple.com/HT208325 https://support.apple.com/HT208327 https://support.apple.com/HT208331 https://support.apple.com/HT208334 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •