Security Alert (A17-07-06): Multiple Vulnerabilities in Apple iOS


 

Published on: 24 July 2017

  
  

Description:

Apple has released software update fixing 47 vulnerabilities in iOS versions prior to iOS 10.3.3. These vulnerabilities are caused by the problems in various iOS components. There are multiple attack vectors, an attacker could entice a user to open a maliciously crafted archive, movie file, website, XML document or install a malicious application to exploit the vulnerabilities.

 

Affected Systems:

  • iPhone 5 and later
  • iPad 4 and later
  • iPod touch (6th generation) and later

 

Impact:

A successful attack could lead to arbitrary code execution, cross site scripting, denial of service, elevation of privilege, information disclosure or spoofing.

 

Recommendation:

The product vendor has released iOS 10.3.3 to address the issues.  Users can obtain the updates by using the auto-update mechanism.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-hk/HT207923
https://www.hkcert.org/my_url/zh/alert/17072001
https://www.us-cert.gov/ncas/current-activity/2017/07/19/Apple-Releases-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2517
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7006 (to CVE-2017-7013)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018 (to CVE-2017-7020)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7022 (to CVE-2017-7030)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037 (to CVE-2017-7043)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7046 (to CVE-2017-7049)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7052
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7055
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7056
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7058 (to CVE-2017-7064)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7068
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7069
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8248
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9417

 



Tag: Apple , iOS , iPad , iPhone , iPod
Tags