Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2017-2375: About the security content of iOS 10.2.1

An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.

CVE
#web#ios#apple#google

Released January 23, 2017

APNs Server

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An attacker in a privileged network position can track a user’s activity

Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling.

CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM)

Entry added March 28, 2017

Call History

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Updates for CallKit call history are sent to iCloud

Description: An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic.

CVE-2017-2375: Elcomsoft

Entry added February 21, 2017

Contacts

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing a maliciously crafted contact card may lead to unexpected application termination

Description: An input validation issue existed in the parsing of contact cards. This issue was addressed through improved input validation.

CVE-2017-2368: Vincent Desmurs (vincedes3)

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2370: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2360: Ian Beer of Google Project Zero

libarchive

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2016-8687: Agostino Sarubbo of Gentoo

Unlock with iPhone

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Apple Watch may unlock when off the user’s wrist

Description: A logic issue was addressed through improved state management.

CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd

Entry updated January 25, 2017

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A prototype access issue was addressed through improved exception handling.

CVE-2017-2350: Gareth Heyes of Portswigger Web Security

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2017-2354: Neymar of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative

CVE-2017-2362: Ivan Fratric of Google Project Zero

CVE-2017-2373: Ivan Fratric of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory initialization issue was addressed through improved memory handling.

CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved input validation.

CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016

CVE-2017-2369: Ivan Fratric of Google Project Zero

CVE-2017-2366: Kai Kang of Tencent’s Xuanwu Lab (tencent.com)

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of page loading. This issue was addressed through improved logic.

CVE-2017-2363: lokihardt of Google Project Zero

CVE-2017-2364: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: A malicious website can open popups

Description: An issue existed in the handling of blocking popups. This was addressed through improved input validation.

CVE-2017-2371: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: Processing maliciously crafted web content may exfiltrate data cross-origin

Description: A validation issue existed in the handling of variable handling. This issue was addressed through improved validation.

CVE-2017-2365: lokihardt of Google Project Zero

Wi-Fi

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later

Impact: An activation-locked device can be manipulated to briefly present the home screen

Description: An issue existed with handling user input that caused a device to present the home screen even when activation locked. This was addressed through improved input validation.

CVE-2017-2351: Hemanth Joseph, Sriram (@Sri_Hxor) of Primefort Pvt. Ltd., Mohamd Imran

Entry updated February 21, 2017

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907