All posts by 007admin

Alteon CVE-2017-17427 Information Disclosure Vulnerability


Alteon CVE-2017-17427 Information Disclosure Vulnerability

Bugtraq ID: 102199
Class: Design Error
CVE:

CVE-2017-17427

Remote: Yes
Local: No
Published: Dec 10 2017 12:00AM
Updated: Dec 17 2017 12:13AM
Credit: Hanno Böck.
Vulnerable:

Radware Alteon 31.0.4.0
Radware Alteon 30.5.7.0
Radware Alteon 30.2.8.0

Not Vulnerable:

Erlang/OTP CVE-2017-1000385 Information Disclosure Vulnerability


Erlang/OTP CVE-2017-1000385 Information Disclosure Vulnerability

Bugtraq ID: 102197
Class: Design Error
CVE:

CVE-2017-1000385

Remote: Yes
Local: No
Published: Dec 12 2017 12:00AM
Updated: Dec 17 2017 12:13AM
Credit: Hanno Böck, Juraj Somorovsky of Ruhr-Universität Bochum/Hackmanit GmbH, and Craig Young of Tripwire VERT.
Vulnerable:

Redhat OpenStack Platform 9.0
Redhat OpenStack Platform 12
Redhat OpenStack Platform 11
Redhat OpenStack Platform 10
Erlang Erlang/Otp 20.1.6
Erlang Erlang/Otp 19.3.6.3
Erlang Erlang/Otp 18.3.4.6

Not Vulnerable:

Erlang Erlang/Otp 20.1.7
Erlang Erlang/Otp 19.3.6.4
Erlang Erlang/Otp 18.3.4.7

SecurityFocus

1. ADVISORY SUMMARY

Kemp Load Balancers – Module Application Firewall Pack (AFP) – Web Application Firewall (WAF) does not inspect HTTP POST data

Risk: high

Application: Kemp Load Balancers – Module Application Firewall Pack (AFP)
Versions Affected: 7.1.30 (Nov 2015) to 7.2.40 (Oct 2017) // Older versions are probably affected too, but they were not checked
Vendor: KEMP Technologies
Vendor URL: https://kemptechnologies.com/

Sent to vendor: 16.10.2017
Vendor response: Acknowledge 17.10.2017, Fix in PreRelease 30.11.2017
Published fixed Release by vendor: 06.12.2017
Date of Public Advisory: 11.12.2017
Reference: Kemp Case #75046

Advisory URL: https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_pos
t_data
Author: Tim Kretschmann (Pallas GmbH)
Version and State of report: 1.0 (11.12.2017) – published

2. VULNERABILITY INFORMATION

Web Application Firewall does not inspect HTTP POST data

Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2017-15524
CVSS Base Score v2: 10 / 10
CVSS Base Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

3. VULNERABILITY DESCRIPTION

Kemp Load Balancer Module Application Firewall Pack (AFP) provides Web Application Firewall functionality.
In the tested versiona only web attacks at URL arguments were checked and were successful detected/blocked.
Attacks at arguments in the payload of HTTP POST Requests were NOT checked and were NOT detected/blocked.

Any attacks based on HTTP POST by using the Payload to transfer the attack vector will bypass the Web Applications Firewall of Kemp.

4. SOLUTIONS AND WORKAROUNDS

Update to Release 7.2.40.1 (Nov 2017)
No possible workaround before 7.2.40.1

5. AUTHOR

Tim Kretschmann (Pallas GmbH)

6. TECHNICAL DESCRIPTION / PROOF OF CONCEPT (PoC)

Settings WAF on KEMP Load Balancer inside Virtual Service of Virtal Host Area WAF Options

Web Application Firewall Enabled: On
Default Operation: Block Mode
Audit mode: Audit Relevant
Inspect HTML POST Request Content: On
– Disable JSON Parser: Off
– Disable XML Parser: Off
Process Responses: Off

Test-RuleSet:

SecRequestBodyAccess On

SecRule ARGS_POST:ptest attack123 “phase:2,id:8000,block,msg:’test 8000′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:2,id:8001,deny,msg:’test 8001′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:2,id:8002,drop,msg:’test 8002′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:1,id:8003,block,msg:’test 8003′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:1,id:8004,deny,msg:’test 8004′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:1,id:8005,drop,msg:’test 8005′,log,auditlog”

SecRule ARGS:ptest attack123 “phase:2,id:8010,block,msg:’test 8010′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:2,id:8011,deny,msg:’test 8011′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:2,id:8012,drop,msg:’test 8012′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:1,id:8013,block,msg:’test 8013′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:1,id:8014,deny,msg:’test 8014′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:1,id:8015,drop,msg:’test 8015′,log,auditlog”

Proof-of-Concept:

pentest@testpc:~$ curl -X GET “http://www.website.tld/cms/login.xhtml?ptest=attack123”
403 ForbiddenAccess denied

–> Is blocked. Okay.

pentest@testpc:~$ curl -X POST “http://www.website.tld/cms/login.xhtml?ptest=attack123” -d “xx=1”
403 ForbiddenAccess denied

–> Is blocked. Okay.

pentest@testpc:~$ curl -X POST “http://www.website.tld/cms/login.xhtml” -H “Content-Type: application/x-www-form-urlencoded” -d “ptest=attack123” -s


? Content of website ?

!! –> No Block/Drop/Deny on POST Attacks !!

7. TIMELINE

16.10.2017 – Open Ticket at Kemp #75046
17.10.2017 – Kemp acknowledged the bug
30.11.2017 ? Kemp offered PreRelease 7.2.40.1.15841.RELEASE.20171129-1431-PATCH-64-MULTICORE to Pallas
06.12.2017 ? Kemp published Release 7.2.40.1 (see https://kemptechnologies.com/software-release-notes/ – PD-10249)
11.12.2017 ? Pallas published Advisory

8. ABOUT PALLAS GMBH

Pallas provides security consulting, pentesting, managed security services and hosting services with focus on security.
Adress: Pallas GmbH, Hermuelheimer Strasse 8a, 50321 Bruehl, GERMANY
Phone: 0049.2232.18960
Fax: 0049.2232.198629
Web: https://www.pallas.com/

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-12-13-7 Additional information for
APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
CVE-2017-13876: Ian Beer of Google Project Zero
CVE-2017-13867: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017

Wi-Fi
Available for: Apple TV (4th generation)
Released for Apple TV 4K in tvOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks – KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
“Settings -> System -> Software Update -> Update Software.”

To check the current version of software, select
“Settings -> General -> About.”

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYA7xAA
rS/mqu8UXd7eap0Doz7R4W40l1/OOcvI4Y19Krifw4WdfO9+xN9zHDaOrFzWmzSw
CQ55aclEgkk2CDGbuMmVtiKstFzZ2sBrRVygYx9wd1/u1eDpHINNglYVP0cMHeVl
RUbrgLgysOkNG9z/ExRK2XrJg7bhcK2grY8wBRaBmIgtfD3u53iNbG1kkEQOBDC3
wfFcO7lZjTQ6k7Sq6dHB7wv0iwwNZKP7JpQ55g70De1dUy8YSecirD4ox2IFYw3m
95EWslKrhRzbX76Pnbqv5Kc9aUEuY4FHR+MuaeAF3hZ5ilixsB2fKYn4eT23R8bu
H4yors9ROlKmt7ka96MnbRbPwtF9iSxam0TADQGhmoBdGz7w7C2EesZCNELrftuD
xW7pWcnPGKf/Lk3JCstlCWs/h3UK9XkbiGXyRlB9crY7O6xitmoHE6i/m7gJhrrS
W013CESh/N5TZu1KH2vjRABb6UqOOFFTSRXZewYrO3TAjFs+w2GUHsAzXoBgeZN5
7Txzx6PcHQkpqvXCPer31GzU19BAJOZHFXXRG+knd5iSoPJOWJ0Pnl+bhjV9hgDy
W+rW7nfLYV9cKxNjOAqFZ/zPPd8L5P5dxLY2+wdiIyXn3Oju0qaotZlAZIH5yfd7
fCipgGx+j/2bCuxoXDxHpeauC/sXVXnaqqYViroAnT8=
=ZFwH
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-12-13-5 Safari 11.0.2

Safari 11.0.2 addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher

Installation note:

Safari 11.0.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnVIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYhexAA
yUNa0rFxrFVaE7m+/Cjvd/Nj4oVvIWUgCD+UzyBsn8hrWNx2TqoK5rghN3AzEAzh
AOI8C4RMWqcrYfrTRtk0jP2xSB0vfYekNhtt8uyoJ3zh51uTFhlfv28PC+NbFXvb
9l/5A10L3eHQ8zjG5agwl0STJre2/sqyhH/JTlfXt/HAVO86BhvQjdeB2ZmxP2o1
qeLonOeuYCLE5j7tuPqpIUsBOzDdaCD2AmQHhSTsXDmVqTxIUgQuCPXumYnYRqhM
Enw52F5gcS6IUGDhD3Nq4LnnbgzioNj16WC/qRPx10amUn2UT16zyg9IaZ973VAa
8wrgPI954BMh6cUrXmyURycozFer2SD1j72n2ffsR2oao8UP2kHVmtYdGnkG/6GS
/0ehXzL8Rg7ygdDV8MPXd1JYOsMniNpYGBt0YtJTu71P9lHkmBbwmGrwZY0qUidG
kdIhTq0FytSLW10QyOHl6GwmR3UfzUwV8jlagj1n6aMvYLt/FyG0fpZ4x/PeiLwC
lc7K4NE9g28X5l/XFO7Bz1qHKlgbSzCiBAtAnYX7O1L96tqG5ezmODu2JteIh7vQ
RNsLN5beQ9q0dRMMpmJJ9EszTAhJYEuPjOY7eTj5xN8NRzy7urLwfnC7d/9LfJfc
dxfjhPhSSs+jrxQPt8htzE6CeLjixhIpKo4Xfg6dHys=
=i9jD
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-12-13-2 tvOS 11.2.1

tvOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A message handling issue was addressed with improved
input validation.
CVE-2017-13903: Tian Zhang

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
“Settings -> System -> Software Update -> Update Software.”

To check the current version of software, select
“Settings -> General -> About.”

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxbW0pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaoOQ/9
Eql5PxH6Mben86EA+8rozVDZ1sO3xXBgytrTKhXXFXzoS1yiyCksOoFhBFBukBrO
AnOFddK2qDP7FkfZlfFLJuqEnyA8Px/TCvNDHE9cwN4D0hHjZR2hE7z6aEiyzU8H
/jTCRBmkVgnM+xZ1L5MGKkO9DRwVdZLxp7MU0sspF5OBG5d43kKc7R/ILWz8h8oV
uOuprNLKXHKStJUvff27oXaGG2UxUErBXpaJkmoY2YXlQYMiwEjuiwvPwL2tF8NF
g1UITLkru0zwmGX9uzAVpYWs46lUDEoFPvi7EsREccEsBQkNYFR4j8Rl0ORsHtnE
0rxX3+XrRigpFDqqtOJod7LwvVqsbykC56z95OYKWc38+YBUsBks99ZcY93IrHLc
KRtNVHsrnPvXcVLUkIxkoLO6um+/gkldVvqJWgXbw7VK6F5pyS0T682K6psKpPrJ
cg4Dep0DeLwrEgolQlC97D1XKJonxTclf0jRnPF4PvpZJJebf6NF4EvMEsD/3l7f
IC5VJMGWtejyB5dC7rRuo5mFQetBAz3Eb1j7V3/wEVa/YKtUa6acLN6OxkG8tdz8
/Z1zqZVneSDjR4spqxQqGCmg6MFWJ2hiw4rU72f2RzGaEq1HL1hZ6jgmK9VqIXD7
lePVR1Gl4oAcfmIDMaJRcI8VtHDC7w9iOKi9wj8zYGU=
=H53J
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

1. ADVISORY SUMMARY

Kemp Load Balancers – Module Application Firewall Pack (AFP) – Web Application Firewall (WAF) does not inspect HTTP POST data

Risk: high

Application: Kemp Load Balancers – Module Application Firewall Pack (AFP)
Versions Affected: 7.1.30 (Nov 2015) to 7.2.40 (Oct 2017) // Older versions are probably affected too, but they were not checked
Vendor: KEMP Technologies
Vendor URL: https://kemptechnologies.com/

Sent to vendor: 16.10.2017
Vendor response: Acknowledge 17.10.2017, Fix in PreRelease 30.11.2017
Published fixed Release by vendor: 06.12.2017
Date of Public Advisory: 11.12.2017
Reference: Kemp Case #75046

Advisory URL: https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_pos
t_data
Author: Tim Kretschmann (Pallas GmbH)
Version and State of report: 1.0 (11.12.2017) – published

2. VULNERABILITY INFORMATION

Web Application Firewall does not inspect HTTP POST data

Remotely Exploitable: Yes
Locally Exploitable: No
CVE: CVE-2017-15524
CVSS Base Score v2: 10 / 10
CVSS Base Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

3. VULNERABILITY DESCRIPTION

Kemp Load Balancer Module Application Firewall Pack (AFP) provides Web Application Firewall functionality.
In the tested versiona only web attacks at URL arguments were checked and were successful detected/blocked.
Attacks at arguments in the payload of HTTP POST Requests were NOT checked and were NOT detected/blocked.

Any attacks based on HTTP POST by using the Payload to transfer the attack vector will bypass the Web Applications Firewall of Kemp.

4. SOLUTIONS AND WORKAROUNDS

Update to Release 7.2.40.1 (Nov 2017)
No possible workaround before 7.2.40.1

5. AUTHOR

Tim Kretschmann (Pallas GmbH)

6. TECHNICAL DESCRIPTION / PROOF OF CONCEPT (PoC)

Settings WAF on KEMP Load Balancer inside Virtual Service of Virtal Host Area WAF Options

Web Application Firewall Enabled: On
Default Operation: Block Mode
Audit mode: Audit Relevant
Inspect HTML POST Request Content: On
– Disable JSON Parser: Off
– Disable XML Parser: Off
Process Responses: Off

Test-RuleSet:

SecRequestBodyAccess On

SecRule ARGS_POST:ptest attack123 “phase:2,id:8000,block,msg:’test 8000′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:2,id:8001,deny,msg:’test 8001′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:2,id:8002,drop,msg:’test 8002′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:1,id:8003,block,msg:’test 8003′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:1,id:8004,deny,msg:’test 8004′,log,auditlog”
SecRule ARGS_POST:ptest attack123 “phase:1,id:8005,drop,msg:’test 8005′,log,auditlog”

SecRule ARGS:ptest attack123 “phase:2,id:8010,block,msg:’test 8010′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:2,id:8011,deny,msg:’test 8011′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:2,id:8012,drop,msg:’test 8012′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:1,id:8013,block,msg:’test 8013′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:1,id:8014,deny,msg:’test 8014′,log,auditlog”
SecRule ARGS:ptest attack123 “phase:1,id:8015,drop,msg:’test 8015′,log,auditlog”

Proof-of-Concept:

pentest@testpc:~$ curl -X GET “http://www.website.tld/cms/login.xhtml?ptest=attack123”
403 ForbiddenAccess denied

–> Is blocked. Okay.

pentest@testpc:~$ curl -X POST “http://www.website.tld/cms/login.xhtml?ptest=attack123” -d “xx=1”
403 ForbiddenAccess denied

–> Is blocked. Okay.

pentest@testpc:~$ curl -X POST “http://www.website.tld/cms/login.xhtml” -H “Content-Type: application/x-www-form-urlencoded” -d “ptest=attack123” -s


? Content of website ?

!! –> No Block/Drop/Deny on POST Attacks !!

7. TIMELINE

16.10.2017 – Open Ticket at Kemp #75046
17.10.2017 – Kemp acknowledged the bug
30.11.2017 ? Kemp offered PreRelease 7.2.40.1.15841.RELEASE.20171129-1431-PATCH-64-MULTICORE to Pallas
06.12.2017 ? Kemp published Release 7.2.40.1 (see https://kemptechnologies.com/software-release-notes/ – PD-10249)
11.12.2017 ? Pallas published Advisory

8. ABOUT PALLAS GMBH

Pallas provides security consulting, pentesting, managed security services and hosting services with focus on security.
Adress: Pallas GmbH, Hermuelheimer Strasse 8a, 50321 Bruehl, GERMANY
Phone: 0049.2232.18960
Fax: 0049.2232.198629
Web: https://www.pallas.com/

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-12-13-7 Additional information for
APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13862: Apple
CVE-2017-13876: Ian Beer of Google Project Zero
CVE-2017-13867: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2017-13833: Brandon Azad

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2017-13855: Jann Horn of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2017-13865: Ian Beer of Google Project Zero
CVE-2017-13868: Brandon Azad
CVE-2017-13869: Jann Horn of Google Project Zero

WebKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher
Entry added December 13, 2017

Wi-Fi
Available for: Apple TV (4th generation)
Released for Apple TV 4K in tvOS 11.1.
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks – KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
“Settings -> System -> Software Update -> Update Software.”

To check the current version of software, select
“Settings -> General -> About.”

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxpFopHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYA7xAA
rS/mqu8UXd7eap0Doz7R4W40l1/OOcvI4Y19Krifw4WdfO9+xN9zHDaOrFzWmzSw
CQ55aclEgkk2CDGbuMmVtiKstFzZ2sBrRVygYx9wd1/u1eDpHINNglYVP0cMHeVl
RUbrgLgysOkNG9z/ExRK2XrJg7bhcK2grY8wBRaBmIgtfD3u53iNbG1kkEQOBDC3
wfFcO7lZjTQ6k7Sq6dHB7wv0iwwNZKP7JpQ55g70De1dUy8YSecirD4ox2IFYw3m
95EWslKrhRzbX76Pnbqv5Kc9aUEuY4FHR+MuaeAF3hZ5ilixsB2fKYn4eT23R8bu
H4yors9ROlKmt7ka96MnbRbPwtF9iSxam0TADQGhmoBdGz7w7C2EesZCNELrftuD
xW7pWcnPGKf/Lk3JCstlCWs/h3UK9XkbiGXyRlB9crY7O6xitmoHE6i/m7gJhrrS
W013CESh/N5TZu1KH2vjRABb6UqOOFFTSRXZewYrO3TAjFs+w2GUHsAzXoBgeZN5
7Txzx6PcHQkpqvXCPer31GzU19BAJOZHFXXRG+knd5iSoPJOWJ0Pnl+bhjV9hgDy
W+rW7nfLYV9cKxNjOAqFZ/zPPd8L5P5dxLY2+wdiIyXn3Oju0qaotZlAZIH5yfd7
fCipgGx+j/2bCuxoXDxHpeauC/sXVXnaqqYViroAnT8=
=ZFwH
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-12-13-5 Safari 11.0.2

Safari 11.0.2 addresses the following:

WebKit
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.2
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2017-7156: an anonymous researcher
CVE-2017-7157: an anonymous researcher
CVE-2017-13856: Jeonghoon Shin
CVE-2017-13870: an anonymous researcher
CVE-2017-13866: an anonymous researcher

Installation note:

Safari 11.0.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxnVIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEYhexAA
yUNa0rFxrFVaE7m+/Cjvd/Nj4oVvIWUgCD+UzyBsn8hrWNx2TqoK5rghN3AzEAzh
AOI8C4RMWqcrYfrTRtk0jP2xSB0vfYekNhtt8uyoJ3zh51uTFhlfv28PC+NbFXvb
9l/5A10L3eHQ8zjG5agwl0STJre2/sqyhH/JTlfXt/HAVO86BhvQjdeB2ZmxP2o1
qeLonOeuYCLE5j7tuPqpIUsBOzDdaCD2AmQHhSTsXDmVqTxIUgQuCPXumYnYRqhM
Enw52F5gcS6IUGDhD3Nq4LnnbgzioNj16WC/qRPx10amUn2UT16zyg9IaZ973VAa
8wrgPI954BMh6cUrXmyURycozFer2SD1j72n2ffsR2oao8UP2kHVmtYdGnkG/6GS
/0ehXzL8Rg7ygdDV8MPXd1JYOsMniNpYGBt0YtJTu71P9lHkmBbwmGrwZY0qUidG
kdIhTq0FytSLW10QyOHl6GwmR3UfzUwV8jlagj1n6aMvYLt/FyG0fpZ4x/PeiLwC
lc7K4NE9g28X5l/XFO7Bz1qHKlgbSzCiBAtAnYX7O1L96tqG5ezmODu2JteIh7vQ
RNsLN5beQ9q0dRMMpmJJ9EszTAhJYEuPjOY7eTj5xN8NRzy7urLwfnC7d/9LfJfc
dxfjhPhSSs+jrxQPt8htzE6CeLjixhIpKo4Xfg6dHys=
=i9jD
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

APPLE-SA-2017-12-13-2 tvOS 11.2.1

tvOS 11.2.1 is now available and addresses the following:

HomeKit
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: A message handling issue was addressed with improved
input validation.
CVE-2017-13903: Tian Zhang

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
“Settings -> System -> Software Update -> Update Software.”

To check the current version of software, select
“Settings -> General -> About.”

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAloxbW0pHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaoOQ/9
Eql5PxH6Mben86EA+8rozVDZ1sO3xXBgytrTKhXXFXzoS1yiyCksOoFhBFBukBrO
AnOFddK2qDP7FkfZlfFLJuqEnyA8Px/TCvNDHE9cwN4D0hHjZR2hE7z6aEiyzU8H
/jTCRBmkVgnM+xZ1L5MGKkO9DRwVdZLxp7MU0sspF5OBG5d43kKc7R/ILWz8h8oV
uOuprNLKXHKStJUvff27oXaGG2UxUErBXpaJkmoY2YXlQYMiwEjuiwvPwL2tF8NF
g1UITLkru0zwmGX9uzAVpYWs46lUDEoFPvi7EsREccEsBQkNYFR4j8Rl0ORsHtnE
0rxX3+XrRigpFDqqtOJod7LwvVqsbykC56z95OYKWc38+YBUsBks99ZcY93IrHLc
KRtNVHsrnPvXcVLUkIxkoLO6um+/gkldVvqJWgXbw7VK6F5pyS0T682K6psKpPrJ
cg4Dep0DeLwrEgolQlC97D1XKJonxTclf0jRnPF4PvpZJJebf6NF4EvMEsD/3l7f
IC5VJMGWtejyB5dC7rRuo5mFQetBAz3Eb1j7V3/wEVa/YKtUa6acLN6OxkG8tdz8
/Z1zqZVneSDjR4spqxQqGCmg6MFWJ2hiw4rU72f2RzGaEq1HL1hZ6jgmK9VqIXD7
lePVR1Gl4oAcfmIDMaJRcI8VtHDC7w9iOKi9wj8zYGU=
=H53J
—–END PGP SIGNATURE—–

[ reply ]