The issue was addressed with additional checks and user control.ĬVE-2017-13860: Michael Weishaar of INNEO Solutions GmbH Impact: An attacker with a privileged network position may be able to intercept mailĭescription: An encryption issue existed with S/MIME credentials. This issue was addressed through improved selection of the encryption certificate. Impact: Incorrect certificate is used for encryptionĭescription: A S/MIME issue existed in the handling of encrypted email. #TYPESTATUS 2 IOS 11 CODE#Impact: An application may be able to execute arbitrary code with kernel privilege This issue was addressed through improved input validation.ĬVE-2017-7154: Jann Horn of Google Project Zero Impact: A local user may be able to cause unexpected system termination or read kernel memoryĭescription: An input validation issue existed in the kernel. Impact: An application may be able to read restricted memoryĭescription: An out-of-bounds read was addressed with improved bounds checking.ĭescription: A type confusion issue was addressed with improved memory handling.ĬVE-2017-13855: Jann Horn of Google Project Zeroĭescription: Multiple validation issues were addressed with improved input sanitization.ĬVE-2017-13865: Ian Beer of Google Project ZeroĬVE-2017-13869: Jann Horn of Google Project Zero Impact: An application may be able to read kernel memory (Meltdown)ĭescription: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.ĬVE-2017-5754: Jann Horn of Google Project Zero Moritz Lipp of Graz University of Technology Michael Schwarz of Graz University of Technology Daniel Gruss of Graz University of Technology Thomas Prescher of Cyberus Technology GmbH Werner Haas of Cyberus Technology GmbH Stefan Mangard of Graz University of Technology Paul Kocher Daniel Genkin of University of Pennsylvania and University of Maryland Yuval Yarom of University of Adelaide and Data61 and Mike Hamburg of Rambus (Cryptography Research Division)Įntry added January 4, 2018, updated January 10, 2018ĬVE-2017-13867: Ian Beer of Google Project ZeroĬVE-2017-13876: Ian Beer of Google Project Zero Impact: An application may be able to execute arbitrary code with kernel privilegesĭescription: Multiple memory corruption issues were addressed through improved state management.ĬVE-2017-13847: Ian Beer of Google Project ZeroĬVE-2017-7162: Tencent Keen Security Lab working with Trend Micro's Zero Day InitiativeĮntry added December 21, 2017, updated January 10, 2018ĬVE-2017-13861: Ian Beer of Google Project ZeroĬVE-2017-13904: Kevin Backhouse of Semmle Ltd. Impact: An application may be able to execute arbitrary code with elevated privilegesĬVE-2017-7171: 360 Security working with Trend Micro's Zero Day Initiative, and Tencent Keen Security Lab working with Trend Micro's Zero Day InitiativeĬVE-2017-7151: Samuel Groß added October 18, 2018 Impact: An application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue was addressed with improved memory handling.ĬVE-2017-7172: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative This was addressed by enabling HTTPS for exchange rates.ĬVE-2017-2411: Richard Shupak (/in/rshupak), Seth Vargo of Google, and an anonymous researcherĮntry added May 2, 2018, updated June 14, 2018 Impact: An attacker with a privileged network position may be able to alter currency conversion ratesĭescription: Exchange rates were retrieved from HTTP rather than HTTPS. Impact: An application may be able to gain elevated privilegesĭescription: A race condition was addressed with additional validation.ĬVE-2017-13905: Samuel Groß added October 18, 2018 #TYPESTATUS 2 IOS 11 PASSWORD#Impact: An attacker in a privileged network position may be able to spoof password prompts in App Storeĭescription: An input validation issue was addressed through improved input validation. Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |