Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.6
CVSSv2

CVE-2017-13878

Published: 25/12/2017 Updated: 22/01/2018
CVSS v2 Base Score: 5.6 | Impact Score: 7.8 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 565
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C
Subscribe to Apple

Vulnerability Summary

An issue exists in certain Apple products. macOS prior to 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Exploits

Exploit DB: macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'
/* AppleIntelCapriController::getDisplayPipeCapability reads an attacker-controlled dword value from a userclient structure input buffer which it uses to index a small array of pointers to memory to copy back to userspace There is no bounds checking on the attacker supplied value allowing (with some heap grooming) the disclosure of arbitrary kern ...

Github Repositories

https://github.com/nathanReitinger/cve

A scraper (Mitre CVE database + GZD team's database) and short analysis on timing of vulnerability finding/fixing

GZD + Mitre This code (work in progress) scrapes the Mitre CVE database and compares it against the google zero day (GZD) team's database cvemitreorg/data/downloads/indexhtml bugschromiumorg/p/project-zero/issues/list?can=1&q=&sort=-id&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary Intent GZD team's

Recent Articles

Apple gets around to patching all the other High Sierra security holes
The Register • Shaun Nichols in San Francisco • 07 Dec 2017

Another week, another Mac patch to install

Apple has released a security update to address nearly two dozen vulnerabilities in macOS High Sierra. The update comes little more than a week after Apple had to kick out an emergency fix to close up a glaring hole in macOS that allowed anyone with access to a Mac (either in person or remote) to bypass the login screen and act as a root account. This week's High Sierra update, numbered 10.13.2, addresses a total of 22 CVE-listed flaws in various components of the macOS operating system. Eight o...

Read more...

References

CWE-125https://support.apple.com/HT208331http://www.securitytracker.com/id/1039966http://www.securityfocus.com/bid/102099https://www.exploit-db.com/exploits/43780/https://nvd.nist.govhttps://github.com/nathanReitinger/cvehttps://www.exploit-db.com/exploits/43780/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook