Multiple vulnerabilities have been found in Apple products that could allow for arbitrary code execution
Multiple vulnerabilities uncovered in watchOS, iOS, tvOS, macOS, iCloud for Windows, and iTunes for Windows and Safari, the most severe of which could allow for arbitrary code execution. watchOS is the mobile operating system for the Apple Watch and is based on the iOS operating system. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. tvOS is an operating system for the fourth-generation Apple TV digital media player. macOS is Apple’s desktop and server operating system for Macintosh computers. iCloud is a cloud storage and cloud computing service from Apple. iTunes for Windows is a media player, media library, online radio broadcaster, and mobile device management application developed by Apple. Safari is a web browser available for OS X and Microsoft Windows.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are currently no reports of these vulnerabilities being exploited in the wild.
- watchOS Versions prior to 3.2.2
- iOS Versions prior to 10.3.2
- tvOS Versions prior to 10.2.1
- macOS Versions prior to 10.12.5, 10.11.6 Security Update 2017-002 El Capitan, 10.10.5 Security Update 2017-002 Yosemite
- Safari Versions prior to 10.1.1
- iCloud for Windows Versions prior to 6.2.1
- iTunes for Windows versions prior to 12.6.1
Risk to Government: High / medium
Risk to Business: High / medium
Risk to Home Users: Low
For more information see advisory at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution-11/