Vulnerability-Lookup

CVE-2017-7150 (GCVE-0-2017-7150)

Vulnerability from cvelistv5 – Published: 2017-10-23 01:00 – Updated: 2024-08-05 15:56

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

CNVD-2017-32740

Vulnerability from cnvd - Published: 2017-11-03

Title

Apple macOS High Sierra Security安全绕过漏洞

Description

Apple macOS High Sierra是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。Security component是其中的一个安全组件。 Apple macOS High Sierra 10.13之前的版本的Security组件存在安全绕过漏洞。攻击者可利用该漏洞绕过钥匙串访问提示，提取密码。

Severity

低

Patch Name

Apple macOS High Sierra Security安全绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT208165

Reference

http://seclists.org/fulldisclosure/2017/Oct/9

Impacted products

Name
Apple macOS <10.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7150"
    }
  },
  "description": "Apple macOS High Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Security component\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u5168\u7ec4\u4ef6\u3002\r\n\r\nApple macOS High Sierra 10.13\u4e4b\u524d\u7684\u7248\u672c\u7684Security\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u94a5\u5319\u4e32\u8bbf\u95ee\u63d0\u793a\uff0c\u63d0\u53d6\u5bc6\u7801\u3002",
  "discovererName": "Patrick Wardle of Synack",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT208165",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32740",
  "openTime": "2017-11-03",
  "patchDescription": "Apple macOS High Sierra\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002Security component\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u5b89\u5168\u7ec4\u4ef6\u3002\r\n\r\nApple macOS High Sierra 10.13\u4e4b\u524d\u7684\u7248\u672c\u7684Security\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u94a5\u5319\u4e32\u8bbf\u95ee\u63d0\u793a\uff0c\u63d0\u53d6\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS High Sierra Security\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple macOS \u003c10.13"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Oct/9",
  "serverity": "\u4f4e",
  "submitTime": "2017-10-09",
  "title": "Apple macOS High Sierra Security\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-3PR4-C94W-58X7

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-7150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-521"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-23T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.",
  "id": "GHSA-3pr4-c94w-58x7",
  "modified": "2022-05-13T01:46:52Z",
  "published": "2022-05-13T01:46:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7150"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208165"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101177"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039430"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201710-1350

Vulnerability from variot - Updated: 2025-04-20 23:25

An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. Apple macOS is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update

macOS High Sierra 10.13 Supplemental Update is now available and addresses the following:

StorageKit Available for: macOS High Sierra 10.13 Impact: A local attacker may gain access to an encrypted APFS volume Description: If a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. This was addressed by clearing hint storage if the hint was the password, and by improving the logic for storing hints. This was addressed by requiring the user password when prompting for keychain access. CVE-2017-7150: Patrick Wardle of Synack

New downloads of macOS High Sierra 10.13 include the security content of the macOS High Sierra 10.13 Supplemental Update.

Installation note:

macOS High Sierra 10.13 Supplemental Update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJZ1muIAAoJEIOj74w0bLRGK4YP/0po4Tefgarlu0uLyWAxst/6 KTtHK6sJs7wE0nsGJV1SUrKCLtuKo82mOkLJU5a7iS2qBcCLZVFr63HlG6nPDsJU mTfEGcUoVJMLy8BvkHxuQKA9h/4dymZ+4irQZ6ZxUKWYSIBowf0p2oWmwjxKY3v1 BNRx7bLnJH3bOej2EZbwGUVUMVWxlnGTeHQwGNrSoHlWQayZy/S9mJQRFlG8UlrQ C3EH8PxMNJKQuClP5WutREFzoY5uod4v24yFwlz1OdnyNhafprQnRUJaFlpiD0Fi oVf4OnuPOxI1txZ+QIN3virg3/TI/uLKYFpVatrw/sBiFPPD1W3PSHTGF3LtXAVf WFx7OQpAw/IFir2UZXMoOzMA7jrKgROn393/utbNVemoeUlr0SwG83zTsL/fmLGB m0u2PhHgUvTkGmTrdf8DCr1RCs20Q1KahkScUT3iBFoEGP+Tqy1PTgXb+2KFGKL3 nA8r7fWu1aFRu/rLUPO+cs46Y1LSqxmgYlYE1B2W5mpO03EUyNzq3aoI68s97+UI xka2V//xbhFTok4r08bLKK+KvNC2qan6MyMEqqp9PNsWOTtUoEw1EJTrQoQkMkjp /qPFwGe6LDOtxWDB1LMC80Ruto3CiSbkmLN6D9XLYKQnbuJSQiioU/VWIG5EN+lC +olewerlqcRryeVWc4IM =Frfq -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1350",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.13"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.12.6"
      },
      {
        "model": "macos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "101177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Patrick Wardle of Synack",
    "sources": [
      {
        "db": "BID",
        "id": "101177"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-7150",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-7150",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-115353",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-7150",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-7150",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-7150",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-924",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115353",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-7150",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. Apple macOS is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update\n\nmacOS High Sierra 10.13 Supplemental Update is now available\nand addresses the following:\n\nStorageKit\nAvailable for: macOS High Sierra 10.13\nImpact: A local attacker may gain access to an encrypted APFS volume\nDescription: If a hint was set in Disk Utility when creating an APFS\nencrypted volume, the password was stored as the hint. This was \naddressed by clearing hint storage if the hint was the password, and \nby improving the logic for storing hints. This was addressed by\nrequiring the user password when prompting for keychain access. \nCVE-2017-7150: Patrick Wardle of Synack\n\nNew downloads of macOS High Sierra 10.13 include the security\ncontent of the macOS High Sierra 10.13 Supplemental Update. \n\nInstallation note:\n\nmacOS High Sierra 10.13 Supplemental Update may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZ1muIAAoJEIOj74w0bLRGK4YP/0po4Tefgarlu0uLyWAxst/6\nKTtHK6sJs7wE0nsGJV1SUrKCLtuKo82mOkLJU5a7iS2qBcCLZVFr63HlG6nPDsJU\nmTfEGcUoVJMLy8BvkHxuQKA9h/4dymZ+4irQZ6ZxUKWYSIBowf0p2oWmwjxKY3v1\nBNRx7bLnJH3bOej2EZbwGUVUMVWxlnGTeHQwGNrSoHlWQayZy/S9mJQRFlG8UlrQ\nC3EH8PxMNJKQuClP5WutREFzoY5uod4v24yFwlz1OdnyNhafprQnRUJaFlpiD0Fi\noVf4OnuPOxI1txZ+QIN3virg3/TI/uLKYFpVatrw/sBiFPPD1W3PSHTGF3LtXAVf\nWFx7OQpAw/IFir2UZXMoOzMA7jrKgROn393/utbNVemoeUlr0SwG83zTsL/fmLGB\nm0u2PhHgUvTkGmTrdf8DCr1RCs20Q1KahkScUT3iBFoEGP+Tqy1PTgXb+2KFGKL3\nnA8r7fWu1aFRu/rLUPO+cs46Y1LSqxmgYlYE1B2W5mpO03EUyNzq3aoI68s97+UI\nxka2V//xbhFTok4r08bLKK+KvNC2qan6MyMEqqp9PNsWOTtUoEw1EJTrQoQkMkjp\n/qPFwGe6LDOtxWDB1LMC80Ruto3CiSbkmLN6D9XLYKQnbuJSQiioU/VWIG5EN+lC\n+olewerlqcRryeVWc4IM\n=Frfq\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "BID",
        "id": "101177"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "db": "PACKETSTORM",
        "id": "144523"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-7150",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "101177",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1039430",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-115353",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7150",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "144523",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "db": "BID",
        "id": "101177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "id": "VAR-201710-1350",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:25:55.759000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "HT208165",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT208165"
      },
      {
        "title": "HT208165",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/HT208165"
      },
      {
        "title": "Apple macOS High Sierra Security Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99687"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/"
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/lnick2023/nicenice "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "Awesome CVE PoC",
        "trust": 0.1,
        "url": "https://github.com/qazbnm456/awesome-cve-poc "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-521",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/101177"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht208165"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1039430"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7150"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7150"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-us/ht208165"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/521.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/qazbnm456/awesome-cve-poc"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7149"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "db": "BID",
        "id": "101177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "db": "BID",
        "id": "101177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "db": "PACKETSTORM",
        "id": "144523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "date": "2017-10-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "date": "2017-10-05T00:00:00",
        "db": "BID",
        "id": "101177"
      },
      {
        "date": "2017-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "date": "2017-10-05T18:22:22",
        "db": "PACKETSTORM",
        "id": "144523"
      },
      {
        "date": "2017-03-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "date": "2017-10-23T01:29:14.190000",
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115353"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-7150"
      },
      {
        "date": "2017-10-05T00:00:00",
        "db": "BID",
        "id": "101177"
      },
      {
        "date": "2017-11-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-7150"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS Vulnerability that can bypass the keychain access prompt in the security component",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009371"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-924"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-7150

Vulnerability from fkie_nvd - Published: 2017-10-23 01:29 - Updated: 2025-04-20 01:37

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://www.securityfocus.com/bid/101177	Third Party Advisory, VDB Entry
product-security@apple.com	http://www.securitytracker.com/id/1039430	Third Party Advisory, VDB Entry
product-security@apple.com	https://support.apple.com/HT208165	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101177	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039430	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208165	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28DF1801-0B0E-4238-BEBA-B6530288980B",
              "versionEndIncluding": "10.12.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de macOS anteriores a la 10.13 Supplemental Update. El problema implica el componente \"Security\". Permite que atacantes omitan el aviso de acceso keychain y, consecuentemente, extraigan contrase\u00f1as mediante un clic sint\u00e9tico."
    }
  ],
  "id": "CVE-2017-7150",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-23T01:29:14.190",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101177"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039430"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT208165"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-521"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-334

Vulnerability from certfr_avis - Published: 2017-10-06 - Updated: 2017-10-06

De multiples vulnérabilités ont été découvertes dans les produits Apple . Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	macOS	macOS High Sierra versions antérieures à 10.13
	Apple	N/A	watchOS versions antérieures à 4.0.1

References

Title

Publication Time

GSD-2017-7150

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-7150

Aliases

CVE-2017-7150

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-7150",
    "description": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.",
    "id": "GSD-2017-7150"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-7150"
      ],
      "details": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.",
      "id": "GSD-2017-7150",
      "modified": "2023-12-13T01:21:06.644882Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2017-7150",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208165",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208165"
          },
          {
            "name": "1039430",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039430"
          },
          {
            "name": "101177",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101177"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.12.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7150"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"Security\" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-521"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208165",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT208165"
            },
            {
              "name": "1039430",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039430"
            },
            {
              "name": "101177",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101177"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-10-23T01:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7150 (GCVE-0-2017-7150)

CNVD-2017-32740

GHSA-3PR4-C94W-58X7

VAR-201710-1350

FKIE_CVE-2017-7150

CERTFR-2017-AVI-334

Solution

GSD-2017-7150

Tags

Sightings

Nomenclature