CVE-2017-7108: Buffer Overflow

Q: What is CVE-2017-7108?

CVE-2017-7108 is a memory corruption issue in certain Apple products, including iOS, tvOS, and watchOS, that allows remote attackers to execute arbitrary code or cause a denial of service.

Q: Which Apple products are affected by CVE-2017-7108?

CVE-2017-7108 affects iOS, tvOS, and watchOS before version 11.

Q: What is the severity of CVE-2017-7108?

CVE-2017-7108 has a severity rating of 9.8 (Critical).

Q: How can CVE-2017-7108 be exploited?

CVE-2017-7108 can be exploited by remote attackers to execute arbitrary code in a privileged context or cause a denial of service.

Q: Are there any patches available for CVE-2017-7108?

Yes, Apple has released updates to address CVE-2017-7108 in iOS 11, tvOS 11, and watchOS 4.

Published Sep 19, 2017

Updated

Wi-Fi. A memory corruption issue was addressed with improved memory handling.

Other sources

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

Credit

Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero), Gal Beniamini(Google Project Zero)

Affected Software

6 affected componentsFixes available

Apple tvOS<11

Apple WatchOS<4

Apple iOS<11

Apple iPhone OS<=10.3.3

Apple tvOS<=10.2.2

Apple WatchOS<=3.2.3

Event History

Oct 23, 2017

CVE Published

via MITRE·01:00 AM

Data Sourced

via MITRE·01:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2017-13832
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-0381
CVE-2017-13825
CVE-2017-13815
CVE-2017-13828
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-7114
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2017-9049
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-13822
CVE-2017-7080
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7090
CVE-2017-7109
CVE-2017-11120
CVE-2017-11121
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116
CVE-2017-11122
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-13821
CVE-2018-4302
CVE-2017-13863
CVE-2017-7131
CVE-2017-7088
CVE-2017-11103
CVE-2017-7072
CVE-2017-7140
CVE-2017-7148
CVE-2017-7078
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7075
CVE-2017-7139
CVE-2017-13806
CVE-2017-7132
CVE-2017-7085
CVE-2017-13877
CVE-2017-7146
CVE-2017-6211
CVE-2017-7145
CVE-2017-7089
CVE-2017-7106
CVE-2017-7144
CVE-2017-7142

Frequently Asked Questions

What is CVE-2017-7108?

CVE-2017-7108 is a memory corruption issue in certain Apple products, including iOS, tvOS, and watchOS, that allows remote attackers to execute arbitrary code or cause a denial of service.

Which Apple products are affected by CVE-2017-7108?