CVE-2017-6975: Buffer Overflow
First published: Wed Apr 05 2017(Updated: )
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.
Credit: product-security@apple.com Gal Beniamini Google Project Zero
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPhone OS | <=10.3 | |
| Apple Apple TV Software | <7.3 | 7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2019/May/24
- http://www.securityfocus.com/bid/97328
- http://www.securitytracker.com/id/1038172
- https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
- https://seclists.org/bugtraq/2019/May/30
- https://support.apple.com/HT207688
- https://support.apple.com/kb/HT210121
- https://twitter.com/4Dgifts/status/849268365457850370
- https://support.apple.com/en-us/HT210121 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- collector/nvd-index
- collector/apple-support
- vendor/apple
- canonical/apple iphone os
- version/apple iphone os/10.3
- canonical/apple apple tv software