The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of iPhone

vulnerability bulletin CVE-2018-4101 CVE-2018-4113 CVE-2018-4114

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, Debian, Fedora, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 02/05/2018.
Identifiers: bulletinoct2018, CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, DSA-4256-1, FEDORA-2018-499f2dbc96, HT208693, openSUSE-SU-2018:2134-1, openSUSE-SU-2018:2135-1, openSUSE-SU-2018:3473-1, openSUSE-SU-2019:0081-1, RHSA-2018:2282-01, SUSE-SU-2018:3387-1, SUSE-SU-2019:0092-1, USN-3635-1, VIGILANCE-VUL-26013.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-4187 CVE-2018-4206

Apple iOS: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Impacted products: iOS by Apple, iPhone.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/04/2018.
Identifiers: CERTFR-2018-AVI-201, CVE-2018-4187, CVE-2018-4206, HT208743, VIGILANCE-VUL-25965.

Description of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-13847 CVE-2017-13855 CVE-2017-13860

Apple iOS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Impacted products: iOS by Apple, iPhone.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on server.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 07/12/2017.
Revisions dates: 14/12/2017, 28/12/2017, 05/03/2018.
Identifiers: 1373, 1377, 1417, CERTFR-2017-AVI-451, CVE-2017-13847, CVE-2017-13855, CVE-2017-13860, CVE-2017-13861, CVE-2017-13862, CVE-2017-13865, CVE-2017-13867, CVE-2017-13868, CVE-2017-13869, CVE-2017-13874, CVE-2017-13876, CVE-2017-13879, CVE-2017-7152, CVE-2017-7154, CVE-2017-7157, CVE-2017-7162, CVE-2017-7171, CVE-2017-7172, HT208334, HT208394, VIGILANCE-VUL-24677, ZDI-18-147, ZDI-18-149, ZDI-18-151, ZDI-18-154, ZDI-18-156.

Description of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-4082 CVE-2018-4085 CVE-2018-4086

Apple iOS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Impacted products: iOS by Apple, iPhone.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 24/01/2018.
Revision date: 01/03/2018.
Identifiers: 1419, 1421, 1477, CERTFR-2018-AVI-053, CVE-2018-4082, CVE-2018-4085, CVE-2018-4086, CVE-2018-4087, CVE-2018-4088, CVE-2018-4089, CVE-2018-4090, CVE-2018-4092, CVE-2018-4093, CVE-2018-4094, CVE-2018-4095, CVE-2018-4096, CVE-2018-4100, HT208463, VIGILANCE-VUL-25139.

Description of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-4124

Apple iOS, macOS: memory corruption

Synthesis of the vulnerability

An attacker can generate a memory corruption of Apple iOS et macOS, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/02/2018.
Identifiers: CERTFR-2018-AVI-090, CVE-2018-4124, HT208534, HT208535, VIGILANCE-VUL-25329.

Description of the vulnerability

An attacker can generate a memory corruption of Apple iOS et macOS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-13856 CVE-2017-13866 CVE-2017-13870

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 28/12/2017.
Revision date: 08/02/2018.
Identifiers: CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, FEDORA-2017-06b373d942, FEDORA-2017-0ad0e2f390, HT208334, HT208394, openSUSE-SU-2018:0044-1, openSUSE-SU-2018:0326-1, SUSE-SU-2018:0219-1, USN-3514-1, VIGILANCE-VUL-24891, ZDI-18-146, ZDI-18-148.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7160 CVE-2018-4088

WebKitGTK+: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 31/01/2018.
Revision date: 08/02/2018.
Identifiers: CVE-2017-7160, CVE-2018-4088, FEDORA-2018-3199135a7e, FEDORA-2018-43712163de, HT208334, HT208394, openSUSE-SU-2018:3473-1, SUSE-SU-2018:3387-1, USN-3551-1, VIGILANCE-VUL-25185, ZDI-18-150.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-13884 CVE-2017-13885 CVE-2017-7153

WebKitGTK+: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Impacted products: iOS by Apple, iPhone, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 29/01/2018.
Revision date: 08/02/2018.
Identifiers: CVE-2017-13884, CVE-2017-13885, CVE-2017-7153, CVE-2017-7161, CVE-2017-7165, FEDORA-2018-3199135a7e, FEDORA-2018-43712163de, HT208334, HT208394, openSUSE-SU-2018:3473-1, SUSE-SU-2018:3387-1, USN-3551-1, VIGILANCE-VUL-25168, ZDI-18-152, ZDI-18-153, ZDI-18-155.

Description of the vulnerability

An attacker can use several vulnerabilities of WebKitGTK+.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-11120 CVE-2017-11121 CVE-2017-11122

Apple iOS: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Impacted products: iOS by Apple, iPhone.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 63.
Creation date: 20/09/2017.
Revisions dates: 02/11/2017, 22/01/2018.
Identifiers: 1302, 1305, 1312, 1313, 1314, 1317, 1318, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-20-1, APPLE-SA-2017-09-25-4, CERTFR-2017-AVI-308, CERTFR-2017-AVI-321, CERTFR-2017-AVI-331, CERTFR-2017-AVI-347, CVE-2017-11120, CVE-2017-11121, CVE-2017-11122, CVE-2017-13782, CVE-2017-13806, CVE-2017-13812, CVE-2017-13813, CVE-2017-13814, CVE-2017-13815, CVE-2017-13816, CVE-2017-13817, CVE-2017-13818, CVE-2017-13821, CVE-2017-13822, CVE-2017-13825, CVE-2017-13828, CVE-2017-13829, CVE-2017-13830, CVE-2017-13831, CVE-2017-13832, CVE-2017-13833, CVE-2017-13836, CVE-2017-13840, CVE-2017-13841, CVE-2017-13842, CVE-2017-13843, CVE-2017-13854, CVE-2017-7072, CVE-2017-7075, CVE-2017-7078, CVE-2017-7080, CVE-2017-7081, CVE-2017-7083, CVE-2017-7085, CVE-2017-7086, CVE-2017-7088, CVE-2017-7094, CVE-2017-7097, CVE-2017-7099, CVE-2017-7103, CVE-2017-7105, CVE-2017-7106, CVE-2017-7108, CVE-2017-7110, CVE-2017-7112, CVE-2017-7114, CVE-2017-7115, CVE-2017-7116, CVE-2017-7118, CVE-2017-7127, CVE-2017-7128, CVE-2017-7129, CVE-2017-7130, CVE-2017-7131, CVE-2017-7132, CVE-2017-7133, CVE-2017-7139, CVE-2017-7140, CVE-2017-7142, CVE-2017-7144, CVE-2017-7145, CVE-2017-7146, CVE-2017-7148, HT208112, HT208144, VIGILANCE-VUL-23877, ZDI-17-924, ZDI-17-925.

Description of the vulnerability

An attacker can use several vulnerabilities of Apple iOS.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-5754

Intel Processors: memory reading via Meltdown

Synthesis of the vulnerability

When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, Cisco ASR, Cisco Catalyst, Nexus by Cisco, NX-OS, Cisco Router, Cisco UCS, XenServer, Debian, Avamar, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, FortiAnalyzer, FortiGate, FortiManager, FortiOS, FreeBSD, Android OS, AIX, IBM i, QRadar SIEM, Juniper J-Series, Junos OS, Junos Space, NSMXpress, Linux, McAfee Email Gateway, McAfee NSM, McAfee NTBA, McAfee Web Gateway, Meinberg NTP Server, Edge, IE, SQL Server, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, OpenBSD, openSUSE Leap, Oracle Communications, pfSense, RealPresence Collaboration Server, RealPresence Distributed Media Application, RealPresence Resource Manager, RHEL, SIMATIC, Slackware, Sonus SBC, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, Xen.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/01/2018.
Revision date: 05/01/2018.
Identifiers: 2016636, 519675, ADV180002, CERTFR-2018-ALE-001, CERTFR-2018-AVI-004, CERTFR-2018-AVI-005, CERTFR-2018-AVI-009, CERTFR-2018-AVI-012, CERTFR-2018-AVI-014, CERTFR-2018-AVI-017, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-049, CERTFR-2018-AVI-077, CERTFR-2018-AVI-079, CERTFR-2018-AVI-114, CERTFR-2018-AVI-124, CERTFR-2018-AVI-134, CERTFR-2018-AVI-208, CERTFR-2018-AVI-225, CERTFR-2019-AVI-242, cisco-sa-20180104-cpusidechannel, cpuapr2019, CTX231390, CTX231399, CTX234679, CVE-2017-5754, DLA-1232-1, DLA-1349-1, DSA-2018-049, DSA-4078-1, DSA-4082-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, FG-IR-18-002, FreeBSD-SA-18:03.speculative_execution, HT208331, HT208334, HT208394, HT208465, JSA10842, JSA10873, K91229003, MBGSA-1801, Meltdown, N1022433, nas8N1022433, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, openSUSE-SU-2018:0326-1, openSUSE-SU-2018:0459-1, openSUSE-SU-2018:1623-1, RHSA-2018:0007-01, RHSA-2018:0008-01, RHSA-2018:0009-01, RHSA-2018:0010-01, RHSA-2018:0011-01, RHSA-2018:0012-01, RHSA-2018:0013-01, RHSA-2018:0014-01, RHSA-2018:0015-01, RHSA-2018:0016-01, RHSA-2018:0017-01, RHSA-2018:0018-01, RHSA-2018:0020-01, RHSA-2018:0021-01, RHSA-2018:0022-01, RHSA-2018:0023-01, RHSA-2018:0024-01, RHSA-2018:0025-01, RHSA-2018:0026-01, RHSA-2018:0027-01, RHSA-2018:0028-01, RHSA-2018:0029-01, RHSA-2018:0030-01, RHSA-2018:0031-01, RHSA-2018:0032-01, RHSA-2018:0034-01, RHSA-2018:0035-01, RHSA-2018:0036-01, RHSA-2018:0037-01, RHSA-2018:0038-01, RHSA-2018:0039-01, RHSA-2018:0040-01, RHSA-2018:0053-01, RHSA-2018:0093-01, RHSA-2018:0094-01, RHSA-2018:0103-01, RHSA-2018:0104-01, RHSA-2018:0105-01, RHSA-2018:0106-01, RHSA-2018:0107-01, RHSA-2018:0108-01, RHSA-2018:0109-01, RHSA-2018:0110-01, RHSA-2018:0111-01, RHSA-2018:0112-01, RHSA-2018:0182-01, RHSA-2018:0292-01, RHSA-2018:0464-01, RHSA-2018:0496-01, RHSA-2018:0512-01, RHSA-2018:1129-01, RHSA-2018:1196-01, SA161, SB10226, spectre_meltdown_advisory, SSA-168644, SSA:2018-016-01, SSA:2018-037-01, STORM-2018-001, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0031-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0115-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0219-1, SUSE-SU-2018:0438-1, SUSE-SU-2018:0472-1, SUSE-SU-2018:0601-1, SUSE-SU-2018:0609-1, SUSE-SU-2018:0638-1, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, SUSE-SU-2018:1603-1, SUSE-SU-2018:1658-1, SUSE-SU-2018:1699-1, SUSE-SU-2018:2528-1, Synology-SA-18:01, USN-3516-1, USN-3522-1, USN-3522-2, USN-3522-3, USN-3522-4, USN-3523-1, USN-3523-2, USN-3523-3, USN-3524-1, USN-3524-2, USN-3525-1, USN-3540-1, USN-3540-2, USN-3541-1, USN-3541-2, USN-3583-1, USN-3583-2, USN-3597-1, USN-3597-2, VIGILANCE-VUL-24933, VMSA-2018-0007, VN-2018-001, VN-2018-002, VU#584653, XSA-254.

Description of the vulnerability

When the system uses an Intel processor, a local attacker can access to the kernel memory, in order to read sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about iPhone: