CVE-2017-7172

EUVD-2017-16210

03.04.2018, 06:29

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
apple	iphone_os	𝑥 < 11.2
apple	mac_os_x	𝑥 < 10.13.2
apple	tvos	𝑥 < 11.2
apple	watchos	𝑥 < 4.2
apple	icloud	𝑥 < 7.2
apple	itunes	𝑥 < 12.7.2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://support.apple.com/HT208325

https://support.apple.com/HT208326

https://support.apple.com/HT208327

https://support.apple.com/HT208328

https://support.apple.com/HT208331

https://support.apple.com/HT208334

https://support.apple.com/HT208325

https://support.apple.com/HT208326

https://support.apple.com/HT208327

https://support.apple.com/HT208328

https://support.apple.com/HT208331

https://support.apple.com/HT208334