CVE-2017-13847: Buffer Overflow

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2017-13847.

Q: What is the severity of CVE-2017-13847?

The severity of CVE-2017-13847 is critical (7.8).

Q: Which Apple products are affected by CVE-2017-13847?

iOS before 11.2 and macOS before 10.13.2 are affected by CVE-2017-13847.

Q: What is the risk associated with CVE-2017-13847?

CVE-2017-13847 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption).

Q: Are there any fixes available for CVE-2017-13847?

Yes, updating to iOS 11.2 or macOS 10.13.2 can fix CVE-2017-13847.

Published Dec 2, 2017

Updated

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Other sources

IOKit. Multiple memory corruption issues were addressed through improved state management.

Credit

Ian Beer(Google Project Zero)

Affected Software

6 affected componentsFixes available

Apple macOS High Sierra<10.13.2

10.13.2

Apple Sierra

Apple El Capitan

Apple iOS<11.2

11.2

Apple iPhone OS<11.2

Apple iOS and macOS<10.13.2

Event History

Dec 25, 2017

CVE Published

via MITRE·09:00 PM

Data Sourced

via MITRE·09:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2017-13847.

What is the severity of CVE-2017-13847?