CVE-2017-13848: Input Validation
Published Dec 6, 2017
·Updated
IOKit. An input validation issue existed in the kernel. This issue was addressed through improved input validation.
Other sources
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
Credit
Alex Plaskett(MWR InfoSecurity), an anonymous researcher
Affected Software
4 affected componentsFixes available
Apple macOS High Sierra<10.13.2
10.13.2
Apple Sierra
Apple El Capitan
Apple iOS and macOS<10.13.2
Event History
Dec 25, 2017
CVE Published
via MITRE·09:00 PM
Data Sourced
via MITRE·09:00 PM
Description
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2017-13887
- CVE-2017-9798
- CVE-2017-13905
- CVE-2017-7172
- CVE-2017-13892
- CVE-2017-7171
- CVE-2017-7151
- CVE-2017-1000254
- CVE-2017-13872
- CVE-2017-15422
- CVE-2017-13883
- CVE-2017-7163
- CVE-2017-7155
- CVE-2017-13878
- CVE-2017-13875
- CVE-2017-7159
- CVE-2017-13848
- CVE-2017-13858
- CVE-2017-13847
- CVE-2017-7162
- CVE-2017-13904
- CVE-2017-5754
- CVE-2017-13862
- CVE-2017-13867
- CVE-2017-7173
- CVE-2017-13876
- CVE-2017-13855
- CVE-2017-13865
- CVE-2017-13868
- CVE-2017-13869
- CVE-2017-7154
- CVE-2017-13871
- CVE-2017-13860
- CVE-2017-3735
- CVE-2017-12837
- CVE-2017-7158
- CVE-2017-13911
- CVE-2017-13886
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2017-13848.
2
What is the severity of CVE-2017-13848?
The severity of CVE-2017-13848 is critical.
3
Which Apple products are affected by CVE-2017-13848?
macOS before 10.13.2 is affected by CVE-2017-13848.
4
How can an attacker exploit CVE-2017-13848?
An attacker can exploit CVE-2017-13848 by executing arbitrary code in a privileged context via a crafted app.
5
Is there a fix available for CVE-2017-13848?
Yes, a fix for CVE-2017-13848 is available. Users should update to macOS 10.13.2 or later.