CVE-2017-13861: Buffer Overflow
IOSurface. A memory corruption issue was addressed with improved memory handling.
Other sources
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Credit
Affected Software
Event History
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2017-7164
- CVE-2017-13905
- CVE-2017-7172
- CVE-2017-7171
- CVE-2017-7151
- CVE-2017-7162
- CVE-2017-13861
- CVE-2017-13904
- CVE-2017-5754
- CVE-2017-13862
- CVE-2017-13867
- CVE-2017-13876
- CVE-2017-7173
- CVE-2017-13855
- CVE-2017-13865
- CVE-2017-13868
- CVE-2017-13869
- CVE-2017-7154
- CVE-2017-13885
- CVE-2017-7165
- CVE-2017-13884
- CVE-2017-7153
- CVE-2017-7156
- CVE-2017-7157
- CVE-2017-13856
- CVE-2017-13870
- CVE-2017-7160
- CVE-2017-13866
- CVE-2017-13080
- CVE-2017-13880
- CVE-2017-2411
- CVE-2017-13847
- CVE-2017-13879
- CVE-2017-13874
- CVE-2017-13860
- CVE-2017-7152
- CVE-2017-13888
- CVE-2017-13891
Frequently Asked Questions
What is CVE-2017-13861?
CVE-2017-13861 is a memory corruption issue in the IOSurface component of certain Apple products.
Which Apple products are affected by CVE-2017-13861?
iOS before 11.2, tvOS before 11.2, and watchOS before 4.2 are affected by CVE-2017-13861.
What is the severity of CVE-2017-13861?
CVE-2017-13861 has a severity rating of 7.8 (critical).
How can an attacker exploit CVE-2017-13861?
An attacker can exploit CVE-2017-13861 to execute arbitrary code in a privileged context or cause a denial of service by exploiting the memory corruption issue in the IOSurface component.
Are there any patches available for CVE-2017-13861?
Yes, updating to iOS 11.2, tvOS 11.2, or watchOS 4.2 will address the memory corruption issue and fix CVE-2017-13861.