CVE-2017-13862: Buffer Overflow

Q: What is CVE-2017-13862?

CVE-2017-13862 is a memory corruption issue in certain Apple products, including iOS, macOS, tvOS, and watchOS.

Q: Which versions of iOS are affected by CVE-2017-13862?

iOS versions before 11.2 are affected by CVE-2017-13862.

Q: Which versions of macOS are affected by CVE-2017-13862?

macOS versions before 10.13.2 are affected by CVE-2017-13862.

Q: How can an attacker exploit CVE-2017-13862?

An attacker can exploit CVE-2017-13862 to execute arbitrary code in a privileged context or cause a denial-of-service condition.

Q: What is the severity of CVE-2017-13862?

CVE-2017-13862 has a severity rating of 7.8 (critical).

Published Dec 2, 2017

Updated

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Other sources

Kernel. A memory corruption issue was addressed with improved memory handling.

Credit

Apple, Ian Beer(Google Project Zero)

Affected Software

10 affected componentsFixes available

Apple tvOS<11.2

11.2

Apple macOS High Sierra<10.13.2

10.13.2

Apple Sierra

Apple El Capitan

Apple WatchOS<4.2

4.2

Apple iOS<11.2

11.2

Apple iPhone OS<11.2

Apple iOS and macOS<10.13.2

Apple tvOS<11.2

Apple WatchOS<4.2

Event History

Dec 25, 2017

CVE Published

via MITRE·09:00 PM

Data Sourced

via MITRE·09:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2017-13862?

CVE-2017-13862 is a memory corruption issue in certain Apple products, including iOS, macOS, tvOS, and watchOS.

Which versions of iOS are affected by CVE-2017-13862?