CVE-2017-7074: Input Validation

Q: What is CVE-2017-7074?

CVE-2017-7074 is a vulnerability in certain Apple products that allows attackers to cause a denial of service through the 'AppSandbox' component.

Q: Which Apple products are affected by CVE-2017-7074?

macOS before 10.13 (High Sierra) is affected by CVE-2017-7074.

Q: How can attackers exploit CVE-2017-7074?

Attackers can exploit CVE-2017-7074 by using a crafted app to cause a denial of service.

Q: What is the severity of CVE-2017-7074?

CVE-2017-7074 has a severity score of 5.5, which is considered medium.

Q: How can I protect myself from CVE-2017-7074?

To protect yourself from CVE-2017-7074, update your macOS to version 10.13 (High Sierra) or later.

Published Sep 25, 2017

Updated

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app.

Other sources

AppSandbox. Multiple denial of service issues were addressed through improved memory handling.

Credit

Daniel Jalkut(Red Sweater Software)

Affected Software

2 affected componentsFixes available

Apple macOS High Sierra<10.13

10.13

Apple iOS and macOS<=10.12.6

Event History

Oct 23, 2017

CVE Published

via MITRE·01:00 AM

Data Sourced

via MITRE·01:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

HT208144

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2017-13832
CVE-2016-0736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-13909
CVE-2017-13809
CVE-2017-7084
CVE-2017-7074
CVE-2017-13820
CVE-2017-13807
CVE-2017-7143
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-13821
CVE-2017-0381
CVE-2017-13825
CVE-2017-13890
CVE-2017-13851
CVE-2017-7138
CVE-2017-7121
CVE-2017-7122
CVE-2017-7123
CVE-2017-7124
CVE-2017-7125
CVE-2017-7126
CVE-2017-13815
CVE-2017-13828
CVE-2017-13811
CVE-2017-13835
CVE-2017-11103
CVE-2017-13819
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13837
CVE-2017-13906
CVE-2017-7077
CVE-2017-7119
CVE-2017-7114
CVE-2017-13810
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13827
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2016-4736
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2018-4302
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-9049
CVE-2017-7141
CVE-2017-7078
CVE-2017-6451
CVE-2017-6452
CVE-2017-6455
CVE-2017-6458
CVE-2017-6459
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2016-9042
CVE-2017-13824
CVE-2017-13846
CVE-2017-10140
CVE-2017-13822
CVE-2017-7132
CVE-2017-13823
CVE-2017-13808
CVE-2017-13838
CVE-2017-7082
CVE-2017-7080
CVE-2017-13908
CVE-2017-13839
CVE-2017-13910
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Frequently Asked Questions

What is CVE-2017-7074?

CVE-2017-7074 is a vulnerability in certain Apple products that allows attackers to cause a denial of service through the 'AppSandbox' component.

Which Apple products are affected by CVE-2017-7074?