CVE-2017-7173: Infoleak

Q: What is CVE-2017-7173?

CVE-2017-7173 is a vulnerability in certain Apple products that allows attackers to bypass memory-read restrictions via a crafted app.

Q: Which Apple products are affected by CVE-2017-7173?

macOS before 10.13.2, macOS High Sierra up to version 10.13.2, Sierra, El Capitan, watchOS up to version 4.2, iOS up to version 11.2, and tvOS up to version 11.2 are affected by CVE-2017-7173.

Q: How severe is CVE-2017-7173?

CVE-2017-7173 has a severity rating of 5.5, which is considered medium.

Q: How can I fix CVE-2017-7173?

To fix CVE-2017-7173, update your affected Apple products to the latest versions.

Q: Where can I find more information about CVE-2017-7173?

You can find more information about CVE-2017-7173 on Apple's official support page: [link](https://support.apple.com/HT208331).

Published Dec 2, 2017

Updated

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Other sources

Kernel. An out-of-bounds read was addressed with improved bounds checking.

Credit

Brandon Azad

Affected Software

7 affected componentsFixes available

Apple tvOS<11.2

11.2

Apple macOS High Sierra<10.13.2

10.13.2

Apple Sierra

Apple El Capitan

Apple WatchOS<4.2

4.2

Apple iOS and macOS<10.13.2

Apple iOS<11.2

11.2

Event History

Apr 3, 2018

CVE Published

via MITRE·06:00 AM

Data Sourced

via MITRE·06:00 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2017-7173?

CVE-2017-7173 is a vulnerability in certain Apple products that allows attackers to bypass memory-read restrictions via a crafted app.

Which Apple products are affected by CVE-2017-7173?