Vulnerability Details : CVE-2017-2370
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-2370
Probability of exploitation activity in the next 30 days: 0.57%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-2370
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-2370
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2370
-
https://support.apple.com/HT207487
About the security content of watchOS 3.1.3 - Apple SupportVendor Advisory
-
https://www.exploit-db.com/exploits/41163/
Apple macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory CorruptionExploit;Third Party Advisory;VDB Entry
-
https://support.apple.com/HT207482
About the security content of iOS 10.2.1 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/95731
Apple iOS/macOS/tvOS/watchOS Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://support.apple.com/HT207485
About the security content of tvOS 10.1.1 - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1037668
Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Deny Service, and Gain Elevated Privileges and Let Remote and Local Users Bypass Security ResThird Party Advisory;VDB Entry
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1004
1004 - iOS/MacOS kernel memory corruption due to userspace pointer being used as a length - project-zero - MonorailExploit;Issue Tracking;Third Party Advisory
-
https://support.apple.com/HT207483
About the security content of macOS Sierra 10.12.3 - Apple SupportVendor Advisory
Products affected by CVE-2017-2370
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*