Vulnerability Details : CVE-2017-2524
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-2524
Probability of exploitation activity in the next 30 days: 7.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-2524
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-2524
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2524
-
https://support.apple.com/HT207797
About the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite - Apple SupportVendor Advisory
-
https://support.apple.com/HT207801
About the security content of tvOS 10.2.1 - Apple SupportVendor Advisory
-
https://support.apple.com/HT207798
About the security content of iOS 10.3.2 - Apple SupportVendor Advisory
-
https://support.apple.com/HT207800
About the security content of watchOS 3.2.2 - Apple SupportVendor Advisory
-
http://www.securityfocus.com/bid/98468
Apple iOS/WatchOS/tvOS/macOS Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038484
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Authentication Credentials and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated PrivilegesThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42051/
Apple macOS/iOS - 'TIKeyboardLayout initWithCoder:' NSKeyedArchiver Heap Corruption Due to Rounding ErrorExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2017-2524
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*