Vulnerability Details : CVE-2017-7150
An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.
Exploit prediction scoring system (EPSS) score for CVE-2017-7150
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 18 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-7150
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-7150
-
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7150
-
https://support.apple.com/HT208165
About the security content of macOS High Sierra 10.13 Supplemental Update - Apple SupportVendor Advisory
-
http://www.securitytracker.com/id/1039430
Apple macOS/OS X Unspecified Flaw Lets Local Users View Keychain Passwords - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/101177
Apple macOS CVE-2017-7150 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-7150
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*