Vulnerability Details : CVE-2017-2489
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2017-2489
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-2489
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-2489
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2489
-
https://support.apple.com/HT207615
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple SupportVendor Advisory
-
https://www.exploit-db.com/exploits/41798/
Apple macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability
-
http://www.securityfocus.com/bid/97300
Apple macOS CVE-2017-2489 Information Disclosure Vulnerability
Products affected by CVE-2017-2489
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*