CVE-2017-13873Sensitive Information Exposure in Apple Iphone OS

CWE-200Sensitive Information Exposure6 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple Iphone OSApple MAC OS XApple Tvos+4 more
Timeline
PublishedApr 3
Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

NVDapple/tvos< 11.0
NVDapple/watchos< 4.0
NVDapple/mac_os_x< 10.13
Appleapple/tvos11

🔴Vulnerability Details

1
GHSA
GHSA-whh7-rf6p-rj9g: An issue was discovered in certain Apple products2022-05-14

📋Vendor Advisories

4
Apple
CVE-2017-13873: macOS High Sierra 10.132017-09-25
Apple
CVE-2017-13873: watchOS 42017-09-19
Apple
CVE-2017-13873: iOS 112017-09-19
Apple
CVE-2017-13873: tvOS 112017-09-19