CVE-2017-13903 — Apple Iphone OS vulnerability

4 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple Tvos Apple IOS

Timeline

PublishedDec 25

Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDapple/tvos< 11.2.1

▶Appleapple/tvos11.2.1

▶NVDapple/iphone_os< 11.2.1

▶Appleapple/ios11.2.1

🔴Vulnerability Details

GHSA

GHSA-993q-h4jf-wm55: An issue was discovered in certain Apple products↗2022-05-13

▶

📋Vendor Advisories

Apple

CVE-2017-13903: iOS 11.2.1↗2017-12-13

▶

Apple

CVE-2017-13903: tvOS 11.2.1↗2017-12-13

▶