CVE-2017-2404
published 2017-04-02CVE-2017-2404: An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to…
PriorityP271low3.3CVSS 3.1
AVLACLPRNUIRSUCNINAL
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.44%
69.8th percentile
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 10.2.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Inspect PDF documents for embedded tel: scheme URIs, which may be used to silently trigger phone calls on unpatched iOS devices without user confirmation. ↗
- →Flag PDF files delivered remotely that contain tel: hyperlinks — particularly those rendered via the iOS Quick Look component — as potentially malicious. ↗
- →This vulnerability was actively exploited in the wild as of October 2016; treat any iOS device below 10.3 rendering PDFs with tel: links as a high-priority incident. ↗
- ·The vulnerable component is iOS Quick Look's handling of tel: URLs in PDFs. The fix adds a confirmation prompt; detection should focus on pre-patch (iOS < 10.3) devices or PDF delivery vectors that bypass user interaction. ↗
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v4vc-g9wm-7cc9: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-13
CVE-2017-2404 [HIGH] GHSA-v4vc-g9wm-7cc9: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
VulnCheck
Apple iOS before 10.3 "Quick Look" Call Trigger
vulncheck·2017·CVSS 7.5
CVE-2017-2404 [HIGH] Apple iOS before 10.3 "Quick Look" Call Trigger
Apple iOS before 10.3 "Quick Look" Call Trigger
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
Affected: Apple iphone_os
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2017-2404; https://www.cve.org/CVERecord?id=CVE-2017-2404
Apple
CVE-2017-2404: iOS 10.3
vendor_apple·2017-03-27·CVSS 7.5
CVE-2017-2404 [HIGH] CVE-2017-2404: iOS 10.3
Apple Security Update: About the security content of iOS 10.3
Product: iOS
Version: 10.3
CVE: CVE-2017-2404
Component: Quick Look
Impact: Tapping a tel link in a PDF document could trigger a call without prompting the user
Description: An issue existed when checking the tel URL before initiating calls. This issue was addressed with the addition of a confirmation prompt.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97138http://www.securitytracker.com/id/1038139https://support.apple.com/HT207617https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/http://www.securityfocus.com/bid/97138http://www.securitytracker.com/id/1038139https://support.apple.com/HT207617https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
2017-04-02
Published
Exploited in the wild