⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2017-2404Apple Iphone OS vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 22.00%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apple Iphone OSApple IOS
Timeline
PublishedApr 2
Latest updateMay 13

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapple/iphone_os10.2.1
Appleapple/ios10.3

🔴Vulnerability Details

2
GHSA
GHSA-v4vc-g9wm-7cc9: An issue was discovered in certain Apple products2022-05-13
VulnCheck
Apple iOS before 10.3 "Quick Look" Call Trigger2017

📋Vendor Advisories

1
Apple
CVE-2017-2404: iOS 10.32017-03-27