CVE-2017-7010Out-of-bounds Read in Apple Icloud

CWE-125Out-of-bounds ReadCWE-287Improper Authentication9 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 45.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IcloudApple Iphone OSApple Itunes+2 more
Timeline
PublishedJul 20
Latest updateMay 14

Description

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDapple/tvos10.2.1
NVDapple/icloud6.2.1
NVDapple/itunes12.6.1
NVDapple/mac_os_x10.12.5
NVDapple/iphone_os10.3.2

🔴Vulnerability Details

2
GHSA
GHSA-fcqh-cxff-w7qc: An issue was discovered in certain Apple products2022-05-14
CVEList
CVE-2017-7010: An issue was discovered in certain Apple products2017-07-20

📋Vendor Advisories

6
Citrix
CVE-2017-14602: A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 b2017-09-26
Apple
CVE-2017-7010: macOS Sierra 10.12.6, Security Update 2017-003 El Capitan, and Security Update 2017-003 Yosemite2017-07-19
Apple
CVE-2017-7010: iOS 10.3.32017-07-19
Apple
CVE-2017-7010: iTunes 12.6.2 for Windows2017-07-19
Apple
CVE-2017-7010: iCloud for Windows 6.2.22017-07-19
CVE-2017-7010 — Out-of-bounds Read in Apple Icloud | cvebase