Lucene search

[email protected]CVE-2017-6979

HistoryMay 22, 2017 - 5:29 a.m.

CVE-2017-6979

2017-05-2205:29:02

CWE-362

[email protected]

web.nvd.nist.gov

cve-2017-6979

apple

iosurface

race condition

arbitrary code execution

security vulnerability

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “IOSurface” component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

Affected configurations

NVD

Node

appleiphone_osRange≤10.3.1

applemac_os_xRange≤10.12.4

appletvosRange≤10.2

applewatchosRange≤3.2

VendorProductVersionCPE
applewatchoscpe:/o:apple:watchos::::
appleiphone_oscpe:/o:apple:iphone_os::::
appletvoscpe:/o:apple:tvos::::
applemac_os_xcpe:/o:apple:mac_os_x::::