CVE-2017-13861
high-risk
Published 2017-12-25
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Do I need to act?
!
68.5% chance of exploitation in next 30 days
EPSS score — higher than 32% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Vendors
References (16)
Third Party Advisory
http://www.securityfocus.com/bid/102134
Third Party Advisory
http://www.securitytracker.com/id/1039952
Third Party Advisory
http://www.securitytracker.com/id/1039953
Vendor Advisory
https://support.apple.com/HT208325
Vendor Advisory
https://support.apple.com/HT208327
Vendor Advisory
https://support.apple.com/HT208334
Third Party Advisory
https://www.exploit-db.com/exploits/43320/
Third Party Advisory
http://www.securityfocus.com/bid/102134
Third Party Advisory
http://www.securitytracker.com/id/1039952
Third Party Advisory
http://www.securitytracker.com/id/1039953
Vendor Advisory
https://support.apple.com/HT208325
Vendor Advisory
https://support.apple.com/HT208327
Vendor Advisory
https://support.apple.com/HT208334
Third Party Advisory
https://www.exploit-db.com/exploits/43320/
59
/ 100
high-risk
Severity
24/34 · High
Exploitability
26/34 · High
Exposure
9/34 · Low