CVE-2017-7112

high-risk

Published 2017-10-23

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

Do I need to act?

10.9% chance of exploitation in next 30 days

EPSS score — higher than 89% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Iphone Os

Tvos

Watchos

Affected Vendors

Apple

References (12)

Third Party Advisory http://www.securityfocus.com/bid/100927

Third Party Advisory http://www.securitytracker.com/id/1039385

Issue Tracking https://bugs.chromium.org/p/project-zero/issues/detail?id=1314

Vendor Advisory https://support.apple.com/HT208112

Vendor Advisory https://support.apple.com/HT208113

Vendor Advisory https://support.apple.com/HT208115

Third Party Advisory http://www.securityfocus.com/bid/100927

Third Party Advisory http://www.securitytracker.com/id/1039385

Issue Tracking https://bugs.chromium.org/p/project-zero/issues/detail?id=1314

Vendor Advisory https://support.apple.com/HT208112

Vendor Advisory https://support.apple.com/HT208113

Vendor Advisory https://support.apple.com/HT208115

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 9/34 · Low