CVE-2017-7172

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "CFNetwork Session" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Published: Apr 3, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-7172
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
apple / iphone_os	-	11.2
apple / mac_os_x	-	10.13.2
apple / watchos	-	4.2
apple / tvos	-	11.2
apple / icloud	-	7.2
apple / itunes	-	12.7.2

https://support.apple.com/HT208325
https://support.apple.com/HT208326
https://support.apple.com/HT208327
https://support.apple.com/HT208328
https://support.apple.com/HT208331
https://support.apple.com/HT208334

Vulnerability Database

290,278

CVE-2017-7172