First published: Mon Sep 25 2017(Updated: )
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.
Credit: John Villamil Doyensec John Villamil Doyensec product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Mac OS X | <=10.13.0 | |
Apple macOS High Sierra | <10.13.1 | 10.13.1 |
Apple Sierra | ||
Apple El Capitan | ||
Apple macOS High Sierra | <10.13 | 10.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-13820 is a memory corruption vulnerability that affects certain versions of macOS High Sierra and allows remote attackers to obtain sensitive information or cause a denial of service.
CVE-2017-13820 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) on macOS High Sierra.
This vulnerability can be exploited by remote attackers through a crafted font, which can lead to memory corruption and the exposure of sensitive information on the affected system.
CVE-2017-13820 has a severity rating of 7.1 (high).
Yes, it is recommended to update macOS High Sierra to version 10.13.1 or later to mitigate the vulnerability.