What is the vulnerability ID?

The vulnerability ID is CVE-2017-13821.

Which products are affected by CVE-2017-13821?

macOS High Sierra before version 10.13.1, Sierra, El Capitan, iOS before version 11, Mac OS X before version 10.13.1, and watchOS before version 4 are all affected.

What is the severity of CVE-2017-13821?

The severity of CVE-2017-13821 is medium with a CVSS score of 5.5.

How can an attacker exploit CVE-2017-13821?

An attacker can exploit CVE-2017-13821 by bypassing intended memory-read restrictions via a crafted app.

Is there a fix available for CVE-2017-13821?

Yes, Apple has released a fix for CVE-2017-13821. Users should update to macOS 10.13.1 or higher, iOS 11 or higher, or watchOS 4 or higher.

Vulnerability/
CVE-2017-13821

medium

5.5

CWE

200

19/9/2017

13/11/2017

5/8/2024

CVE-2017-13821: Infoleak

First published: Tue Sep 19 2017(Updated: )

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Credit: Australian Cyber Security Centre – Australian Signals Directorate Australian Cyber Security Centre – Australian Signals Directorate Australian Cyber Security Centre – Australian Signals Directorate Australian Cyber Security Centre – Australian Signals Directorate product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Mac OS X	<=10.13.0
Apple macOS High Sierra	<10.13.1	10.13.1
Apple Sierra
Apple El Capitan
Apple watchOS	<4	4
Apple iOS	<11	11
Apple macOS High Sierra	<10.13	10.13

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT208112 (Advisory)
https://support.apple.com/en-us/HT208115 (Advisory)
https://support.apple.com/en-us/HT208144 (Advisory)
https://support.apple.com/en-us/HT208221 (Advisory)
http://www.securitytracker.com/id/1039710
https://support.apple.com/HT208221

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2017-13832
CVE-2016-0736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-13909
CVE-2017-13809
CVE-2017-7084
CVE-2017-7074
CVE-2017-13820
CVE-2017-13807
CVE-2017-7143
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-13821
CVE-2017-0381
CVE-2017-13825
CVE-2017-13890
CVE-2017-13851
CVE-2017-7138
CVE-2017-7121
CVE-2017-7122
CVE-2017-7123
CVE-2017-7124
CVE-2017-7125
CVE-2017-7126
CVE-2017-13815
CVE-2017-13828
CVE-2017-13811
CVE-2017-13835
CVE-2017-11103
CVE-2017-13819
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13837
CVE-2017-13906
CVE-2017-7077
CVE-2017-7119
CVE-2017-7114
CVE-2017-13810
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13827
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2016-4736
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2018-4302
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-9049
CVE-2017-7141
CVE-2017-7078
CVE-2017-6451
CVE-2017-6452
CVE-2017-6455
CVE-2017-6458
CVE-2017-6459
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2016-9042
CVE-2017-13824
CVE-2017-13846
CVE-2017-10140
CVE-2017-13822
CVE-2017-7132
CVE-2017-13823
CVE-2017-13808
CVE-2017-13838
CVE-2017-7082
CVE-2017-7080
CVE-2017-13908
CVE-2017-13839
CVE-2017-13910
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7116
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789
CVE-2017-13786
CVE-2017-13800
CVE-2017-1000100
CVE-2017-1000101
CVE-2017-13801
CVE-2017-13799
CVE-2017-13852
CVE-2017-5969
CVE-2018-4390
CVE-2018-4391
CVE-2017-13907
CVE-2017-7170
CVE-2017-7150
CVE-2017-13804
CVE-2017-11108
CVE-2017-11541
CVE-2017-11542
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
CVE-2017-13863
CVE-2017-7131
CVE-2017-7088
CVE-2017-7072
CVE-2017-7140
CVE-2017-7148
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7075
CVE-2017-7139
CVE-2017-13806
CVE-2017-7085
CVE-2017-13877
CVE-2017-7146
CVE-2017-6211
CVE-2017-7145
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7089
CVE-2017-7090
CVE-2017-7106
CVE-2017-7109
CVE-2017-7144
CVE-2017-7142
CVE-2017-11120
CVE-2017-11121
CVE-2017-7115
CVE-2017-11122

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2017-13821.
Which products are affected by CVE-2017-13821?
macOS High Sierra before version 10.13.1, Sierra, El Capitan, iOS before version 11, Mac OS X before version 10.13.1, and watchOS before version 4 are all affected.
What is the severity of CVE-2017-13821?
The severity of CVE-2017-13821 is medium with a CVSS score of 5.5.
How can an attacker exploit CVE-2017-13821?
An attacker can exploit CVE-2017-13821 by bypassing intended memory-read restrictions via a crafted app.
Is there a fix available for CVE-2017-13821?
Yes, Apple has released a fix for CVE-2017-13821. Users should update to macOS 10.13.1 or higher, iOS 11 or higher, or watchOS 4 or higher.

collector/nvd-index
collector/apple-support
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/software-canonical-lookup-request
agent/references
agent/event
agent/weakness
agent/severity
agent/author
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple mac os x
version/apple mac os x/10.13.0
canonical/apple macos high sierra
canonical/apple watchos
canonical/apple sierra
canonical/apple el capitan
canonical/apple ios