CVE-2017-13848: Input Validation

Reference Links

• https://support.apple.com/en-us/HT208331 (Advisory)
• http://www.securityfocus.com/bid/102099
• http://www.securitytracker.com/id/1039966
• https://support.apple.com/HT208331

Parent vulnerabilities

(Appears in the following advisories)

• HT208331

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2017-13887
• CVE-2017-9798
• CVE-2017-13905
• CVE-2017-7172
• CVE-2017-13892
• CVE-2017-7171
• CVE-2017-7151
• CVE-2017-1000254
• CVE-2017-13872
• CVE-2017-15422
• CVE-2017-13883
• CVE-2017-7163
• CVE-2017-7155
• CVE-2017-13878
• CVE-2017-13875
• CVE-2017-7159
• CVE-2017-13848
• CVE-2017-13858
• CVE-2017-13847
• CVE-2017-7162
• CVE-2017-13904
• CVE-2017-5754
• CVE-2017-13862
• CVE-2017-13867
• CVE-2017-7173
• CVE-2017-13876
• CVE-2017-13855
• CVE-2017-13865
• CVE-2017-13868
• CVE-2017-13869
• CVE-2017-7154
• CVE-2017-13871
• CVE-2017-13860
• CVE-2017-3735
• CVE-2017-12837
• CVE-2017-7158
• CVE-2017-13911
• CVE-2017-13886

Frequently Asked Questions

• What is the vulnerability ID?

  The vulnerability ID is CVE-2017-13848.

• What is the severity of CVE-2017-13848?

  The severity of CVE-2017-13848 is critical.

• Which Apple products are affected by CVE-2017-13848?

  macOS before 10.13.2 is affected by CVE-2017-13848.

• How can an attacker exploit CVE-2017-13848?

  An attacker can exploit CVE-2017-13848 by executing arbitrary code in a privileged context via a crafted app.

• Is there a fix available for CVE-2017-13848?

  Yes, a fix for CVE-2017-13848 is available. Users should update to macOS 10.13.2 or later.