First published: Tue Oct 31 2017(Updated: )
Kernel. An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.
Credit: Xiaokuan Zhang Yinqian Zhang The Ohio State UniversityXueqiang Wang XiaoFeng Wang Indiana University Bloomington Xiaolong Bai Tsinghua University product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple macOS High Sierra | <10.13.1 | 10.13.1 |
Apple Sierra | ||
Apple El Capitan | ||
Apple iPhone OS | <11.1 | |
Apple Mac OS X | <10.13.1 | |
Apple tvOS | <11.1 | |
Apple watchOS | <4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-13852 is a vulnerability that affects certain Apple products, including iOS, macOS, tvOS, and watchOS.
CVE-2017-13852 allows attackers to monitor arbitrary apps by crafting a malicious app that accesses process information maintained by the operating system.
iOS before version 11.1, macOS before version 10.13.1, tvOS before version 11.1, and watchOS before version 4.1 are affected by CVE-2017-13852.
CVE-2017-13852 has a severity level of medium with a CVSS score of 3.3.
To fix CVE-2017-13852, update to the latest available version of iOS, macOS, tvOS, or watchOS depending on the affected product.