First published: Sat Dec 02 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
Credit: Michael Weishaar INNEO Solutions GmbHMichael Weishaar INNEO Solutions GmbH product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPhone OS | <11.2 | |
Apple Mac OS X | <10.13.2 | |
Apple iOS | <11.2 | 11.2 |
Apple macOS High Sierra | <10.13.2 | 10.13.2 |
Apple Sierra | ||
Apple El Capitan |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-13860 is a vulnerability that exists in certain Apple products, specifically iOS before 11.2 and macOS before 10.13.2, which allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption in the "Mail Drafts" component.
CVE-2017-13860 has a severity rating of 5.9 (medium).
iOS versions before 11.2 and macOS versions before 10.13.2 are affected by CVE-2017-13860.
To mitigate CVE-2017-13860, it is recommended to update to iOS 11.2 or later and macOS 10.13.2 or later, as these versions address the issue.
You can find more information about CVE-2017-13860 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/102097) and [SecurityTracker](http://www.securitytracker.com/id/1039953) and [SecurityTracker](http://www.securitytracker.com/id/1039966).