CVE-2017-13873: Infoleak
First published: Tue Sep 19 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
Credit: Xiaokuan Zhang Yinqian Zhang The Ohio State UniversityXueqiang Wang XiaoFeng Wang Indiana University Bloomington Xiaolong Bai Tsinghua UniversityXiaokuan Zhang Yinqian Zhang The Ohio State UniversityXueqiang Wang XiaoFeng Wang Indiana University Bloomington Xiaolong Bai Tsinghua UniversityXiaokuan Zhang Yinqian Zhang The Ohio State UniversityXueqiang Wang XiaoFeng Wang Indiana University Bloomington Xiaolong Bai Tsinghua UniversityXiaokuan Zhang Yinqian Zhang The Ohio State UniversityXueqiang Wang XiaoFeng Wang Indiana University Bloomington Xiaolong Bai Tsinghua University product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <11 | 11 |
| Apple tvOS | <11 | 11 |
| Apple iPhone OS | <11.0 | |
| Apple Mac OS X | <10.13 | |
| Apple tvOS | <11.0 | |
| Apple watchOS | <4.0 | |
| Apple watchOS | <4 | 4 |
| Apple macOS High Sierra | <10.13 | 10.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT208112 (Advisory)
- https://support.apple.com/en-us/HT208113 (Advisory)
- https://support.apple.com/en-us/HT208115 (Advisory)
- https://support.apple.com/en-us/HT208144 (Advisory)
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-13832
- CVE-2016-0736
- CVE-2016-2161
- CVE-2016-5387
- CVE-2016-8740
- CVE-2016-8743
- CVE-2017-13909
- CVE-2017-13809
- CVE-2017-7084
- CVE-2017-7074
- CVE-2017-13820
- CVE-2017-13807
- CVE-2017-7143
- CVE-2017-13829
- CVE-2017-13833
- CVE-2017-7083
- CVE-2017-13821
- CVE-2017-0381
- CVE-2017-13825
- CVE-2017-13890
- CVE-2017-13851
- CVE-2017-7138
- CVE-2017-7121
- CVE-2017-7122
- CVE-2017-7123
- CVE-2017-7124
- CVE-2017-7125
- CVE-2017-7126
- CVE-2017-13815
- CVE-2017-13828
- CVE-2017-13811
- CVE-2017-13835
- CVE-2017-11103
- CVE-2017-13819
- CVE-2017-13830
- CVE-2017-13814
- CVE-2017-13831
- CVE-2017-13837
- CVE-2017-13906
- CVE-2017-7077
- CVE-2017-7119
- CVE-2017-7114
- CVE-2017-13810
- CVE-2017-13817
- CVE-2017-13818
- CVE-2017-13836
- CVE-2017-13841
- CVE-2017-13840
- CVE-2017-13842
- CVE-2017-13782
- CVE-2017-13843
- CVE-2017-13854
- CVE-2017-13834
- CVE-2017-13873
- CVE-2017-13827
- CVE-2017-13813
- CVE-2017-13816
- CVE-2017-13812
- CVE-2016-4736
- CVE-2017-7086
- CVE-2017-1000373
- CVE-2016-9063
- CVE-2017-9233
- CVE-2018-4302
- CVE-2017-5130
- CVE-2017-7376
- CVE-2017-9050
- CVE-2017-9049
- CVE-2017-7141
- CVE-2017-7078
- CVE-2017-6451
- CVE-2017-6452
- CVE-2017-6455
- CVE-2017-6458
- CVE-2017-6459
- CVE-2017-6460
- CVE-2017-6462
- CVE-2017-6463
- CVE-2017-6464
- CVE-2016-9042
- CVE-2017-13824
- CVE-2017-13846
- CVE-2017-10140
- CVE-2017-13822
- CVE-2017-7132
- CVE-2017-13823
- CVE-2017-13808
- CVE-2017-13838
- CVE-2017-7082
- CVE-2017-7080
- CVE-2017-13908
- CVE-2017-13839
- CVE-2017-13910
- CVE-2017-10989
- CVE-2017-7128
- CVE-2017-7129
- CVE-2017-7130
- CVE-2017-7127
- CVE-2016-9840
- CVE-2016-9841
- CVE-2016-9842
- CVE-2016-9843
- CVE-2017-7103
- CVE-2017-7105
- CVE-2017-7108
- CVE-2017-7110
- CVE-2017-7112
- CVE-2017-7116
- CVE-2017-7081
- CVE-2017-7087
- CVE-2017-7091
- CVE-2017-7092
- CVE-2017-7093
- CVE-2017-7094
- CVE-2017-7095
- CVE-2017-7096
- CVE-2017-7098
- CVE-2017-7099
- CVE-2017-7100
- CVE-2017-7102
- CVE-2017-7104
- CVE-2017-7107
- CVE-2017-7111
- CVE-2017-7117
- CVE-2017-7120
- CVE-2017-7090
- CVE-2017-7109
- CVE-2017-11120
- CVE-2017-11121
- CVE-2017-7115
- CVE-2017-11122
- CVE-2017-13863
- CVE-2017-7131
- CVE-2017-7088
- CVE-2017-7072
- CVE-2017-7140
- CVE-2017-7148
- CVE-2017-7097
- CVE-2017-7118
- CVE-2017-7133
- CVE-2017-7075
- CVE-2017-7139
- CVE-2017-13806
- CVE-2017-7085
- CVE-2017-13877
- CVE-2017-7146
- CVE-2017-6211
- CVE-2017-7145
- CVE-2017-7089
- CVE-2017-7106
- CVE-2017-7144
- CVE-2017-7142
Frequently Asked Questions
What is CVE-2017-13873?
CVE-2017-13873 is a vulnerability in certain Apple products that allows attackers to obtain sensitive network-activity information about arbitrary apps.
Which Apple products are affected by CVE-2017-13873?
iOS before version 11, macOS before version 10.13, tvOS before version 11, and watchOS before version 4 are affected by CVE-2017-13873.
What is the severity of CVE-2017-13873?
CVE-2017-13873 has a severity keyword of 'medium' and a severity value of 4.3.
How can I fix CVE-2017-13873?
To fix CVE-2017-13873, update your Apple product to the latest version of iOS, macOS, tvOS, or watchOS, depending on the affected product.
Where can I find more information about CVE-2017-13873?
You can find more information about CVE-2017-13873 on the Apple support website: [https://support.apple.com/HT208112](https://support.apple.com/HT208112), [https://support.apple.com/HT208113](https://support.apple.com/HT208113), [https://support.apple.com/HT208115](https://support.apple.com/HT208115).
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple macos high sierra
- canonical/apple watchos
- canonical/apple iphone os
- canonical/apple mac os x
- canonical/apple tvos
- canonical/apple ios