What is CVE-2017-13890?

CVE-2017-13890 is a vulnerability in certain Apple products, specifically macOS before 10.13.4 and macOS before 10.13, that allows remote attackers to trigger disk-image mounting via a crafted web site.

How does CVE-2017-13890 affect Apple products?

CVE-2017-13890 affects certain Apple products, including macOS High Sierra before 10.13.4 and macOS High Sierra before 10.13, allowing remote attackers to trigger disk-image mounting.

What is the severity of CVE-2017-13890?

CVE-2017-13890 has a severity rating of 7.4 (high).

How can I fix the CVE-2017-13890 vulnerability?

To fix the CVE-2017-13890 vulnerability, update your macOS to version 10.13.4 or later.

Where can I find more information about CVE-2017-13890?

You can find more information about CVE-2017-13890 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/103579), [SecurityTracker](http://www.securitytracker.com/id/1040608), [Apple Support](https://support.apple.com/HT208144).

Vulnerability/
CVE-2017-13890

high

7.4

CWE

25/9/2017

3/4/2018

5/8/2024

CVE-2017-13890: Input Validation

First published: Mon Sep 25 2017(Updated: )

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site.

Credit: Apple Theodor Ragnar Gislason SyndisApple Theodor Ragnar Gislason Syndis product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Mac OS X	<10.13.4
Apple macOS High Sierra	<10.13.4	10.13.4
Apple Sierra
Apple El Capitan
Apple macOS High Sierra	<10.13	10.13

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2017-13832
CVE-2016-0736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-13909
CVE-2017-13809
CVE-2017-7084
CVE-2017-7074
CVE-2017-13820
CVE-2017-13807
CVE-2017-7143
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-13821
CVE-2017-0381
CVE-2017-13825
CVE-2017-13890
CVE-2017-13851
CVE-2017-7138
CVE-2017-7121
CVE-2017-7122
CVE-2017-7123
CVE-2017-7124
CVE-2017-7125
CVE-2017-7126
CVE-2017-13815
CVE-2017-13828
CVE-2017-13811
CVE-2017-13835
CVE-2017-11103
CVE-2017-13819
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13837
CVE-2017-13906
CVE-2017-7077
CVE-2017-7119
CVE-2017-7114
CVE-2017-13810
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13827
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2016-4736
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2018-4302
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-9049
CVE-2017-7141
CVE-2017-7078
CVE-2017-6451
CVE-2017-6452
CVE-2017-6455
CVE-2017-6458
CVE-2017-6459
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2016-9042
CVE-2017-13824
CVE-2017-13846
CVE-2017-10140
CVE-2017-13822
CVE-2017-7132
CVE-2017-13823
CVE-2017-13808
CVE-2017-13838
CVE-2017-7082
CVE-2017-7080
CVE-2017-13908
CVE-2017-13839
CVE-2017-13910
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2018-4170
CVE-2018-4105
CVE-2018-4112
CVE-2018-4166
CVE-2018-4155
CVE-2018-4158
CVE-2018-4142
CVE-2017-8816
CVE-2018-4176
CVE-2018-4108
CVE-2017-13080
CVE-2018-4167
CVE-2018-4151
CVE-2018-4132
CVE-2018-4135
CVE-2018-4150
CVE-2018-4104
CVE-2018-4143
CVE-2018-4136
CVE-2018-4160
CVE-2018-4185
CVE-2018-4139
CVE-2018-4175
CVE-2017-15412
CVE-2018-4187
CVE-2018-4179
CVE-2018-4111
CVE-2018-4174
CVE-2018-4152
CVE-2017-7151
CVE-2018-4138
CVE-2018-4107
CVE-2018-4156
CVE-2018-4157
CVE-2018-4298
CVE-2018-4144
CVE-2017-13911
CVE-2018-4173
CVE-2018-4154
CVE-2018-4115
CVE-2018-4106
CVE-2018-4131

Frequently Asked Questions

What is CVE-2017-13890?
CVE-2017-13890 is a vulnerability in certain Apple products, specifically macOS before 10.13.4 and macOS before 10.13, that allows remote attackers to trigger disk-image mounting via a crafted web site.
How does CVE-2017-13890 affect Apple products?
CVE-2017-13890 affects certain Apple products, including macOS High Sierra before 10.13.4 and macOS High Sierra before 10.13, allowing remote attackers to trigger disk-image mounting.
What is the severity of CVE-2017-13890?
CVE-2017-13890 has a severity rating of 7.4 (high).
How can I fix the CVE-2017-13890 vulnerability?
To fix the CVE-2017-13890 vulnerability, update your macOS to version 10.13.4 or later.
Where can I find more information about CVE-2017-13890?
You can find more information about CVE-2017-13890 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/103579), [SecurityTracker](http://www.securitytracker.com/id/1040608), [Apple Support](https://support.apple.com/HT208144).

collector/nvd-index
collector/apple-support
agent/type
agent/softwarecombine
agent/first-publish-date
agent/software-canonical-lookup-request
agent/weakness
agent/references
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/tags
agent/trending
vendor/apple
canonical/apple mac os x
canonical/apple macos high sierra
canonical/apple sierra
canonical/apple el capitan