First published: Mon Sep 25 2017(Updated: )
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.
Credit: product-security@apple.com Andreas Nilsson
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Mac OS X | >=10.0<10.13 | |
Apple macOS High Sierra | <10.13 | 10.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2017-13909.
The severity of CVE-2017-13909 is medium with a severity value of 5.5.
The impact of CVE-2017-13909 is that a local attacker may gain access to iCloud authentication tokens.
CVE-2017-13909 was fixed by placing the tokens in Keychain in macOS High Sierra 10.13.
You can find more information about CVE-2017-13909 at the following reference: https://support.apple.com/en-us/HT208144