What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2017-13909.

What is the severity of CVE-2017-13909?

The severity of CVE-2017-13909 is medium with a severity value of 5.5.

What is the impact of CVE-2017-13909?

The impact of CVE-2017-13909 is that a local attacker may gain access to iCloud authentication tokens.

How was CVE-2017-13909 fixed?

CVE-2017-13909 was fixed by placing the tokens in Keychain in macOS High Sierra 10.13.

Where can I find more information about CVE-2017-13909?

You can find more information about CVE-2017-13909 at the following reference: https://support.apple.com/en-us/HT208144

Vulnerability/
CVE-2017-13909

medium

5.5

CWE

922

25/9/2017

23/12/2021

5/8/2024

CVE-2017-13909

First published: Mon Sep 25 2017(Updated: )

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

Credit: product-security@apple.com Andreas Nilsson

Affected Software	Affected Version	How to fix
Apple Mac OS X	>=10.0<10.13
Apple macOS High Sierra	<10.13	10.13

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT208144 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

HT208144

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2017-13832
CVE-2016-0736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-13909
CVE-2017-13809
CVE-2017-7084
CVE-2017-7074
CVE-2017-13820
CVE-2017-13807
CVE-2017-7143
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-13821
CVE-2017-0381
CVE-2017-13825
CVE-2017-13890
CVE-2017-13851
CVE-2017-7138
CVE-2017-7121
CVE-2017-7122
CVE-2017-7123
CVE-2017-7124
CVE-2017-7125
CVE-2017-7126
CVE-2017-13815
CVE-2017-13828
CVE-2017-13811
CVE-2017-13835
CVE-2017-11103
CVE-2017-13819
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13837
CVE-2017-13906
CVE-2017-7077
CVE-2017-7119
CVE-2017-7114
CVE-2017-13810
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13827
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2016-4736
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2018-4302
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-9049
CVE-2017-7141
CVE-2017-7078
CVE-2017-6451
CVE-2017-6452
CVE-2017-6455
CVE-2017-6458
CVE-2017-6459
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2016-9042
CVE-2017-13824
CVE-2017-13846
CVE-2017-10140
CVE-2017-13822
CVE-2017-7132
CVE-2017-13823
CVE-2017-13808
CVE-2017-13838
CVE-2017-7082
CVE-2017-7080
CVE-2017-13908
CVE-2017-13839
CVE-2017-13910
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-13909.
What is the severity of CVE-2017-13909?
The severity of CVE-2017-13909 is medium with a severity value of 5.5.
What is the impact of CVE-2017-13909?
The impact of CVE-2017-13909 is that a local attacker may gain access to iCloud authentication tokens.
How was CVE-2017-13909 fixed?
CVE-2017-13909 was fixed by placing the tokens in Keychain in macOS High Sierra 10.13.
Where can I find more information about CVE-2017-13909?
You can find more information about CVE-2017-13909 at the following reference: https://support.apple.com/en-us/HT208144

collector/nvd-index
collector/apple-support
agent/references
agent/severity
agent/author
agent/weakness
agent/tags
agent/event
agent/type
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple mac os x
version/apple mac os x/10.0
canonical/apple macos high sierra