CVE-2017-2448: Infoleak
First published: Mon Mar 27 2017(Updated: )
Keychain. In certain circumstances, iCloud Keychain failed to validate the authenticity of OTR packets. This issue was addressed through improved validation.
Credit: Alex Radocea Longterm Security Inc product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <10.3 | 10.3 |
| iOS | <=10.2.1 | |
| Apple iOS and macOS | <=10.12.3 | |
| tvOS | <=10.1.1 | |
| Apple iOS, iPadOS, and watchOS | <=3.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-2397
- CVE-2017-2430
- CVE-2017-2462
- CVE-2017-2379
- CVE-2017-2417
- CVE-2017-2444
- CVE-2017-2435
- CVE-2017-2450
- CVE-2017-2461
- CVE-2017-2414
- CVE-2017-2487
- CVE-2017-2406
- CVE-2017-2407
- CVE-2017-2439
- CVE-2017-2434
- CVE-2017-2428
- CVE-2017-2416
- CVE-2017-2432
- CVE-2017-2467
- CVE-2016-3619
- CVE-2017-2412
- CVE-2017-2491
- CVE-2017-2492
- CVE-2017-2398
- CVE-2017-2401
- CVE-2017-2440
- CVE-2017-2456
- CVE-2017-2472
- CVE-2017-2473
- CVE-2017-2474
- CVE-2017-2478
- CVE-2017-2482
- CVE-2017-2483
- CVE-2017-2490
- CVE-2017-2458
- CVE-2017-2448
- CVE-2017-2390
- CVE-2017-2441
- CVE-2017-5029
- CVE-2017-2399
- CVE-2017-2484
- CVE-2017-2380
- CVE-2017-2404
- CVE-2017-2376
- CVE-2017-2384
- CVE-2017-2389
- CVE-2017-2453
- CVE-2017-2393
- CVE-2017-2400
- CVE-2017-6976
- CVE-2017-2423
- CVE-2017-2451
- CVE-2017-2485
- CVE-2017-2452
- CVE-2017-2378
- CVE-2017-2486
- CVE-2017-2386
- CVE-2017-2394
- CVE-2017-2396
- CVE-2016-9642
- CVE-2017-2395
- CVE-2017-2454
- CVE-2017-2455
- CVE-2017-2457
- CVE-2017-2459
- CVE-2017-2460
- CVE-2017-2464
- CVE-2017-2465
- CVE-2017-2466
- CVE-2017-2468
- CVE-2017-2469
- CVE-2017-2470
- CVE-2017-2476
- CVE-2017-2481
- CVE-2017-2415
- CVE-2017-2419
- CVE-2016-9643
- CVE-2017-2424
- CVE-2017-2433
- CVE-2017-2364
- CVE-2017-2367
- CVE-2017-2445
- CVE-2017-2446
- CVE-2017-2447
- CVE-2017-2463
- CVE-2017-2471
- CVE-2017-2475
- CVE-2017-2479
- CVE-2017-2480
- CVE-2017-2493
- CVE-2017-2442
- CVE-2017-2377
- CVE-2017-2405
Frequently Asked Questions
What is the severity of CVE-2017-2448?
CVE-2017-2448 has been classified as a high severity vulnerability affecting keychain authentication in certain Apple products.
How do I fix CVE-2017-2448?
To remediate CVE-2017-2448, users should update their devices to iOS version 10.3, macOS version 10.12.4, tvOS version 10.2, or the latest available version.
Which Apple products are affected by CVE-2017-2448?
CVE-2017-2448 affects iOS devices prior to version 10.3, macOS systems prior to 10.12.4, tvOS devices prior to version 10.2, and watchOS devices prior to version 3.2.
What type of vulnerability is CVE-2017-2448?
CVE-2017-2448 is a cryptographic vulnerability related to improper validation of OTR packet authenticity in Apple's keychain.
When was CVE-2017-2448 publicly disclosed?
CVE-2017-2448 was publicly disclosed in March 2017 as part of Apple's security updates.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios, ipados, and watchos
- canonical/ios
- version/ios/10.2.1
- canonical/apple ios and macos
- version/apple ios and macos/10.12.3
- canonical/tvos
- version/tvos/10.1.1
- version/apple ios, ipados, and watchos/3.1.3