CVE-2017-2474
First published: Mon Mar 27 2017(Updated: )
Kernel. An off-by-one issue was addressed through improved bounds checking.
Credit: Ian Beer Google Project Zero product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS, iPadOS, and watchOS | <10.3 | 10.3 |
| iOS | <=10.2.1 | |
| Apple iOS and macOS | <=10.12.3 | |
| tvOS | <=10.1.1 | |
| Apple iOS, iPadOS, and watchOS | <=3.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT207617 (Advisory)
- http://www.securityfocus.com/bid/97137
- http://www.securitytracker.com/id/1038138
- https://support.apple.com/HT207601
- https://support.apple.com/HT207602
- https://support.apple.com/HT207615
- https://support.apple.com/HT207617
- https://www.exploit-db.com/exploits/41793/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-2397
- CVE-2017-2430
- CVE-2017-2462
- CVE-2017-2379
- CVE-2017-2417
- CVE-2017-2444
- CVE-2017-2435
- CVE-2017-2450
- CVE-2017-2461
- CVE-2017-2414
- CVE-2017-2487
- CVE-2017-2406
- CVE-2017-2407
- CVE-2017-2439
- CVE-2017-2434
- CVE-2017-2428
- CVE-2017-2416
- CVE-2017-2432
- CVE-2017-2467
- CVE-2016-3619
- CVE-2017-2412
- CVE-2017-2491
- CVE-2017-2492
- CVE-2017-2398
- CVE-2017-2401
- CVE-2017-2440
- CVE-2017-2456
- CVE-2017-2472
- CVE-2017-2473
- CVE-2017-2474
- CVE-2017-2478
- CVE-2017-2482
- CVE-2017-2483
- CVE-2017-2490
- CVE-2017-2458
- CVE-2017-2448
- CVE-2017-2390
- CVE-2017-2441
- CVE-2017-5029
- CVE-2017-2399
- CVE-2017-2484
- CVE-2017-2380
- CVE-2017-2404
- CVE-2017-2376
- CVE-2017-2384
- CVE-2017-2389
- CVE-2017-2453
- CVE-2017-2393
- CVE-2017-2400
- CVE-2017-6976
- CVE-2017-2423
- CVE-2017-2451
- CVE-2017-2485
- CVE-2017-2452
- CVE-2017-2378
- CVE-2017-2486
- CVE-2017-2386
- CVE-2017-2394
- CVE-2017-2396
- CVE-2016-9642
- CVE-2017-2395
- CVE-2017-2454
- CVE-2017-2455
- CVE-2017-2457
- CVE-2017-2459
- CVE-2017-2460
- CVE-2017-2464
- CVE-2017-2465
- CVE-2017-2466
- CVE-2017-2468
- CVE-2017-2469
- CVE-2017-2470
- CVE-2017-2476
- CVE-2017-2481
- CVE-2017-2415
- CVE-2017-2419
- CVE-2016-9643
- CVE-2017-2424
- CVE-2017-2433
- CVE-2017-2364
- CVE-2017-2367
- CVE-2017-2445
- CVE-2017-2446
- CVE-2017-2447
- CVE-2017-2463
- CVE-2017-2471
- CVE-2017-2475
- CVE-2017-2479
- CVE-2017-2480
- CVE-2017-2493
- CVE-2017-2442
- CVE-2017-2377
- CVE-2017-2405
Frequently Asked Questions
What is the severity of CVE-2017-2474?
CVE-2017-2474 has a high severity rating due to an off-by-one error that can lead to security vulnerabilities.
How do I fix CVE-2017-2474?
To fix CVE-2017-2474, update affected Apple devices to iOS version 10.3 or later, macOS version 10.12.4 or later, tvOS version 10.2 or later, and watchOS version 3.2 or later.
Which Apple products are affected by CVE-2017-2474?
CVE-2017-2474 affects iOS versions prior to 10.3, macOS versions prior to 10.12.4, tvOS versions prior to 10.2, and watchOS versions prior to 3.2.
Is CVE-2017-2474 a local or remote vulnerability?
CVE-2017-2474 is considered a local vulnerability, as it requires local access to exploit.
What component is involved in CVE-2017-2474?
CVE-2017-2474 involves the Kernel component of affected Apple operating systems.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple ios, ipados, and watchos
- canonical/ios
- version/ios/10.2.1
- canonical/apple ios and macos
- version/apple ios and macos/10.12.3
- canonical/tvos
- version/tvos/10.1.1
- version/apple ios, ipados, and watchos/3.1.3