CVE-2017-13861high
Description
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
References
http://packetstormsecurity.com/files/153148/Safari-Webkit-Proxy-Object-Type-Confusion.html
http://www.securityfocus.com/bid/102134
http://www.securitytracker.com/id/1039952
http://www.securitytracker.com/id/1039953
https://support.apple.com/HT208325
https://support.apple.com/HT208327
Details
Source: MITRE
Published: 2017-12-25
Updated: 2019-06-02
Type: CWE-119
Risk Information
CVSS v2
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
CVSS v3
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH