7.6

CVE-2017-2456

Exploit
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPhone OS Version <= 10.2.1
ApplemacOS X Version <= 10.12.3
AppletvOS Version <= 10.1.1
ApplewatchOS Version <= 3.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.24% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207615
Vendor Advisory
https://support.apple.com/HT207601
Vendor Advisory
https://support.apple.com/HT207617
Vendor Advisory
http://www.securityfocus.com/bid/97137
Third Party Advisory
VDB Entry
https://support.apple.com/HT207602
Vendor Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1083
Third Party Advisory
Exploit
https://www.exploit-db.com/exploits/41778/