CVE-2017-7112
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: product-security@apple.com — https://support.apple.com/HT208115
Vendor advisory: product-security@apple.com — https://support.apple.com/HT208113
Vendor advisory: product-security@apple.com — https://support.apple.com/HT208112
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | affected | |
References
- http://www.securityfocus.com/bid/100927
- http://www.securitytracker.com/id/1039385
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1314
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- http://www.securityfocus.com/bid/100927
- http://www.securitytracker.com/id/1039385
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1314
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.