CVE-2017-2423

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.

Published : 2017-04-02 01:59 Updated : 2019-10-03 00:03

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Apple Iphone Os 10.2.1 cpe:/o:apple:iphone_os:10.2.1
Apple Mac Os X 10.12.3 cpe:/o:apple:mac_os_x:10.12.3
  1. Apple (2) Search CVE
    1. Iphone Os (1) Search CVE
      1. 10.2.1
    2. Mac Os X (1) Search CVE
      1. 10.12.3

CWE

ID Name Description Links
CWE-347 Improper Verification of Cryptographic Signature The software does not verify, or incorrectly verifies, the cryptographic signature for data. CVE

History of changes

Date Event
2019-10-03 00:03
2017-07-12 05:31
2017-04-02 01:59

New CVE