Risk | Low |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-7150 |
CWE-ID | CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
macOS Operating systems & Components / Operating system |
Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU14318
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-7150
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to conduct Synthetic Mouse-Click attacks.
The weakness exists due to two consecutive synthetic mouse “down” events were incorrectly interpreted by High Sierra as a manual approval. A local attacker can leverage vulnerabilities in third-party kernel extensions to bypass Apple’s kernel code-signing requirements, virtually “click” a security prompt and load a malicious kernel extension to compromise the vulnerable system.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsmacOS: 10.13 17A365
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.