Information disclosure in macOS - CVE-2017-13839
Published: April 3, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU37322
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-13839
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
How to mitigate CVE-2017-13839
Install update from vendor's website.