Input validation error in macOS - CVE-2017-13851
Published: April 3, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU37323
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-13851
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a local authenticated user to gain access to sensitive information.
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
How to mitigate CVE-2017-13851
Install update from vendor's website.