Authentication bypass in Apple iOS - CVE-2017-2498
Published: May 16, 2017
Vulnerability identifier: #VU6577
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2498
CWE-ID: CWE-592
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
Apple iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists due to an unspecified certificate validation error in the Security component. A remote attacker can send a specially crafted certificate and bypass authentication to access the system.
Successful exploitation of the vulnerability may result in conducting of further attacks.
The weakness exists due to an unspecified certificate validation error in the Security component. A remote attacker can send a specially crafted certificate and bypass authentication to access the system.
Successful exploitation of the vulnerability may result in conducting of further attacks.
How to mitigate CVE-2017-2498
Update to version 10.3.2.