#VU9561 Information disclosure in macOS - CVE-2017-13826

Cybersecurity Help s.r.o.

Published: 2017-12-07

Vulnerability identifier: #VU9561

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13826

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
macOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a permissions error in the Screen Sharing Server component. A remote attacker with screen sharing access can trigger a permissions error and read files with root privileges.

Mitigation
Update to version 10.13.2.

Vulnerable software versions

macOS: 10.12.6 16G29 - 10.13.1 17B48

External links
https://support.apple.com/en-us/HT208331

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Apple macOS/OS X