CVE-2017-2404
3.3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
- http://www.securitytracker.com/id/1038139
- http://www.securityfocus.com/bid/97138
- https://support.apple.com/HT207617
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/
- http://www.securitytracker.com/id/1038139
- http://www.securityfocus.com/bid/97138
- https://support.apple.com/HT207617
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.