5.5
CVSSv3

CVE-2017-13855

Published: 25/12/2017 Updated: 21/11/2024

Vulnerability Summary

An issue exists in certain Apple products. iOS prior to 11.2 is affected. macOS prior to 10.13.2 is affected. tvOS prior to 11.2 is affected. watchOS prior to 4.2 is affected. The issue involves the "Kernel" component. It allows malicious users to bypass intended memory-read restrictions via a crafted app that triggers type confusion.

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple mac os x

apple tvos

apple watchos

Exploits

/* Source: bugschromiumorg/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt() [edited; original report said "setsockopt"] is called on any socket with level SOL_SOCKET and optname SO_NECP_ATTRIBUTES, necp_get_socket_attributes is invoked necp_get_socket_attributes() unconditionally calls sotoinpcb(so): errno_t ne ...
macOS suffers from an so_pcb type confusion vulnerability in necp_get_socket_attributes ...