Published: 22/05/2017 Updated: 08/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. macOS prior to 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote malicious users to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book

The Register • Shaun Nichols in San Francisco • 16 May 2017

Seven Apple updates, because it's not like you had anything else to patch today

Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants. The updates, numbering seven in total, include fixes for security vulnerabilities in the Safari browser and WebKit engine. For iPhone and iPad, Apple has kicked out iOS 10.3.2. The update addresses a total of 41 CVE-listed vulnerabilities in the mobile OS, with 23 of those being flaws in WebK...

CVE-2017-6988

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect