Published: 23/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

An issue exists in certain Apple products. macOS prior to 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows malicious users to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box

The Register • Thomas Claburn in San Francisco • 05 Oct 2017

High Sierra update derided by devs as half-baked

Video Apple on Thursday released a security patch for macOS High Sierra 10.13 to address vulnerabilities in Apple File System (APFS) volumes and its Keychain software. Matheus Mariano, a developer with Brazil-based Leet Tech, documented the APFS flaw in a blog post a week ago, and it has since been reproduced by another programmer, Felix Schwartz. The bug (CVE-2017-7149) undoes the protection afforded to encrypted volumes under the new Apple File System (APFS). The problem becomes apparent when ...

CVE-2017-7150

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect