← back
CVE-2017-13861

CVE-2017-13861

EPSS 14.9%
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 14.9%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
11 Dec 2017Public PoC
25 Dec 2017Published on NVD
15 Mar 2018Metasploit module available
Weaponization speed
79 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.