Back to KEVs

CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 01, 2016
Published Date
April 02, 2017
Last Updated
May 09, 2026
Vendor
Apple
Product
iOS
Description
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
Tags
ios

CVSS Scores

CVSS v3.1

3.3 - LOW

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVSS v3.0

7.5 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

SSVC Information

Exploitation
none
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2017-04-02 01:36:00 UTC) Source

References

https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/ http://www.securitytracker.com/id/1038139 http://www.securityfocus.com/bid/97138 https://support.apple.com/HT207617

Known Exploited Vulnerability Information

Source Added Date
CVE 2017-04-02 01:36:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel