Back to KEVs

CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 01, 2016
Published Date
April 02, 2017
Last Updated
August 05, 2024
Vendor
Apple
Product
iOS
Description
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
Tags
ios

CVSS Scores

CVSS v3.0

7.5 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2017-04-02 01:36:00 UTC) Source

References

https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/ http://www.securitytracker.com/id/1038139 http://www.securityfocus.com/bid/97138 https://support.apple.com/HT207617

Known Exploited Vulnerability Information

Source Added Date
CVE 2017-04-02 01:36:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel