CVE-2017-2353 Apple CVE debrief

Who should care

macOS users and administrators running 10.12.2 or earlier, especially environments that allow users to install or run untrusted apps. Security teams managing Apple desktop fleets should prioritize this if legacy systems remain in service.

Technical summary

NVD classifies the weakness as CWE-416 (use-after-free) in the Bluetooth component. The attack path is local and requires user interaction (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerable range in the record is macOS up to and including 10.12.2, with Apple’s security update documentation pointing to remediation in 10.12.3.

Defensive priority

High for any exposed or still-supported macOS 10.12.2 and earlier systems; otherwise primarily a legacy-system risk. Because the issue can result in code execution with privileged impact, patching should be treated as urgent where applicable.

Recommended defensive actions

• Update affected Macs to macOS 10.12.3 or later using Apple's security guidance (HT207483).
• Inventory fleet versions and confirm no endpoints remain on macOS 10.12.2 or earlier.
• Restrict execution of untrusted or unnecessary applications, especially on systems that cannot be upgraded immediately.
• Prefer standard-user operation over administrator use to reduce the impact of local attacks.
• Review for unexpected Bluetooth-related crashes or instability on legacy systems while remediation is underway.

Evidence notes

The CVE record published on 2017-02-20 states macOS before 10.12.3 is affected and identifies the Bluetooth component. NVD maps the issue to CWE-416 and gives the CVSS v3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, supporting a local, user-interaction-required threat model. Apple’s support link HT207483 is the official remediation reference in the source corpus. The later modified date (2026-05-13) is a record update timestamp and should not be treated as the issue date.

Official resources