CVE-2017-2357 Apple CVE debrief

Who should care

macOS administrators, endpoint security teams, and users running macOS 10.12.2 or earlier should care most. Systems that allow untrusted local apps or have weaker application controls are the most relevant exposure points.

Technical summary

NVD maps this issue to CWE-200 and lists the affected product as macOS up to and including 10.12.2. The CVSS v3.0 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) reflects a local attack that needs user interaction and results in limited confidentiality impact only.

Defensive priority

Low. This is an information disclosure issue, but it can still help attackers reduce uncertainty for follow-on activity. Patch legacy Macs promptly, especially if they cannot be upgraded through normal fleet management.

Recommended defensive actions

• Upgrade affected Macs to macOS 10.12.3 or later, consistent with the vendor advisory referenced by NVD.
• Inventory systems still running macOS 10.12.2 or earlier and prioritize them for remediation.
• Review endpoint application-control and software-installation practices to reduce exposure to untrusted local apps.
• Treat the issue as a kernel information leak and not as a code-execution vulnerability when setting response priority.
• Verify remediation against Apple’s advisory reference (HT207483) and NVD detail page for current status and affected-version scope.

Evidence notes

The debrief is based on the supplied NVD record and its referenced Apple advisory links. NVD states the issue affects macOS through version 10.12.2, involves IOAudioFamily, and can disclose sensitive kernel memory-layout information via a crafted app. The record also assigns CVSS v3.0 3.3/LOW and CWE-200.

Official resources