CVE-2017-2361 Apple CVE debrief

Who should care

MacOS administrators, security teams managing Apple fleets, and users or support teams responsible for systems still running macOS 10.12.2 or earlier should care most. Any environment that allows unpatched or legacy Macs to browse the web or open Help Viewer content has relevant exposure.

Technical summary

NVD classifies the weakness as CWE-79 (cross-site scripting). The published CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network reachability, no privileges required, user interaction required, and limited confidentiality/integrity impact with no availability impact. The affected CPE scope in NVD is macOS versions up to and including 10.12.2; Apple addresses the issue in macOS 10.12.3.

Defensive priority

Medium priority for systems that remain on affected macOS versions. The issue is user-interaction dependent and limited in impact, but it is remotely reachable through a crafted website and should be remediated on any still-supported or legacy Mac fleet.

Recommended defensive actions

• Upgrade affected Macs to macOS 10.12.3 or later, consistent with Apple's advisory and the NVD affected-version range.
• Inventory any Macs still running macOS 10.12.2 or earlier and prioritize them for remediation or isolation.
• Treat unexpected or suspicious web content as higher risk on legacy systems until they are updated.
• If a system cannot be upgraded immediately, restrict its web exposure and limit use on untrusted websites until it is remediated.

Evidence notes

The NVD record for CVE-2017-2361 identifies Apple macOS before 10.12.3 as affected, with vulnerability in the Help Viewer component and CWE-79 as the weakness class. The CVSS vector shows network-based attack, user interaction required, and low confidentiality/integrity impact. Apple's linked vendor advisory is provided in the source corpus as support.apple.com/HT207483.

Official resources