PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-2370 Apple CVE debrief

CVE-2017-2370 is an Apple Kernel buffer overflow issue that can let a crafted app trigger arbitrary code execution in a privileged context or cause a denial of service. The public record says it affects iOS before 10.2.1, macOS before 10.12.3, tvOS before 10.1.1, and watchOS before 3.1.3. The NVD record classifies the weakness as CWE-119 and gives it a CVSS 3.0 score of 7.8 (HIGH).

Vendor
Apple
Product
CVE-2017-2370
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-20
Original CVE updated
2026-05-13
Advisory published
2017-02-20
Advisory updated
2026-05-13

Who should care

Security teams responsible for Apple device patching, endpoint managers, and organizations that still operate any affected iOS, macOS, tvOS, or watchOS versions. This is especially relevant where managed devices can run third-party or user-installed apps.

Technical summary

NVD describes the issue as a Kernel component buffer overflow reachable via a crafted app. The reported impact includes arbitrary code execution in a privileged context and denial of service. The CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack conditions, no privileges required, and user interaction required. The weakness is mapped to CWE-119.

Defensive priority

High. Prioritize remediation on any Apple devices still below the fixed versions because the issue affects the kernel and can lead to privileged code execution. The attack is not listed as KEV in the supplied data, but the impact is severe enough to treat as urgent for any exposed or legacy fleet.

Recommended defensive actions

  • Upgrade iOS to 10.2.1 or later, macOS to 10.12.3 or later, tvOS to 10.1.1 or later, and watchOS to 3.1.3 or later.
  • Inventory managed Apple devices to identify any systems still running versions below the fixed thresholds.
  • Confirm patch compliance in MDM or endpoint management tooling and remove or isolate devices that cannot be updated.
  • Review app installation and distribution controls on managed devices to reduce exposure to crafted or untrusted apps.

Evidence notes

All substantive claims are drawn from the supplied NVD record and its referenced Apple advisories. The source corpus provides the CVE published date of 2017-02-20 and NVD modified date of 2026-05-13, along with affected version ceilings, CVSS 3.0 vector, and CWE-119 mapping. The corpus lists Apple support advisories, but their page contents were not supplied here, so this debrief avoids asserting advisory-specific remediation text beyond the version thresholds present in NVD. No exploit details were used from the third-party links.

Official resources

Publicly disclosed on 2017-02-20. The supplied NVD record was later modified on 2026-05-13. The vulnerability is not marked as a KEV entry in the provided data.