Vulnerability Description
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | < 11.2 |
| Apple | Mac Os X | < 10.13.2 |
References
- http://www.securityfocus.com/bid/102097Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039953Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039966Third Party AdvisoryVDB Entry
- https://support.apple.com/HT208331Vendor Advisory
- https://support.apple.com/HT208334Vendor Advisory
- http://www.securityfocus.com/bid/102097Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039953Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039966Third Party AdvisoryVDB Entry
- https://support.apple.com/HT208331Vendor Advisory
- https://support.apple.com/HT208334Vendor Advisory
FAQ
What is CVE-2017-13860?
CVE-2017-13860 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers ...
How severe is CVE-2017-13860?
CVE-2017-13860 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13860?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X.