Vulnerability Description
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | < 10.13.2 |
References
- http://www.securityfocus.com/bid/102099Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039966Third Party AdvisoryVDB Entry
- https://support.apple.com/HT208331Vendor Advisory
- http://www.securityfocus.com/bid/102099Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039966Third Party AdvisoryVDB Entry
- https://support.apple.com/HT208331Vendor Advisory
FAQ
What is CVE-2017-13871?
CVE-2017-13871 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/M...
How severe is CVE-2017-13871?
CVE-2017-13871 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13871?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.