Vulnerability Description
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 10.2.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97138Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038139
- https://support.apple.com/HT207617Vendor Advisory
- http://www.securityfocus.com/bid/97138Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038139
- https://support.apple.com/HT207617Vendor Advisory
FAQ
What is CVE-2017-2399?
CVE-2017-2399 is a vulnerability with a CVSS score of 4.6 (MEDIUM). An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by levera...
How severe is CVE-2017-2399?
CVE-2017-2399 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2399?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.