Vulnerability Description
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | <= 10.12.3 |
References
- http://www.securityfocus.com/bid/97140Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038138
- https://support.apple.com/HT207615Vendor Advisory
- http://www.securityfocus.com/bid/97140Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038138
- https://support.apple.com/HT207615Vendor Advisory
FAQ
What is CVE-2017-2402?
CVE-2017-2402 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multip...
How severe is CVE-2017-2402?
CVE-2017-2402 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-2402?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.