Vulnerability Description
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone Os | <= 10.2.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97138Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038139
- https://support.apple.com/HT207617Vendor Advisory
- https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/Press/Media CoverageThird Party Advisory
- http://www.securityfocus.com/bid/97138Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038139
- https://support.apple.com/HT207617Vendor Advisory
- https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/Press/Media CoverageThird Party Advisory
FAQ
What is CVE-2017-2404?
CVE-2017-2404 is a vulnerability with a CVSS score of 3.3 (LOW). An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary number...
How severe is CVE-2017-2404?
CVE-2017-2404 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2404?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.