vulnerability

OS X update for Apple Account Settings (CVE-2017-13909)

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 19, 2018

Added

Oct 19, 2018

Modified

Mar 27, 2026

Description

An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

Solution

apple-osx-upgrade-10_13

References

CVE-2017-13909
https://attackerkb.com/topics/CVE-2017-13909
CWE-922
EUVD-EUVD-2017-5424
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-5424
https://support.apple.com/kb/HT208144

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report