Vulnerability: Profile Uninstall Actions Bypass in macOS 10.12.4 and earlier

Vulnerability: Profile Uninstall Actions Bypass in macOS 10.12.4 and earlier

CVE-2017-2402 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of profile uninstall actions in the "MCX Client" component when a profile has multiple payloads. It allows remote attackers to bypass intended access restrictions by leveraging Active Directory certificate trust that should not have remained.

Learn more about our Cis Benchmark Audit For Apple Macos.