Bypassing Access Restrictions in Apple's Security Component

Bypassing Access Restrictions in Apple's Security Component

CVE-2017-2423 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature.

Learn more about our Cis Benchmark Audit For Apple Ios.