CVE-2017-6974 - Vulnerability Details - OpenCVE

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X

Configuration 1 [-]

cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97140
http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207615

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2017-04-02T01:36:00

Updated: 2024-08-05T15:49:01.982Z

Reserved: 2017-03-17T00:00:00

Link: CVE-2017-6974

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-04-02T01:59:04.107

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-6974

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the \"System Integrity Protection\" component. It allows attackers to modify the contents of a protected disk location via a crafted app."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "97140", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97140"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT207615"}, {"name": "1038138", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038138"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2017-6974", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the \"System Integrity Protection\" component. It allows attackers to modify the contents of a protected disk location via a crafted app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "97140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97140"}, {"name": "https://support.apple.com/HT207615", "refsource": "CONFIRM", "url": "https://support.apple.com/HT207615"}, {"name": "1038138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038138"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:49:01.982Z"}, "title": "CVE Program Container", "references": [{"name": "97140", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97140"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT207615"}, {"name": "1038138", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038138"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2017-6974", "datePublished": "2017-04-02T01:36:00", "dateReserved": "2017-03-17T00:00:00", "dateUpdated": "2024-08-05T15:49:01.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "FFFA2874-DB3D-4784-840E-1D191D8F2F0B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the \"System Integrity Protection\" component. It allows attackers to modify the contents of a protected disk location via a crafted app."}, {"lang": "es", "value": "Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.4 est\u00e1 afectado. El problema involucra el subsistema de instalaci\u00f3n del sistema del componente \"System Integrity Protection\". Esto permite a atacantes modificar los contenidos de una ubicaci\u00f3n protegida del disco a trav\u00e9s de una aplicaci\u00f3n manipulada."}], "id": "CVE-2017-6974", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T01:59:04.107", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97140"}, {"source": "product-security@apple.com", "url": "http://www.securitytracker.com/id/1038138"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT207615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/HT207615"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}