Vulnerability CVE-2017-2391
Published: 2017-04-01   Modified: 2017-04-02

Description:
An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Apple -> Keynote 
Apple -> Pages 
Apple -> Numbers 

 References:
http://www.securityfocus.com/bid/97126
http://www.securitytracker.com/id/1038134
http://www.securitytracker.com/id/1038135
http://www.securitytracker.com/id/1038136
https://support.apple.com/HT207595
Copyright 2024, cxsecurity.com

 

Back to Top