CVE-2017-2399

MEDIUM

Apple iOS <10.3 - Info Disclosure

Title source: llm

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97138

[Vendor Advisory] https://support.apple.com/HT207617

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038139

Scores

CVSS v3 4.6

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-326

Status published

Affected Products (2)

apple/iphone_os < 10.2.1

n/a/n/a

Timeline

Published Apr 02, 2017

Tracked Since Feb 18, 2026