CVE-2017-2490

HIGH

iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution or Denial of Service in Kernel

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2490. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a double-free vulnerability in the macOS kernel's fsevents driver due to a race condition in the FSEVENTS_DEVICE_FILTER_64 ioctl handler. The PoC spawns multiple threads to trigger the race, leading to a kernel use-after-free condition.

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · clocalmultiple
https://www.exploit-db.com/exploits/41804

This exploit demonstrates a double-free vulnerability in the macOS kernel's fsevents driver due to a race condition in the FSEVENTS_DEVICE_FILTER_64 ioctl handler. The PoC spawns multiple threads to trigger the race, leading to a kernel use-after-free condition.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: macOS kernel (tested on 10.12.3)
Auth required
Prerequisites: Root or wheel group access · Access to /dev/fsevents
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97301
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41804/
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207601
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207615
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207602
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207617

Scores

CVSS v3 7.8
EPSS 0.0418
EPSS Percentile 89.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
apple/iphone_os < 10.2.1
apple/mac_os_x < 10.12.3
apple/tvos < 10.1.1
apple/watchos < 3.1.3
Published Apr 02, 2017
Tracked Since Feb 18, 2026