CVE-2017-6995

HIGH

Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-6995. PoCs published by Zimperium zLabs Team.

AI-analyzed exploit summary ziVA is an iOS kernel exploit targeting AppleAVEDriver to achieve privilege escalation on 64-bit iOS devices running versions up to 10.3.1. It requires sandbox escape and device-specific offsets, leveraging vulnerabilities chained by Adam Donenfeld.

Description

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Zimperium zLabs Team · textlocalios

https://www.exploit-db.com/exploits/42555

View Code ZIP pw:eip

ziVA is an iOS kernel exploit targeting AppleAVEDriver to achieve privilege escalation on 64-bit iOS devices running versions up to 10.3.1. It requires sandbox escape and device-specific offsets, leveraging vulnerabilities chained by Adam Donenfeld.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Apple iOS <= 10.3.1

No auth needed

Prerequisites: Sandbox escape (e.g., mediaserverd context) · Device-specific offsets for AppleAVEDriver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1611 - Escape to Host

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT207800

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42555/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98571

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT207798

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT207801

Scores

CVSS v3 7.8

EPSS 0.0422

EPSS Percentile 89.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (3)

apple/iphone_os < 10.3.1

apple/tvos < 10.2

apple/watchos < 3.2

Published May 22, 2017

Tracked Since Feb 18, 2026