CVE-2017-7047

HIGH

Apple <10.3.3, <10.12.6, <10.2.2, <3.2.3 - RCE/DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-7047. PoCs published by Google Security Research, JosephShenton, q1f3.

AI-analyzed exploit summary This exploit leverages a logic error in libxpc (CVE-2017-7047) to send xpc_data objects backed by shared memory, allowing the sender to modify the memory while the receiver processes it. It targets NSXPC services, such as airportd, to achieve controlled memory corruption via a race condition.

Description

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocalmultiple
https://www.exploit-db.com/exploits/42407

This exploit leverages a logic error in libxpc (CVE-2017-7047) to send xpc_data objects backed by shared memory, allowing the sender to modify the memory while the receiver processes it. It targets NSXPC services, such as airportd, to achieve controlled memory corruption via a race condition.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: macOS/iOS libxpc (versions up to 10.3.2)
No auth needed
Prerequisites: Access to a vulnerable NSXPC service · Timing precision to win the race condition
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 7 stars
by JosephShenton · poc
https://github.com/JosephShenton/Triple_Fetch-Kernel-Creds

This repository contains a proof-of-concept exploit for CVE-2017-7047, targeting a logic error in libxpc on iOS devices prior to 10.3.3. The exploit leverages a race condition to send malicious xpc_data objects backed by shared memory, ultimately achieving root privileges and task_for_pid capabilities.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: iOS (10.0 to 10.3.2)
No auth needed
Prerequisites: iOS device running a vulnerable version (10.0 to 10.3.2) · Access to the app sandbox to target coreauthd
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by q1f3 · poc
https://github.com/q1f3/Triple_fetch

This is a proof-of-concept exploit for CVE-2017-7047, targeting a logic error in libxpc on iOS. It leverages a heap overflow primitive to achieve remote code execution and deploy a custom lldb debugserver stub for debugging arbitrary processes.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: iOS 10.0 to 10.3.2
No auth needed
Prerequisites: Network access to target iOS device · Target running iOS 10.0 to 10.3.2
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207924
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42407/
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207925
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207923
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99883
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038950
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207922

Scores

CVSS v3 8.8
EPSS 0.0673
EPSS Percentile 93.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (4)
apple/iphone_os < 10.3.3
apple/mac_os_x < 10.12.6
apple/tvos < 10.2.2
apple/watchos < 3.2.3
Published Jul 20, 2017
Tracked Since Feb 18, 2026