CVE-2017-7173

MEDIUM

macOS < 10.13.2 - Kernel Memory Read Restriction Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7173. PoCs published by bazad.

AI-analyzed exploit summary This PoC exploits a denial-of-service vulnerability in the `sysctl_coalition_get_pid_list` function on iOS, where a negative error value is misinterpreted as a large size_t, causing a kernel panic. The exploit requires root privileges and targets iOS 10.1.1 or similar versions.

Description

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Exploits (1)

nomisec WORKING POC 3 stars

by bazad · poc

https://github.com/bazad/sysctl_coalition_get_pid_list-dos

View Code ZIP pw:eip

This PoC exploits a denial-of-service vulnerability in the `sysctl_coalition_get_pid_list` function on iOS, where a negative error value is misinterpreted as a large size_t, causing a kernel panic. The exploit requires root privileges and targets iOS 10.1.1 or similar versions.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple iOS (tested on 10.1.1)

Auth required

Prerequisites: root privileges on the target iOS device

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT208331

Scores

CVSS v3 5.5

EPSS 0.0138

EPSS Percentile 68.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

apple/mac_os_x < 10.13.2

Published Apr 03, 2018

Tracked Since Feb 18, 2026