Low severity3.3NVD Advisory· Published Nov 13, 2017· Updated May 13, 2026

CVE-2017-13801

Description

The Dictionary Widget in macOS before 10.13.1 allows local file disclosure via pasted text in search.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Dictionary Widget in macOS before 10.13.1 allows local file disclosure via pasted text in search.

Vulnerability

The Dictionary Widget component in macOS before 10.13.1 allows local file disclosure when a user pastes text into the search field. The issue stems from improper handling of pasted content, which can be crafted to reference local files.

Exploitation

An attacker must convince a user to paste specially crafted text into the Dictionary Widget search field. No authentication or network access is required; the attack relies on user interaction.

Impact

Successful exploitation enables an attacker to read local files accessible to the user, leading to information disclosure.

Mitigation

Apple addressed the issue in macOS 10.13.1. Users should update via Software Update. No other workarounds have been disclosed.

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac OS X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.13.0
Apple Inc./macOSllm-fuzzy
Range: <10.13.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1039710nvdThird Party AdvisoryVDB Entry
support.apple.com/HT208221nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000