VYPR
← All advisories
Low severity3.3NVD Advisory· Published Nov 13, 2017· Updated May 13, 2026

CVE-2017-13852

CVE-2017-13852

Description

A crafted app can monitor other apps via high-rate process information access in iOS, macOS, tvOS, and watchOS kernels before version 11.1/10.13.1/4.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A crafted app can monitor other apps via high-rate process information access in iOS, macOS, tvOS, and watchOS kernels before version 11.1/10.13.1/4.1.

Vulnerability

CVE-2017-13852 is an information-disclosure issue in the Kernel component of Apple iOS prior to 11.1, macOS prior to 10.13.1, tvOS prior to 11.1, and watchOS prior to 4.1 [1][2][3][4]. The bug allows a crafted application to monitor arbitrary apps by accessing process information at a high rate, bypassing normal sandbox restrictions [1][2][3][4].

Exploitation

To exploit, an attacker must first install a malicious app on the target device [1]. The attacker does not need elevated privileges but does require the app to run and repeatedly query kernel-level process information at a high frequency [1]. No user interaction beyond installing the app is required, and the attacker can monitor other running applications on the system [1][2][3][4].

Impact

Successful exploitation enables the attacker to observe the existence and possibly the identity of other apps running on the device, leading to an information disclosure of user activity and installed applications [1][2][3][4]. The compromise is limited to the app-monitoring context and does not provide remote code execution or privilege escalation [1].

Mitigation

Apple addressed the issue with the release of iOS 11.1, macOS High Sierra 10.13.1, tvOS 11.1, and watchOS 4.1, all available on October 31, 2017 [1][2][3][4]. Users should update their devices to the latest available versions. No workaround is documented; updating is the recommended mitigation [1][2][3][4].

References
  1. About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support
  2. About the security content of iOS 11.1 - Apple Support
  3. About the security content of tvOS 11.1 - Apple Support
  4. About the security content of watchOS 4.1 - Apple Support

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apple Inc./Iphone OS
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <11.1
  • Apple Inc./Mac OS X
    cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <10.13.1
  • Apple Inc./tvOS2 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <11.1
    • (no CPE)range: <11.1
  • Apple Inc./watchOS2 versions
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <4.1
    • (no CPE)range: <4.1
  • Apple Inc./macOSllm-fuzzy
    Range: <10.13.1
  • Apple Inc./iOSllm-fuzzy
    Range: <11.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.