CVE-2017-13905
Description
A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in multiple Apple OS components allows an application to gain elevated privileges. Fixed in updates released December 2017.
Vulnerability
A race condition exists in the Auto Unlock component of watchOS 4.2 and potentially other affected systems [4]. The issue is present in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, Security Update 2017-005 El Capitan, and watchOS 4.2 [1][2][3][4]. The race condition was addressed with additional validation [4].
Exploitation
An attacker must have an application running on the affected system. The race condition window must be exploited to take advantage of the timing flaw. No other specific prerequisites or steps are disclosed in the available references.
Impact
Successful exploitation may allow an application to gain elevated privileges [1][4]. The exact scope of privilege escalation (e.g., kernel-level, root, or other) is not detailed in the public advisories.
Mitigation
Apple released the following fixed versions on the indicated dates: macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan on December 6, 2017 [1]; iOS 11.2 on December 2, 2017 [2]; tvOS 11.2 on December 4, 2017 [3]; and watchOS 4.2 on December 5, 2017 [4]. Users should update to these or later versions. No workarounds are documented.
- About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan - Apple Support
- About the security content of iOS 11.2 - Apple Support
- About the security content of tvOS 11.2 - Apple Support
- About the security content of watchOS 4.2 - Apple Support
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7<11.2+ 1 more
- (no CPE)range: <11.2
- (no CPE)range: unspecified
<4.2+ 1 more
- (no CPE)range: <4.2
- (no CPE)range: unspecified
- Range: <11.2
- Range: <10.13.2
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/en-us/HT208325mitrex_refsource_MISC
- support.apple.com/en-us/HT208327mitrex_refsource_MISC
- support.apple.com/en-us/HT208331mitrex_refsource_MISC
- support.apple.com/en-us/HT208334mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.