VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 23, 2021· Updated Aug 5, 2024

CVE-2017-13908

CVE-2017-13908

Description

An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local attacker may execute non-executable text files via an SMB share due to improper file permission handling on macOS.

Vulnerability

An issue in handling file permissions allows a local attacker to execute non-executable text files via an SMB share. This affects macOS High Sierra 10.13, prior to 10.13.1, as well as Sierra 10.12.6 and El Capitan 10.11.6. The vulnerability is addressed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan [1].

Exploitation

A local attacker with access to an SMB share can create a specially crafted non-executable text file. When the victim accesses the share, the file may be executed, bypassing intended permission restrictions.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the target system with the privileges of the user accessing the SMB share. This could lead to further compromise, including privilege escalation or data theft.

Mitigation

Apple released fixes in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan on October 31, 2017 [1]. Users should update to these versions or later. No workarounds have been provided.

References
  1. About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan - Apple Support

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.