CVE-2017-13909

Vulnerability

An issue existed in the storage of sensitive iCloud authentication tokens on macOS. Prior to macOS High Sierra 10.13, these tokens were not placed in the system Keychain, leaving them accessible to a local attacker. This issue is fixed in macOS High Sierra 10.13, released September 25, 2017 [1].

Exploitation

A local attacker needs access to the affected macOS system (OS X Mountain Lion 10.8 and later) to exploit this vulnerability. The attacker could gain access to iCloud authentication tokens by reading the insecure storage location. No additional authentication or user interaction beyond local access is required [1].

Impact

A successful attacker could obtain the victim's iCloud authentication tokens, potentially allowing access to iCloud services and data linked to the Apple ID. The attack leads to credential disclosure with local access [1].

Mitigation

The vulnerability is patched in macOS High Sierra 10.13, released on September 25, 2017 [1]. Users should update to macOS High Sierra 10.13 or later. No workaround is documented. Apple does not disclose, discuss, or confirm security issues until patches are available [1].