Medium severity5.5NVD Advisory· Published Apr 2, 2017· Updated Jun 17, 2026
CVE-2017-2390
CVE-2017-2390
Description
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=10.1.1
- (no CPE)range: <10.2
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=3.1.3
- (no CPE)range: <3.2
- Range: <10.12.4
- Range: <10.3
Patches
Vulnerability mechanics
References
6- www.securityfocus.com/bid/97137nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT207601nvdVendor Advisory
- support.apple.com/HT207602nvdVendor Advisory
- support.apple.com/HT207615nvdVendor Advisory
- support.apple.com/HT207617nvdVendor Advisory
- www.securitytracker.com/id/1038138nvd
News mentions
0No linked articles in our index yet.