VYPR
Medium severity5.5NVD Advisory· Published Apr 2, 2017· Updated Jun 17, 2026

CVE-2017-2390

CVE-2017-2390

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <=10.2.1
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.12.3
  • Apple Inc./tvOS2 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <=10.1.1
    • (no CPE)range: <10.2
  • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <=3.1.3
    • (no CPE)range: <3.2
  • Apple Inc./macOSllm-fuzzy
    Range: <10.12.4
  • Apple Inc./iOSllm-fuzzy
    Range: <10.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.