CVE-2017-7138
Description
macOS before 10.13 allows local users to discover the owner's Apple ID via the Directory Utility component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
macOS before 10.13 allows local users to discover the owner's Apple ID via the Directory Utility component.
Vulnerability
The vulnerability resides in the Directory Utility component of macOS. Apple macOS versions prior to 10.13 (High Sierra) are affected. A local user can query Directory Utility to retrieve the Apple ID associated with the computer's owner, without requiring elevated privileges.
Exploitation
An attacker with local access to the system can execute a sequence of steps using Directory Utility to obtain the Apple ID of the device owner. No user interaction beyond the initial local access is required.
Impact
Successful exploitation results in the disclosure of the owner's Apple ID, a privacy-sensitive identifier. The impact is limited to information disclosure; no further system compromise is achieved.
Mitigation
Apple addressed this issue in macOS High Sierra 10.13, released on September 25, 2017 [1]. Users should update to macOS 10.13 or later to mitigate the vulnerability. No workarounds are available for earlier versions.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 10.13
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/100993nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039427nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT208144nvdVendor Advisory
News mentions
0No linked articles in our index yet.