CVE-2017-2404

Name of the Vulnerable Software and Affected Versions iOS versions prior to 10.3

Description The issue involves the Quick Look component and allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document. This issue has been exploited in the wild. The vulnerability is related to errors in security settings.

Recommendations For iOS versions prior to 10.3, consider disabling the Quick Look component or restricting its use until a patch is available. As a temporary workaround, avoid using Quick Look to open PDF documents from untrusted sources.