CVE-2017-6988

Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.12.5

Description The issue involves the 802.1X component and allows remote attackers to discover network credentials of arbitrary users. This is possible by operating a crafted network that requires 802.1X authentication, due to EAP-TLS certificate validation mishandling certificate changes.

Recommendations For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue. As a temporary workaround, consider restricting access to networks that require 802.1X authentication until the update is applied.