PT-2017-13165 · Apple · Mail+1
Lukas Pitschl
·
Published
2017-12-25
·
Updated
2019-10-03
·
CVE-2017-13871
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
macOS versions prior to 10.13.2
Description
The issue involves the "Mail" component and allows remote attackers to read cleartext e-mail content by leveraging the lack of installation of an S/MIME certificate by the recipient. This occurs when S/MIME encryption was intended.
Recommendations
For macOS versions prior to 10.13.2, update to version 10.13.2 or later to resolve the issue. As a temporary workaround, consider configuring the Mail component to require S/MIME certificates for encrypted emails.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mail
Apple Macos