iWork PDF Password Bypass in Apple Products
CVE-2017-2391

5.3MEDIUM

Key Information:

Vendor
Apple
Status
Keynote
Pages
Numbers
Vendor
CVE Published:
2 April 2017

Summary

An issue has been identified in certain versions of Apple's iWork suite, affecting both macOS and iOS. This vulnerability enables unauthorized users to bypass the PDF password protection due to the use of 40-bit RC4 encryption in the Export component. Specific affected versions include Pages, Numbers, and Keynote, with various thresholds across macOS and iOS platforms. This security gap raises concerns over data confidentiality and integrity, prompting users to upgrade to secure versions.

References

http://www.securitytracker.com/id/1038135
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1038134
vdb-entryx_refsource_SECTRACK
https://support.apple.com/HT207595
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.