APFS methodContainerExtendedInfo Invalid Write

Product Apple iOS 10, macOS 10.12.6
Severity High
CVE Reference CVE-2017-7114
Type Memory Corruption


Apple File System is a new, modern file system for iOS, macOS, tvOS, and watchOS. It is optimized for Flash/SSD storage and features strong encryption, copy-on-write metadata, space sharing, cloning for files and directories, snapshots, fast directory sizing, atomic safe-save primitives, and improved file system fundamentals.

APFS replaces HFS+ as the default file system for iOS 10.3 and later, and macOS High Sierra and later.

A vulnerability was identified with the APFS kernel extension on iOS 10 and macOS 10.12.6 which could lead to arbitrary kernel code execution. 


Exploitation of this issue could lead to arbitrary kernel code execution. 


This issue is due to insufficient input validation being performed within the kernel extension. 

Interim Workaround



Apply the vendor supplied patch for the issue. 

Technical details

Please refer to the attached advisory. 

Disclosure Timeline

Date Summary
2017-07-03 Issue reported to vendor
2017-09-19 Vendor issues patch
2018-01-19 MWR Labs releases advisory