Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7055
Vulnerability from cvelistv5
Published
2017-07-20 16:00
Modified
2024-08-05 15:49
Severity ?
EPSS score ?
Summary
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:49:02.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99885", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99885", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207927", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207924", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207928", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207921", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT207923", }, { name: "1038950", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038950", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-21T09:57:01", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { name: "99885", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99885", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207927", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207924", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207928", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207921", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT207923", }, { name: "1038950", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038950", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-7055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "99885", refsource: "BID", url: "http://www.securityfocus.com/bid/99885", }, { name: "https://support.apple.com/HT207927", refsource: "CONFIRM", url: "https://support.apple.com/HT207927", }, { name: "https://support.apple.com/HT207924", refsource: "CONFIRM", url: "https://support.apple.com/HT207924", }, { name: "https://support.apple.com/HT207928", refsource: "CONFIRM", url: "https://support.apple.com/HT207928", }, { name: "https://support.apple.com/HT207921", refsource: "CONFIRM", url: "https://support.apple.com/HT207921", }, { name: "https://support.apple.com/HT207923", refsource: "CONFIRM", url: "https://support.apple.com/HT207923", }, { name: "1038950", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038950", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2017-7055", datePublished: "2017-07-20T16:00:00", dateReserved: "2017-03-17T00:00:00", dateUpdated: "2024-08-05T15:49:02.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2017-7055\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2017-07-20T16:29:02.177\",\"lastModified\":\"2024-11-21T03:31:04.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \\\"WebKit\\\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.\"},{\"lang\":\"es\",\"value\":\"Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.3 se ve afectado. Safari versión anterior a 10.1.2 se ve afectado. iCloud versión anterior a 6.2.2 en Windows se ve afectado. iTunes versión anterior a 12.6.2 en Windows se ve afectado. TVOS versión anterior a 10.2.2 se ve afectado. El problema involucra el componente \\\"WebKit\\\". Permite a los atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) por medio de un sitio web creado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.1.2\",\"matchCriteriaId\":\"1FE3A798-7209-4143-AE7A-AD7928F3C66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.3.3\",\"matchCriteriaId\":\"533AA345-BC74-4AE5-9C16-26909ECB4AE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2.2\",\"matchCriteriaId\":\"BF329265-5AEB-4305-80FF-40366687B432\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.2.2\",\"matchCriteriaId\":\"6220D63F-26C4-4AF5-B382-A3FB9B887C94\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.6.2\",\"matchCriteriaId\":\"677C2157-45FF-4143-8879-9BABB7F50310\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8119EBD6-A1CC-4121-BADD-555437E911FE\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99885\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038950\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207921\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207923\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207924\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207927\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207928\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/HT207921\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207923\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT207928\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
gsd-2017-7055
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
Aliases
Aliases
{ GSD: { alias: "CVE-2017-7055", description: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", id: "GSD-2017-7055", references: [ "https://www.suse.com/security/cve/CVE-2017-7055.html", "https://ubuntu.com/security/CVE-2017-7055", "https://advisories.mageia.org/CVE-2017-7055.html", "https://security.archlinux.org/CVE-2017-7055", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2017-7055", ], details: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", id: "GSD-2017-7055", modified: "2023-12-13T01:21:06.912979Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-7055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "99885", refsource: "BID", url: "http://www.securityfocus.com/bid/99885", }, { name: "https://support.apple.com/HT207927", refsource: "CONFIRM", url: "https://support.apple.com/HT207927", }, { name: "https://support.apple.com/HT207924", refsource: "CONFIRM", url: "https://support.apple.com/HT207924", }, { name: "https://support.apple.com/HT207928", refsource: "CONFIRM", url: "https://support.apple.com/HT207928", }, { name: "https://support.apple.com/HT207921", refsource: "CONFIRM", url: "https://support.apple.com/HT207921", }, { name: "https://support.apple.com/HT207923", refsource: "CONFIRM", url: "https://support.apple.com/HT207923", }, { name: "1038950", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038950", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.1.2", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "10.2.2", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "6.2.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "12.6.2", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "product-security@apple.com", ID: "CVE-2017-7055", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/HT207928", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207928", }, { name: "https://support.apple.com/HT207927", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207927", }, { name: "https://support.apple.com/HT207924", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207924", }, { name: "https://support.apple.com/HT207923", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207923", }, { name: "https://support.apple.com/HT207921", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207921", }, { name: "1038950", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038950", }, { name: "99885", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99885", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, }, }, lastModifiedDate: "2019-03-21T21:03Z", publishedDate: "2017-07-20T16:29Z", }, }, }
ghsa-v36g-jjr7-wrpv
Vulnerability from github
Published
2022-05-14 01:17
Modified
2022-05-14 01:17
Severity ?
Details
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
{ affected: [], aliases: [ "CVE-2017-7055", ], database_specific: { cwe_ids: [ "CWE-119", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-07-20T16:29:00Z", severity: "HIGH", }, details: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", id: "GHSA-v36g-jjr7-wrpv", modified: "2022-05-14T01:17:54Z", published: "2022-05-14T01:17:54Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2017-7055", }, { type: "WEB", url: "https://support.apple.com/HT207921", }, { type: "WEB", url: "https://support.apple.com/HT207923", }, { type: "WEB", url: "https://support.apple.com/HT207924", }, { type: "WEB", url: "https://support.apple.com/HT207927", }, { type: "WEB", url: "https://support.apple.com/HT207928", }, { type: "WEB", url: "http://www.securityfocus.com/bid/99885", }, { type: "WEB", url: "http://www.securitytracker.com/id/1038950", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
var-201707-1158
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple Safari prior to 10.1.2; tvOS prior to 10.2.2; iOS prior to 10.3.3; Windows-based iCloud prior to 6.2.2; Windows-based iTunes 12.6 Versions prior to .2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-07-19-6 iTunes 12.6.2
iTunes 12.6.2 is now available and addresses the following:
iTunes Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An access issue was addressed with additional restrictions. CVE-2017-7053: an anonymous researcher working with Trend Micro's Zero Day Initiative
libxml2 Available for: Windows 7 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. =========================================================================== Ubuntu Security Notice USN-3376-1 August 02, 2017
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.17.04.1 libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.17.04.1
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3376-1 CVE-2017-2538, CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.6-0ubuntu0.17.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.6-0ubuntu0.16.04.1
--mEItETklS4NmgqhBw701JL9Mli0Gg3IPs--
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-07-19-5 Safari 10.1.2
Safari 10.1.2 is now available and addresses the following:
Safari Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs. CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered. CVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous researcher
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed with improved frame handling. CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7018: lokihardt of Google Project Zero CVE-2017-7020: likemeng of Baidu Security Lab CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (eeeaea'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (eeeaea'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7037: lokihardt of Google Project Zero CVE-2017-7039: Ivan Fratric of Google Project Zero CVE-2017-7040: Ivan Fratric of Google Project Zero CVE-2017-7041: Ivan Fratric of Google Project Zero CVE-2017-7042: Ivan Fratric of Google Project Zero CVE-2017-7043: Ivan Fratric of Google Project Zero CVE-2017-7046: Ivan Fratric of Google Project Zero CVE-2017-7048: Ivan Fratric of Google Project Zero CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative CVE-2017-7055: The UK's National Cyber Security Centre (NCSC) CVE-2017-7056: lokihardt of Google Project Zero CVE-2017-7061: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2017-7064: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management. CVE-2017-7038: Neil Jenkins of FastMail Pty Ltd, Egor Karbutov (@ShikariSenpai) of Digital Security and Egor Saltykov (@ansjdnakjdnajkd) of Digital Security CVE-2017-7059: an anonymous researcher
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-7049: Ivan Fratric of Google Project Zero
WebKit Page Loading Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department
WebKit Web Inspector Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7012: Apple
Installation note:
Safari 10.1.2 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGu+8QAJFXygjh/tXHHRgutWMJ8oVt HGnjco28J9CE15LWYGc40imbEd+QQyAa3zOLwLqIgJ3HUJ2GCrazFiffNa3VQ0BL wraZmXFO9JuC4w25sniApMqxjiGj8SWWelgZTkWJHIfKQi5D1EvB/6FLILIUVdUM v0qH1CtDzsMnO09hoAMDlW8AU5DdWqClb7mV6xENvHbpSvlvD8Z/eNmUxjcY2ANz s2vcplw9i/Ub3Hyx+U1BznPZrGr0X1H5XmIQZ7SL4OYPi6lF0ykzqjcVkIO05r7u y+a+2wVA+4f51n9zLXbg/vCmwiXTOdyQ4MoAaeZcv09e+fxgmjbKvjDt4275ufV5 67icnaMdQLlcXdQOnEsg/92NdcoXBDyVRwJiXyGldRWZhtmJRmEebiQtUshlN72q RtNjxYvXvMIBGxWKZDWP3+4DvGYF9n9TsJUboIS7WuG5GwmjiCj/j/HsNVvTIVhr TWUxuJeZFYUdPzq0yP7JmDZT4rWO4ckHZNW4UIKqhUKGNm6abTajQCifextqVWNx fIKL6H0LzmwmR5jXkFHAY2Ki/qePNNS7MYoVMGCdTnA2492MGhPvnaVsHOOPUK88 DNNonfAHH7WRJTW6JVl/Y3fxGo0vYZdI7lgnXKEbYrMrebtx65Qgfa2iHqey3q7N vbPy12ncIWblI58V+3Re =6kNI -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1158", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "safari", scope: "lt", trust: 1, vendor: "apple", version: "10.1.2", }, { model: "tvos", scope: "lt", trust: 1, vendor: "apple", version: "10.2.2", }, { model: "icloud", scope: "lt", trust: 1, vendor: "apple", version: "6.2.2", }, { model: "iphone os", scope: "lt", trust: 1, vendor: "apple", version: "10.3.3", }, { model: "itunes", scope: "lt", trust: 1, vendor: "apple", version: "12.6.2", }, { model: "webkit", scope: "eq", trust: 1, vendor: "apple", version: null, }, { model: "safari", scope: "eq", trust: 0.9, vendor: "apple", version: "10.1.1", }, { model: "icloud", scope: "eq", trust: 0.9, vendor: "apple", version: "6.2.1", }, { model: "icloud", scope: "lt", trust: 0.8, vendor: "apple", version: "6.2.2 (windows 7 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3.3 (ipad first 4 after generation )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3.3 (iphone 5 or later )", }, { model: "ios", scope: "lt", trust: 0.8, vendor: "apple", version: "10.3.3 (ipod touch first 6 generation )", }, { model: "itunes", scope: "lt", trust: 0.8, vendor: "apple", version: "for windows 12.6.2 (windows 7 or later )", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1.2 (macos sierra 10.12.6)", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1.2 (os x el capitan 10.11.6)", }, { model: "safari", scope: "lt", trust: 0.8, vendor: "apple", version: "10.1.2 (os x yosemite 10.10.5)", }, { model: "tvos", scope: "lt", trust: 0.8, vendor: "apple", version: "10.2.2 (apple tv first 4 generation )", }, { model: "tv", scope: "eq", trust: 0.6, vendor: "apple", version: "10.2.1", }, { model: "iphone os", scope: "eq", trust: 0.6, vendor: "apple", version: "10.3.2", }, { model: "itunes", scope: "eq", trust: 0.6, vendor: "apple", version: "12.6.1", }, { model: "open source project webkit", scope: "eq", trust: 0.3, vendor: "webkit", version: "0", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.2", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "tvos", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "tv", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.8", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.8", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.8", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.10", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.6", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.3.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.3.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "9", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "8.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.34", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.33", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.31", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.7", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.5", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.31", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.30", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.28", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3.52", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.3", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.2", }, { model: "safari", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "macos", scope: "eq", trust: 0.3, vendor: "apple", version: "10.12.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.6", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.5.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.5.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.4.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.3.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.3.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.2.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.8", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "4.7.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.6", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.5.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.5.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "12.0.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0.0.163", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "11.0", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6.1.7", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.6", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5.1.42", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.5", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4.1.10", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4.0.80", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.3.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.3", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.2.12", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.1.4", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "itunes", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "ipod touch", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "iphone", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ipad", scope: "eq", trust: 0.3, vendor: "apple", version: "0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "50", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "40", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "30", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7.0.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "7", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5.0.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.9", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.8", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.7", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.6", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.5", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2.10", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "4", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "3.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "2.0", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.3.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.3", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.2", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10.1", }, { model: "ios", scope: "eq", trust: 0.3, vendor: "apple", version: "10", }, { model: "icloud", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1.1", }, { model: "icloud", scope: "eq", trust: 0.3, vendor: "apple", version: "6.2", }, { model: "icloud", scope: "eq", trust: 0.3, vendor: "apple", version: "6.1", }, { model: "icloud", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0.1", }, { model: "icloud", scope: "eq", trust: 0.3, vendor: "apple", version: "6.0", }, { model: "tvos", scope: "ne", trust: 0.3, vendor: "apple", version: "10.2.2", }, { model: "safari", scope: "ne", trust: 0.3, vendor: "apple", version: "10.1.2", }, { model: "itunes", scope: "ne", trust: 0.3, vendor: "apple", version: "12.6.2", }, { model: "ios", scope: "ne", trust: 0.3, vendor: "apple", version: "10.3.3", }, { model: "icloud", scope: "ne", trust: 0.3, vendor: "apple", version: "6.2.2", }, ], sources: [ { db: "BID", id: "99885", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "CNNVD", id: "CNNVD-201707-955", }, { db: "NVD", id: "CVE-2017-7055", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apple:icloud", vulnerable: true, }, { cpe22Uri: "cpe:/o:apple:iphone_os", vulnerable: true, }, { cpe22Uri: "cpe:/a:apple:itunes", vulnerable: true, }, { cpe22Uri: "cpe:/a:apple:safari", vulnerable: true, }, { cpe22Uri: "cpe:/o:apple:apple_tv", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-005732", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lokihardt of Google Project Zero, Zhiyang Zeng of Tencent Security Platform Department, likemeng of Baidu Security Lab, chenqin of Ant-financial Light-Year Security Lab, Ivan Fratric of Google Project Zero", sources: [ { db: "BID", id: "99885", }, ], trust: 0.3, }, cve: "CVE-2017-7055", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2017-7055", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 7.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-7055", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-115258", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2017-7055", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-7055", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-7055", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2017-7055", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-201707-955", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-115258", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-115258", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "CNNVD", id: "CNNVD-201707-955", }, { db: "NVD", id: "CVE-2017-7055", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities. Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are all products of the American company Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that comes with the Mac OS X and iOS operating systems by default. WebKit is an open source web browser engine developed by the KDE community and is currently used by browsers such as Apple Safari and Google Chrome. A memory corruption vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Apple Safari prior to 10.1.2; tvOS prior to 10.2.2; iOS prior to 10.3.3; Windows-based iCloud prior to 6.2.2; Windows-based iTunes 12.6 Versions prior to .2. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-6 iTunes 12.6.2\n\niTunes 12.6.2 is now available and addresses the following:\n\niTunes\nAvailable for: Windows 7 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An access issue was addressed with additional\nrestrictions. \nCVE-2017-7053: an anonymous researcher working with Trend Micro's\nZero Day Initiative\n\nlibxml2\nAvailable for: Windows 7 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. \n===========================================================================\nUbuntu Security Notice USN-3376-1\nAugust 02, 2017\n\nwebkit2gtk vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.17.04.1\n libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.17.04.1\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.16.6-0ubuntu0.16.04.1\n libwebkit2gtk-4.0-37 2.16.6-0ubuntu0.16.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3376-1\n CVE-2017-2538, CVE-2017-7018, CVE-2017-7030, CVE-2017-7034,\n CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048,\n CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061,\n CVE-2017-7064\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.6-0ubuntu0.17.04.1\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.6-0ubuntu0.16.04.1\n\n\n\n--mEItETklS4NmgqhBw701JL9Mli0Gg3IPs--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-5 Safari 10.1.2\n\nSafari 10.1.2 is now available and addresses the following:\n\nSafari\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to an\ninfinite number of print dialogs\nDescription: An issue existed where a malicious or compromised\nwebsite could show infinite print dialogs and make users believe\ntheir browser was locked. The issue was addressed through throttling\nof print dialogs. \nCVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: Processing maliciously crafted web content may allow\ncross-origin data to be exfiltrated by using SVG filters to conduct a\ntiming side-channel attack. This issue was addressed by not painting\nthe cross-origin buffer into the frame that gets filtered. \nCVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous\nresearcher\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A state management issue was addressed with improved\nframe handling. \nCVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7018: lokihardt of Google Project Zero\nCVE-2017-7020: likemeng of Baidu Security Lab\nCVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*'ae-aa1'a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*'ae-aa1'a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7037: lokihardt of Google Project Zero\nCVE-2017-7039: Ivan Fratric of Google Project Zero\nCVE-2017-7040: Ivan Fratric of Google Project Zero\nCVE-2017-7041: Ivan Fratric of Google Project Zero\nCVE-2017-7042: Ivan Fratric of Google Project Zero\nCVE-2017-7043: Ivan Fratric of Google Project Zero\nCVE-2017-7046: Ivan Fratric of Google Project Zero\nCVE-2017-7048: Ivan Fratric of Google Project Zero\nCVE-2017-7052: cc working with Trend Micro's Zero Day Initiative\nCVE-2017-7055: The UK's National Cyber Security Centre (NCSC)\nCVE-2017-7056: lokihardt of Google Project Zero\nCVE-2017-7061: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2017-7064: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content with DOMParser may\nlead to cross site scripting\nDescription: A logic issue existed in the handling of DOMParser. This\nissue was addressed with improved state management. \nCVE-2017-7038: Neil Jenkins of FastMail Pty Ltd, Egor Karbutov\n(@ShikariSenpai) of Digital Security and Egor Saltykov\n(@ansjdnakjdnajkd) of Digital Security\nCVE-2017-7059: an anonymous researcher\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-7049: Ivan Fratric of Google Project Zero\n\nWebKit Page Loading\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department\n\nWebKit Web Inspector\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7012: Apple\n\nInstallation note:\n\nSafari 10.1.2 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGu+8QAJFXygjh/tXHHRgutWMJ8oVt\nHGnjco28J9CE15LWYGc40imbEd+QQyAa3zOLwLqIgJ3HUJ2GCrazFiffNa3VQ0BL\nwraZmXFO9JuC4w25sniApMqxjiGj8SWWelgZTkWJHIfKQi5D1EvB/6FLILIUVdUM\nv0qH1CtDzsMnO09hoAMDlW8AU5DdWqClb7mV6xENvHbpSvlvD8Z/eNmUxjcY2ANz\ns2vcplw9i/Ub3Hyx+U1BznPZrGr0X1H5XmIQZ7SL4OYPi6lF0ykzqjcVkIO05r7u\ny+a+2wVA+4f51n9zLXbg/vCmwiXTOdyQ4MoAaeZcv09e+fxgmjbKvjDt4275ufV5\n67icnaMdQLlcXdQOnEsg/92NdcoXBDyVRwJiXyGldRWZhtmJRmEebiQtUshlN72q\nRtNjxYvXvMIBGxWKZDWP3+4DvGYF9n9TsJUboIS7WuG5GwmjiCj/j/HsNVvTIVhr\nTWUxuJeZFYUdPzq0yP7JmDZT4rWO4ckHZNW4UIKqhUKGNm6abTajQCifextqVWNx\nfIKL6H0LzmwmR5jXkFHAY2Ki/qePNNS7MYoVMGCdTnA2492MGhPvnaVsHOOPUK88\nDNNonfAHH7WRJTW6JVl/Y3fxGo0vYZdI7lgnXKEbYrMrebtx65Qgfa2iHqey3q7N\nvbPy12ncIWblI58V+3Re\n=6kNI\n-----END PGP SIGNATURE-----\n", sources: [ { db: "NVD", id: "CVE-2017-7055", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "BID", id: "99885", }, { db: "VULHUB", id: "VHN-115258", }, { db: "PACKETSTORM", id: "143439", }, { db: "PACKETSTORM", id: "143632", }, { db: "PACKETSTORM", id: "143440", }, { db: "PACKETSTORM", id: "143438", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-7055", trust: 3.2, }, { db: "BID", id: "99885", trust: 2, }, { db: "SECTRACK", id: "1038950", trust: 1.7, }, { db: "JVN", id: "JVNVU91410779", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2017-005732", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201707-955", trust: 0.7, }, { db: "VULHUB", id: "VHN-115258", trust: 0.1, }, { db: "PACKETSTORM", id: "143439", trust: 0.1, }, { db: "PACKETSTORM", id: "143632", trust: 0.1, }, { db: "PACKETSTORM", id: "143440", trust: 0.1, }, { db: "PACKETSTORM", id: "143438", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-115258", }, { db: "BID", id: "99885", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "PACKETSTORM", id: "143439", }, { db: "PACKETSTORM", id: "143632", }, { db: "PACKETSTORM", id: "143440", }, { db: "PACKETSTORM", id: "143438", }, { db: "CNNVD", id: "CNNVD-201707-955", }, { db: "NVD", id: "CVE-2017-7055", }, ], }, id: "VAR-201707-1158", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-115258", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:59:10.201000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apple security updates", trust: 0.8, url: "https://support.apple.com/en-us/HT201222", }, { title: "HT207924", trust: 0.8, url: "https://support.apple.com/en-us/HT207924", }, { title: "HT207927", trust: 0.8, url: "https://support.apple.com/en-us/HT207927", }, { title: "HT207928", trust: 0.8, url: "https://support.apple.com/en-us/HT207928", }, { title: "HT207921", trust: 0.8, url: "https://support.apple.com/en-us/HT207921", }, { title: "HT207923", trust: 0.8, url: "https://support.apple.com/en-us/HT207923", }, { title: "HT207921", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207921", }, { title: "HT207923", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207923", }, { title: "HT207924", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207924", }, { title: "HT207927", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207927", }, { title: "HT207928", trust: 0.8, url: "https://support.apple.com/ja-jp/HT207928", }, { title: "Multiple Apple product WebKit Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71897", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "CNNVD", id: "CNNVD-201707-955", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-115258", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "NVD", id: "CVE-2017-7055", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.securityfocus.com/bid/99885", }, { trust: 1.7, url: "https://support.apple.com/ht207921", }, { trust: 1.7, url: "https://support.apple.com/ht207923", }, { trust: 1.7, url: "https://support.apple.com/ht207924", }, { trust: 1.7, url: "https://support.apple.com/ht207927", }, { trust: 1.7, url: "https://support.apple.com/ht207928", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1038950", }, { trust: 1.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7055", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7055", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu91410779/index.html", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7056", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7061", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7046", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7039", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7064", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7052", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7030", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7037", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7034", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7018", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7048", }, { trust: 0.3, url: "https://www.apple.com/", }, { trust: 0.3, url: "http://www.apple.com/ios/", }, { trust: 0.3, url: "https://www.apple.com/osx/", }, { trust: 0.3, url: "http://www.apple.com/safari/download/", }, { trust: 0.3, url: "http://www.webkit.org/", }, { trust: 0.3, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.3, url: "https://gpgtools.org", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7020", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7042", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7041", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7049", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7019", }, { trust: 0.3, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7043", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7012", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7040", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7010", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7013", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7053", }, { trust: 0.1, url: "https://www.apple.com/itunes/download/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2538", }, { trust: 0.1, url: "https://www.ubuntu.com/usn/usn-3376-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.6-0ubuntu0.16.04.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/webkit2gtk/2.16.6-0ubuntu0.17.04.1", }, { trust: 0.1, url: "https://support.apple.com/ht204283", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7011", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7060", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7038", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7059", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7006", }, ], sources: [ { db: "VULHUB", id: "VHN-115258", }, { db: "BID", id: "99885", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "PACKETSTORM", id: "143439", }, { db: "PACKETSTORM", id: "143632", }, { db: "PACKETSTORM", id: "143440", }, { db: "PACKETSTORM", id: "143438", }, { db: "CNNVD", id: "CNNVD-201707-955", }, { db: "NVD", id: "CVE-2017-7055", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-115258", }, { db: "BID", id: "99885", }, { db: "JVNDB", id: "JVNDB-2017-005732", }, { db: "PACKETSTORM", id: "143439", }, { db: "PACKETSTORM", id: "143632", }, { db: "PACKETSTORM", id: "143440", }, { db: "PACKETSTORM", id: "143438", }, { db: "CNNVD", id: "CNNVD-201707-955", }, { db: "NVD", id: "CVE-2017-7055", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-07-20T00:00:00", db: "VULHUB", id: "VHN-115258", }, { date: "2017-07-20T00:00:00", db: "BID", id: "99885", }, { date: "2017-08-04T00:00:00", db: "JVNDB", id: "JVNDB-2017-005732", }, { date: "2017-07-21T04:44:44", db: "PACKETSTORM", id: "143439", }, { date: "2017-08-03T04:28:57", db: "PACKETSTORM", id: "143632", }, { date: "2017-07-21T05:55:55", db: "PACKETSTORM", id: "143440", }, { date: "2017-07-21T03:33:33", db: "PACKETSTORM", id: "143438", }, { date: "2017-07-24T00:00:00", db: "CNNVD", id: "CNNVD-201707-955", }, { date: "2017-07-20T16:29:02.177000", db: "NVD", id: "CVE-2017-7055", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-03-21T00:00:00", db: "VULHUB", id: "VHN-115258", }, { date: "2017-07-20T00:00:00", db: "BID", id: "99885", }, { date: "2017-08-04T00:00:00", db: "JVNDB", id: "JVNDB-2017-005732", }, { date: "2019-03-25T00:00:00", db: "CNNVD", id: "CNNVD-201707-955", }, { date: "2024-11-21T03:31:04.047000", db: "NVD", id: "CVE-2017-7055", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "143632", }, { db: "CNNVD", id: "CNNVD-201707-955", }, ], trust: 0.7, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "plural Apple Used in products WebKit Vulnerable to arbitrary code execution", sources: [ { db: "JVNDB", id: "JVNDB-2017-005732", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "buffer error", sources: [ { db: "CNNVD", id: "CNNVD-201707-955", }, ], trust: 0.6, }, }
fkie_cve-2017-7055
Vulnerability from fkie_nvd
Published
2017-07-20 16:29
Modified
2024-11-21 03:31
Severity ?
Summary
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", matchCriteriaId: "1FE3A798-7209-4143-AE7A-AD7928F3C66F", versionEndExcluding: "10.1.2", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "533AA345-BC74-4AE5-9C16-26909ECB4AE2", versionEndExcluding: "10.3.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "BF329265-5AEB-4305-80FF-40366687B432", versionEndExcluding: "10.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", matchCriteriaId: "6220D63F-26C4-4AF5-B382-A3FB9B887C94", versionEndExcluding: "6.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", matchCriteriaId: "677C2157-45FF-4143-8879-9BABB7F50310", versionEndExcluding: "12.6.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:webkit:-:*:*:*:*:*:*:*", matchCriteriaId: "8119EBD6-A1CC-4121-BADD-555437E911FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.", }, { lang: "es", value: "Fue encontrado un problema en ciertos productos de Apple. iOS versión anterior a 10.3.3 se ve afectado. Safari versión anterior a 10.1.2 se ve afectado. iCloud versión anterior a 6.2.2 en Windows se ve afectado. iTunes versión anterior a 12.6.2 en Windows se ve afectado. TVOS versión anterior a 10.2.2 se ve afectado. El problema involucra el componente \"WebKit\". Permite a los atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) por medio de un sitio web creado.", }, ], id: "CVE-2017-7055", lastModified: "2024-11-21T03:31:04.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-20T16:29:02.177", references: [ { source: "product-security@apple.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99885", }, { source: "product-security@apple.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038950", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207921", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207923", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207924", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207927", }, { source: "product-security@apple.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99885", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207921", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207923", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT207928", }, ], sourceIdentifier: "product-security@apple.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.