var-201707-1152
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-07-19-6 iTunes 12.6.2
iTunes 12.6.2 is now available and addresses the following:
iTunes Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An access issue was addressed with additional restrictions. CVE-2017-7053: an anonymous researcher working with Trend Micro's Zero Day Initiative
libxml2 Available for: Windows 7 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-07-19-5 Safari 10.1.2
Safari 10.1.2 is now available and addresses the following:
Safari Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser was locked. The issue was addressed through throttling of print dialogs. CVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: A malicious website may exfiltrate data cross-origin Description: Processing maliciously crafted web content may allow cross-origin data to be exfiltrated by using SVG filters to conduct a timing side-channel attack. This issue was addressed by not painting the cross-origin buffer into the frame that gets filtered. CVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous researcher
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue was addressed with improved frame handling. CVE-2017-7011: xisigr of Tencent's Xuanwu Lab (tencent.com)
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7018: lokihardt of Google Project Zero CVE-2017-7020: likemeng of Baidu Security Lab CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (eeeaea'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (eeeaea'ae-aa1'a(r)a"a(r)eaa(r)$?) CVE-2017-7037: lokihardt of Google Project Zero CVE-2017-7039: Ivan Fratric of Google Project Zero CVE-2017-7040: Ivan Fratric of Google Project Zero CVE-2017-7041: Ivan Fratric of Google Project Zero CVE-2017-7042: Ivan Fratric of Google Project Zero CVE-2017-7043: Ivan Fratric of Google Project Zero CVE-2017-7046: Ivan Fratric of Google Project Zero CVE-2017-7048: Ivan Fratric of Google Project Zero CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative CVE-2017-7055: The UK's National Cyber Security Centre (NCSC) CVE-2017-7056: lokihardt of Google Project Zero CVE-2017-7061: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2017-7064: lokihardt of Google Project Zero
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content with DOMParser may lead to cross site scripting Description: A logic issue existed in the handling of DOMParser. This issue was addressed with improved state management. CVE-2017-7038: Neil Jenkins of FastMail Pty Ltd, Egor Karbutov (@ShikariSenpai) of Digital Security and Egor Saltykov (@ansjdnakjdnajkd) of Digital Security CVE-2017-7059: an anonymous researcher
WebKit Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-7049: Ivan Fratric of Google Project Zero
WebKit Page Loading Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department
WebKit Web Inspector Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7012: Apple
Installation note:
Safari 10.1.2 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGu+8QAJFXygjh/tXHHRgutWMJ8oVt HGnjco28J9CE15LWYGc40imbEd+QQyAa3zOLwLqIgJ3HUJ2GCrazFiffNa3VQ0BL wraZmXFO9JuC4w25sniApMqxjiGj8SWWelgZTkWJHIfKQi5D1EvB/6FLILIUVdUM v0qH1CtDzsMnO09hoAMDlW8AU5DdWqClb7mV6xENvHbpSvlvD8Z/eNmUxjcY2ANz s2vcplw9i/Ub3Hyx+U1BznPZrGr0X1H5XmIQZ7SL4OYPi6lF0ykzqjcVkIO05r7u y+a+2wVA+4f51n9zLXbg/vCmwiXTOdyQ4MoAaeZcv09e+fxgmjbKvjDt4275ufV5 67icnaMdQLlcXdQOnEsg/92NdcoXBDyVRwJiXyGldRWZhtmJRmEebiQtUshlN72q RtNjxYvXvMIBGxWKZDWP3+4DvGYF9n9TsJUboIS7WuG5GwmjiCj/j/HsNVvTIVhr TWUxuJeZFYUdPzq0yP7JmDZT4rWO4ckHZNW4UIKqhUKGNm6abTajQCifextqVWNx fIKL6H0LzmwmR5jXkFHAY2Ki/qePNNS7MYoVMGCdTnA2492MGhPvnaVsHOOPUK88 DNNonfAHH7WRJTW6JVl/Y3fxGo0vYZdI7lgnXKEbYrMrebtx65Qgfa2iHqey3q7N vbPy12ncIWblI58V+3Re =6kNI -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201707-1152", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tvos", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.2.2" }, { "model": "icloud", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "6.2.2" }, { "model": "itunes", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "12.6.2" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "10.3.3" }, { "model": "safari", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "10.1.2" }, { "model": "webkit", "scope": "eq", "trust": 1.0, "vendor": "apple", "version": null }, { "model": "safari", "scope": "eq", "trust": 0.9, "vendor": "apple", "version": "10.1.1" }, { "model": "icloud", "scope": "eq", "trust": 0.9, "vendor": "apple", "version": "6.2.1" }, { "model": "icloud", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "6.2.2 (windows 7 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.3.3 (ipad first 4 after generation )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.3.3 (iphone 5 or later )" }, { "model": "ios", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.3.3 (ipod touch first 6 generation )" }, { "model": "itunes", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "for windows 12.6.2 (windows 7 or later )" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.1.2 (macos sierra 10.12.6)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.1.2 (os x el capitan 10.11.6)" }, { "model": "safari", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.1.2 (os x yosemite 10.10.5)" }, { "model": "tvos", "scope": "lt", "trust": 0.8, "vendor": "apple", "version": "10.2.2 (apple tv first 4 generation )" }, { "model": "tv", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "10.2.1" }, { "model": "iphone os", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "10.3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.6, "vendor": "apple", "version": "12.6.1" }, { "model": "open source project webkit", "scope": "eq", "trust": 0.3, "vendor": "webkit", "version": "0" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.2" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "tvos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "tv", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.8" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.8" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.8" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.10" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.6" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.7" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.7" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.7" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.34" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.33" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.31" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.7" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.5" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.31" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.30" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.28" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.52" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.3" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.2" }, { "model": "safari", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "macos", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.12.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.11.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.10.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.4.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.8" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.7.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.5.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "12.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0.0.163" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "11.0" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6.1.7" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.6" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5.1.42" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.5" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1.10" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4.0.80" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2.12" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1.4" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "itunes", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "ipod touch", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "iphone", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ipad", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "50" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "40" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "30" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7.0.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5.0.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.9" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.8" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.7" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.6" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.5" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2.10" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "4" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "3.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "2.0" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.3" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.2" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10.1" }, { "model": "ios", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "10" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.2" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0.1" }, { "model": "icloud", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "6.0" }, { "model": "tvos", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.2.2" }, { "model": "safari", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.1.2" }, { "model": "itunes", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "12.6.2" }, { "model": "ios", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "10.3.3" }, { "model": "icloud", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "6.2.2" } ], "sources": [ { "db": "BID", "id": "99885" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "CNNVD", "id": "CNNVD-201707-961" }, { "db": "NVD", "id": "CVE-2017-7049" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apple:icloud", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:iphone_os", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:itunes", "vulnerable": true }, { "cpe22Uri": "cpe:/a:apple:safari", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:apple_tv", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005730" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lokihardt of Google Project Zero, Zhiyang Zeng of Tencent Security Platform Department, likemeng of Baidu Security Lab, chenqin of Ant-financial Light-Year Security Lab, Ivan Fratric of Google Project Zero", "sources": [ { "db": "BID", "id": "99885" } ], "trust": 0.3 }, "cve": "CVE-2017-7049", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-7049", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-7049", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-115252", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2017-7049", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-7049", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-7049", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-7049", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-201707-961", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-115252", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-7049", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-115252" }, { "db": "VULMON", "id": "CVE-2017-7049" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "CNNVD", "id": "CNNVD-201707-961" }, { "db": "NVD", "id": "CVE-2017-7049" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple memory-corruption vulnerabilities. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-6 iTunes 12.6.2\n\niTunes 12.6.2 is now available and addresses the following:\n\niTunes\nAvailable for: Windows 7 and later\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: An access issue was addressed with additional\nrestrictions. \nCVE-2017-7053: an anonymous researcher working with Trend Micro\u0027s\nZero Day Initiative\n\nlibxml2\nAvailable for: Windows 7 and later\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: An out-of-bounds read was addressed through improved\nbounds checking. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-07-19-5 Safari 10.1.2\n\nSafari 10.1.2 is now available and addresses the following:\n\nSafari\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to an\ninfinite number of print dialogs\nDescription: An issue existed where a malicious or compromised\nwebsite could show infinite print dialogs and make users believe\ntheir browser was locked. The issue was addressed through throttling\nof print dialogs. \nCVE-2017-7060: Travis Kelley of City of Mishawaka, Indiana\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: A malicious website may exfiltrate data cross-origin\nDescription: Processing maliciously crafted web content may allow\ncross-origin data to be exfiltrated by using SVG filters to conduct a\ntiming side-channel attack. This issue was addressed by not painting\nthe cross-origin buffer into the frame that gets filtered. \nCVE-2017-7006: David Kohlbrenner of UC San Diego, an anonymous\nresearcher\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A state management issue was addressed with improved\nframe handling. \nCVE-2017-7011: xisigr of Tencent\u0027s Xuanwu Lab (tencent.com)\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7018: lokihardt of Google Project Zero\nCVE-2017-7020: likemeng of Baidu Security Lab\nCVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*\u0027ae-aa1\u0027a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab\n(eeeaea*\u0027ae-aa1\u0027a(r)a\"a(r)eaa(r)$?)\nCVE-2017-7037: lokihardt of Google Project Zero\nCVE-2017-7039: Ivan Fratric of Google Project Zero\nCVE-2017-7040: Ivan Fratric of Google Project Zero\nCVE-2017-7041: Ivan Fratric of Google Project Zero\nCVE-2017-7042: Ivan Fratric of Google Project Zero\nCVE-2017-7043: Ivan Fratric of Google Project Zero\nCVE-2017-7046: Ivan Fratric of Google Project Zero\nCVE-2017-7048: Ivan Fratric of Google Project Zero\nCVE-2017-7052: cc working with Trend Micro\u0027s Zero Day Initiative\nCVE-2017-7055: The UK\u0027s National Cyber Security Centre (NCSC)\nCVE-2017-7056: lokihardt of Google Project Zero\nCVE-2017-7061: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed through\nimproved memory handling. \nCVE-2017-7064: lokihardt of Google Project Zero\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content with DOMParser may\nlead to cross site scripting\nDescription: A logic issue existed in the handling of DOMParser. This\nissue was addressed with improved state management. \nCVE-2017-7038: Neil Jenkins of FastMail Pty Ltd, Egor Karbutov\n(@ShikariSenpai) of Digital Security and Egor Saltykov\n(@ansjdnakjdnajkd) of Digital Security\nCVE-2017-7059: an anonymous researcher\n\nWebKit\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed through\nimproved memory handling. \nCVE-2017-7049: Ivan Fratric of Google Project Zero\n\nWebKit Page Loading\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department\n\nWebKit Web Inspector\nAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,\nand macOS Sierra 10.12.6\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7012: Apple\n\nInstallation note:\n\nSafari 10.1.2 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGu+8QAJFXygjh/tXHHRgutWMJ8oVt\nHGnjco28J9CE15LWYGc40imbEd+QQyAa3zOLwLqIgJ3HUJ2GCrazFiffNa3VQ0BL\nwraZmXFO9JuC4w25sniApMqxjiGj8SWWelgZTkWJHIfKQi5D1EvB/6FLILIUVdUM\nv0qH1CtDzsMnO09hoAMDlW8AU5DdWqClb7mV6xENvHbpSvlvD8Z/eNmUxjcY2ANz\ns2vcplw9i/Ub3Hyx+U1BznPZrGr0X1H5XmIQZ7SL4OYPi6lF0ykzqjcVkIO05r7u\ny+a+2wVA+4f51n9zLXbg/vCmwiXTOdyQ4MoAaeZcv09e+fxgmjbKvjDt4275ufV5\n67icnaMdQLlcXdQOnEsg/92NdcoXBDyVRwJiXyGldRWZhtmJRmEebiQtUshlN72q\nRtNjxYvXvMIBGxWKZDWP3+4DvGYF9n9TsJUboIS7WuG5GwmjiCj/j/HsNVvTIVhr\nTWUxuJeZFYUdPzq0yP7JmDZT4rWO4ckHZNW4UIKqhUKGNm6abTajQCifextqVWNx\nfIKL6H0LzmwmR5jXkFHAY2Ki/qePNNS7MYoVMGCdTnA2492MGhPvnaVsHOOPUK88\nDNNonfAHH7WRJTW6JVl/Y3fxGo0vYZdI7lgnXKEbYrMrebtx65Qgfa2iHqey3q7N\nvbPy12ncIWblI58V+3Re\n=6kNI\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2017-7049" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "BID", "id": "99885" }, { "db": "VULHUB", "id": "VHN-115252" }, { "db": "VULMON", "id": "CVE-2017-7049" }, { "db": "PACKETSTORM", "id": "143439" }, { "db": "PACKETSTORM", "id": "143440" }, { "db": "PACKETSTORM", "id": "143438" } ], "trust": 2.34 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-115252", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42363", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115252" }, { "db": "VULMON", "id": "CVE-2017-7049" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-7049", "trust": 3.2 }, { "db": "BID", "id": "99885", "trust": 2.1 }, { "db": "EXPLOIT-DB", "id": "42363", "trust": 1.8 }, { "db": "SECTRACK", "id": "1038950", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU91410779", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-005730", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201707-961", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "143490", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-96311", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-115252", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-7049", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143439", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143440", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "143438", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115252" }, { "db": "VULMON", "id": "CVE-2017-7049" }, { "db": "BID", "id": "99885" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "PACKETSTORM", "id": "143439" }, { "db": "PACKETSTORM", "id": "143440" }, { "db": "PACKETSTORM", "id": "143438" }, { "db": "CNNVD", "id": "CNNVD-201707-961" }, { "db": "NVD", "id": "CVE-2017-7049" } ] }, "id": "VAR-201707-1152", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-115252" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T19:57:35.785000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apple security updates", "trust": 0.8, "url": "https://support.apple.com/en-us/HT201222" }, { "title": "HT207924", "trust": 0.8, "url": "https://support.apple.com/en-us/HT207924" }, { "title": "HT207927", "trust": 0.8, "url": "https://support.apple.com/en-us/HT207927" }, { "title": "HT207928", "trust": 0.8, "url": "https://support.apple.com/en-us/HT207928" }, { "title": "HT207921", "trust": 0.8, "url": "https://support.apple.com/en-us/HT207921" }, { "title": "HT207923", "trust": 0.8, "url": "https://support.apple.com/en-us/HT207923" }, { "title": "HT207921", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT207921" }, { "title": "HT207923", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT207923" }, { "title": "HT207924", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT207924" }, { "title": "HT207927", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT207927" }, { "title": "HT207928", "trust": 0.8, "url": "https://support.apple.com/ja-jp/HT207928" }, { "title": "Multiple Apple product WebKit Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71903" }, { "title": "", "trust": 0.1, "url": "https://github.com/merlinepedra25/DONATO " }, { "title": "domato", "trust": 0.1, "url": "https://github.com/googleprojectzero/domato " }, { "title": "", "trust": 0.1, "url": "https://github.com/merlinepedra/DONATO " }, { "title": "", "trust": 0.1, "url": "https://github.com/marckwei/temp " } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-7049" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "CNNVD", "id": "CNNVD-201707-961" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115252" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "NVD", "id": "CVE-2017-7049" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://www.exploit-db.com/exploits/42363/" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/99885" }, { "trust": 1.8, "url": "https://support.apple.com/ht207921" }, { "trust": 1.8, "url": "https://support.apple.com/ht207923" }, { "trust": 1.8, "url": "https://support.apple.com/ht207924" }, { "trust": 1.8, "url": "https://support.apple.com/ht207927" }, { "trust": 1.8, "url": "https://support.apple.com/ht207928" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1038950" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7049" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7049" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91410779/index.html" }, { "trust": 0.3, "url": "https://www.apple.com/" }, { "trust": 0.3, "url": "http://www.apple.com/ios/" }, { "trust": 0.3, "url": "https://www.apple.com/osx/" }, { "trust": 0.3, "url": "http://www.apple.com/safari/download/" }, { "trust": 0.3, "url": "http://www.webkit.org/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7056" }, { "trust": 0.3, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.3, "url": "https://gpgtools.org" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7020" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7061" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7046" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7039" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7055" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7064" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7052" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7042" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7041" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7030" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7019" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7037" }, { "trust": 0.3, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7034" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7018" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7048" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7043" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7012" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7040" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7010" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7013" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/googleprojectzero/domato" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7053" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/download/" }, { "trust": 0.1, "url": "https://support.apple.com/ht204283" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7011" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7059" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7006" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115252" }, { "db": "VULMON", "id": "CVE-2017-7049" }, { "db": "BID", "id": "99885" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "PACKETSTORM", "id": "143439" }, { "db": "PACKETSTORM", "id": "143440" }, { "db": "PACKETSTORM", "id": "143438" }, { "db": "CNNVD", "id": "CNNVD-201707-961" }, { "db": "NVD", "id": "CVE-2017-7049" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-115252" }, { "db": "VULMON", "id": "CVE-2017-7049" }, { "db": "BID", "id": "99885" }, { "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "db": "PACKETSTORM", "id": "143439" }, { "db": "PACKETSTORM", "id": "143440" }, { "db": "PACKETSTORM", "id": "143438" }, { "db": "CNNVD", "id": "CNNVD-201707-961" }, { "db": "NVD", "id": "CVE-2017-7049" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-20T00:00:00", "db": "VULHUB", "id": "VHN-115252" }, { "date": "2017-07-20T00:00:00", "db": "VULMON", "id": "CVE-2017-7049" }, { "date": "2017-07-20T00:00:00", "db": "BID", "id": "99885" }, { "date": "2017-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "date": "2017-07-21T04:44:44", "db": "PACKETSTORM", "id": "143439" }, { "date": "2017-07-21T05:55:55", "db": "PACKETSTORM", "id": "143440" }, { "date": "2017-07-21T03:33:33", "db": "PACKETSTORM", "id": "143438" }, { "date": "2017-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-961" }, { "date": "2017-07-20T16:29:01.973000", "db": "NVD", "id": "CVE-2017-7049" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-22T00:00:00", "db": "VULHUB", "id": "VHN-115252" }, { "date": "2019-03-22T00:00:00", "db": "VULMON", "id": "CVE-2017-7049" }, { "date": "2017-07-20T00:00:00", "db": "BID", "id": "99885" }, { "date": "2017-08-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-005730" }, { "date": "2019-03-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201707-961" }, { "date": "2024-11-21T03:31:03.273000", "db": "NVD", "id": "CVE-2017-7049" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-961" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Apple Used in products WebKit Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-005730" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201707-961" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.