var-201710-1368
Vulnerability from variot
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple arbitrary-code execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-09-25-3 Additional information for APPLE-SA-2017-09-19-2 Safari 11
Safari 11 addresses the following:
Safari Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7081: Apple Entry added September 25, 2017
WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7090: Apple Entry added September 25, 2017
WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7109: avlidienbrunn Entry added September 25, 2017
WebKit Available for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6, macOS High Sierra 10.13 Impact: A malicious website may be able to track users in Safari private browsing mode Description: A permissions issue existed in the handling of web browser cookies.
Installation note:
Safari 11 may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRG/OcQAMYUtsjsKZSQngaIfrbsJJws 0FyAha36FHpQgo4EJ7sREcm31esSdE7DHoPG/8sG6WyP+H298kAAt7ZxedyBR17P FmF5L6yr1CcuvVNI3fj8hA278tUF6MMPU3/PQiIrmRvWwjkQ50ZJvP8yAPqKsMhJ +VhBFTgkGlg6Nb7baiT1pr6u/u0+MqsNaLiyWgz1GbTL9gOykKvl+hZMjOTWACzJ eMr0XJSs6n8AcpxL/VDjhHJXucDckJUsW3DrtVC8DGWxCMHXYxQNjADVhuD/tme/ qfEvAdKDXk43Y2YZkpch6qExW6eC2HVKWCb3VVTtYxHiPSklhc1rBSNIXqQxP5vD EVdqFDhx0jMhAH9wjQUaVpwQ2TWzxtdfuPLOr4v9e46e3zunnB8h5uCQt21LfQnH e6KtinCcCjONkrrF1OMRyDX28vHGB69djTb4mCVDEHalq66BIh6o8vJpo7rSHATt BO64xKKzwChaOzmBiWE60d3x6AWCfBwfKWy0iTCfSGlrVs3EWknK1bTQ8dUqdE02 x60GzQwvVhAgR8czyHtdCHK9Fym+SkixusyiHnvWOaJl/D1TE96Ng/XL83L/2TK6 YxO0GEf2KDbewr8uJg9gO5Dv433YY47unyRi1DrTjrjuE07RWs5nBLSXGBzx1Nvc lOJZilco7jGI/wBK51Jf =7GkF -----END PGP SIGNATURE-----
. ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0008
Date reported : October 18, 2017 Advisory ID : WSA-2017-0008 Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142.
Several vulnerabilities were discovered in WebKitGTK+. Credit to Apple. Description: A memory corruption issue was addressed through improved input validation. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Credit to Apple. Impact: Cookies belonging to one origin may be sent to another origin. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. Credit to Wei Yuan of Baidu Security Lab working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Samuel Gro and Niklas Baumstark working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Microas Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Apple. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to avlidienbrunn. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: Application Cache policy may be unexpectedly applied. Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption issues were addressed with improved memory handling. Credit to an anonymous researcher. Impact: Website data may persist after a Safari Private browsing session. Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, October 18, 2017
. ========================================================================== Ubuntu Security Notice USN-3460-1 October 23, 2017
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2 libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3460-1 CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1368",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "12.6.2"
},
{
"model": "icloud",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.9.1"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "12.6.2"
},
{
"model": "icloud",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.0 (windows 7 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (ipad air or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (iphone 5s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (ipod touch first 6 generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.7 (windows 7 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (macos high sierra 10.13)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (macos sierra 10.12.6)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (os x el capitan 10.11.6)"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11 (apple tv first 4 generation )"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.9.1"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.3,
"vendor": "webkit",
"version": "0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.5"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.4"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "tvos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "macos",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.7"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11"
}
],
"sources": [
{
"db": "BID",
"id": "101006"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:icloud",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wang Junjie, Wei Lei, and Liu Yang of Nanyang,Wei Yuan of Baidu Security Lab,lokihardt of Google Project Zero,chenqin (??) of Ant-financial Light-Year Security Lab.",
"sources": [
{
"db": "BID",
"id": "101006"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7120",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-115323",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7120",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7120",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-7120",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115323",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115323"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to multiple arbitrary-code execution vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of the user. Failed exploit attempts will likely cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit component of several Apple products. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-09-25-3\nAdditional information for APPLE-SA-2017-09-19-2 Safari 11\n\nSafari 11 addresses the following:\n\nSafari\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7081: Apple\nEntry added September 25, 2017\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2017-7090: Apple\nEntry added September 25, 2017\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2017-7109: avlidienbrunn\nEntry added September 25, 2017\n\nWebKit\nAvailable for: OS X El Capitan 10.11.6, and macOS Sierra 10.12.6,\nmacOS High Sierra 10.13\nImpact: A malicious website may be able to track users in\nSafari private browsing mode\nDescription: A permissions issue existed in the handling of web\nbrowser cookies. \n\nInstallation note:\n\nSafari 11 may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJZyUQfAAoJEIOj74w0bLRG/OcQAMYUtsjsKZSQngaIfrbsJJws\n0FyAha36FHpQgo4EJ7sREcm31esSdE7DHoPG/8sG6WyP+H298kAAt7ZxedyBR17P\nFmF5L6yr1CcuvVNI3fj8hA278tUF6MMPU3/PQiIrmRvWwjkQ50ZJvP8yAPqKsMhJ\n+VhBFTgkGlg6Nb7baiT1pr6u/u0+MqsNaLiyWgz1GbTL9gOykKvl+hZMjOTWACzJ\neMr0XJSs6n8AcpxL/VDjhHJXucDckJUsW3DrtVC8DGWxCMHXYxQNjADVhuD/tme/\nqfEvAdKDXk43Y2YZkpch6qExW6eC2HVKWCb3VVTtYxHiPSklhc1rBSNIXqQxP5vD\nEVdqFDhx0jMhAH9wjQUaVpwQ2TWzxtdfuPLOr4v9e46e3zunnB8h5uCQt21LfQnH\ne6KtinCcCjONkrrF1OMRyDX28vHGB69djTb4mCVDEHalq66BIh6o8vJpo7rSHATt\nBO64xKKzwChaOzmBiWE60d3x6AWCfBwfKWy0iTCfSGlrVs3EWknK1bTQ8dUqdE02\nx60GzQwvVhAgR8czyHtdCHK9Fym+SkixusyiHnvWOaJl/D1TE96Ng/XL83L/2TK6\nYxO0GEf2KDbewr8uJg9gO5Dv433YY47unyRi1DrTjrjuE07RWs5nBLSXGBzx1Nvc\nlOJZilco7jGI/wBK51Jf\n=7GkF\n-----END PGP SIGNATURE-----\n\n\n\n. ------------------------------------------------------------------------\nWebKitGTK+ Security Advisory WSA-2017-0008\n------------------------------------------------------------------------\n\nDate reported : October 18, 2017\nAdvisory ID : WSA-2017-0008\nAdvisory URL : https://webkitgtk.org/security/WSA-2017-0008.html\nCVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,\n CVE-2017-7090, CVE-2017-7091, CVE-2017-7092,\n CVE-2017-7093, CVE-2017-7094, CVE-2017-7095,\n CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,\n CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,\n CVE-2017-7107, CVE-2017-7109, CVE-2017-7111,\n CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n Credit to Apple. Description: A memory corruption issue was\n addressed through improved input validation. \n Credit to Apple. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. \n Impact: Processing maliciously crafted web content may lead to\n universal cross site scripting. Description: A logic issue existed\n in the handling of the parent-tab. This issue was addressed with\n improved state management. \n Credit to Apple. \n Impact: Cookies belonging to one origin may be sent to another\n origin. Description: A permissions issue existed in the handling of\n web browser cookies. This issue was addressed by no longer returning\n cookies for custom URL schemes. \n Credit to Wei Yuan of Baidu Security Lab working with Trend Microas\n Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel\n Gro and Niklas Baumstark working with Trend Micro\u0027s Zero Day\n Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Samuel Gro and Niklas Baumstark working with Trend Microas\n Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n Technological University working with Trend Microas Zero Day\n Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wei Yuan of Baidu Security Lab. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Apple. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Masato Kinugawa and Mario Heiderich of Cure53. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n Technological University. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to likemeng of Baidu Secutity Lab. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang\n Technological University. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to avlidienbrunn. \n Impact: Processing maliciously crafted web content may lead to a\n cross site scripting attack. Description: Application Cache policy\n may be unexpectedly applied. \n Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working\n with Trend Micro\u0027s Zero Day Initiative. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to lokihardt of Google Project Zero. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Description: Multiple memory corruption\n issues were addressed with improved memory handling. \n Credit to an anonymous researcher. \n Impact: Website data may persist after a Safari Private browsing\n session. Description: An information leakage issue existed in the\n handling of website data in Safari Private windows. This issue was\n addressed with improved data handling. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nOctober 18, 2017\n\n. ==========================================================================\nUbuntu Security Notice USN-3460-1\nOctober 23, 2017\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK+. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK+ Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.17.04.2\n libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.17.04.2\n\nUbuntu 16.04 LTS:\n libjavascriptcoregtk-4.0-18 2.18.0-0ubuntu0.16.04.2\n libwebkit2gtk-4.0-37 2.18.0-0ubuntu0.16.04.2\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK+, such as Epiphany, to make all the necessary changes. \n\nReferences:\n https://www.ubuntu.com/usn/usn-3460-1\n CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,\n CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096,\n CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,\n CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,\n CVE-2017-7120\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2\n https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7120"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "BID",
"id": "101006"
},
{
"db": "VULHUB",
"id": "VHN-115323"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "PACKETSTORM",
"id": "144707"
},
{
"db": "PACKETSTORM",
"id": "144373"
},
{
"db": "PACKETSTORM",
"id": "144367"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7120",
"trust": 3.3
},
{
"db": "BID",
"id": "101006",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039428",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1039384",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU99806334",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-115323",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144368",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144667",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144707",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144367",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115323"
},
{
"db": "BID",
"id": "101006"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "PACKETSTORM",
"id": "144707"
},
{
"db": "PACKETSTORM",
"id": "144373"
},
{
"db": "PACKETSTORM",
"id": "144367"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"id": "VAR-201710-1368",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-115323"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:52:38.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT201222"
},
{
"title": "HT208116",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208116"
},
{
"title": "HT208141",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208141"
},
{
"title": "HT208142",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208142"
},
{
"title": "HT208112",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208112"
},
{
"title": "HT208113",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT208113"
},
{
"title": "HT208112",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208112"
},
{
"title": "HT208113",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208113"
},
{
"title": "HT208116",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208116"
},
{
"title": "HT208141",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208141"
},
{
"title": "HT208142",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT208142"
},
{
"title": "Multiple Apple product WebKit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90636"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115323"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101006"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208112"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208113"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208116"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208141"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208142"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039384"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039428"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7120"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7120"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99806334/index.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7104"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7091"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7093"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7111"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7107"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7090"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7087"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7109"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7092"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7098"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7096"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7100"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7102"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7117"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7095"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7094"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7089"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7081"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7099"
},
{
"trust": 0.3,
"url": "https://www.apple.com/"
},
{
"trust": 0.3,
"url": "http://www.webkit.org/"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00005.html"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00010.html"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00009.html"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00012.html"
},
{
"trust": 0.3,
"url": "https://lists.apple.com/archives/security-announce/2017/sep/msg00007.html"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://gpgtools.org"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7106"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7085"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2017-0008.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.17.04.2"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3460-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7127"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115323"
},
{
"db": "BID",
"id": "101006"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "PACKETSTORM",
"id": "144707"
},
{
"db": "PACKETSTORM",
"id": "144373"
},
{
"db": "PACKETSTORM",
"id": "144367"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-115323"
},
{
"db": "BID",
"id": "101006"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"db": "PACKETSTORM",
"id": "144368"
},
{
"db": "PACKETSTORM",
"id": "144667"
},
{
"db": "PACKETSTORM",
"id": "144707"
},
{
"db": "PACKETSTORM",
"id": "144373"
},
{
"db": "PACKETSTORM",
"id": "144367"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-115323"
},
{
"date": "2017-09-25T00:00:00",
"db": "BID",
"id": "101006"
},
{
"date": "2017-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"date": "2017-09-28T00:17:26",
"db": "PACKETSTORM",
"id": "144368"
},
{
"date": "2017-10-18T23:02:22",
"db": "PACKETSTORM",
"id": "144667"
},
{
"date": "2017-10-23T20:20:00",
"db": "PACKETSTORM",
"id": "144707"
},
{
"date": "2017-09-28T00:27:27",
"db": "PACKETSTORM",
"id": "144373"
},
{
"date": "2017-09-28T00:15:56",
"db": "PACKETSTORM",
"id": "144367"
},
{
"date": "2017-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"date": "2017-10-23T01:29:13.143000",
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-115323"
},
{
"date": "2017-09-25T00:00:00",
"db": "BID",
"id": "101006"
},
{
"date": "2017-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009357"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1090"
},
{
"date": "2024-11-21T03:31:12.863000",
"db": "NVD",
"id": "CVE-2017-7120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144707"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Used in products WebKit Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009357"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1090"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.